Proxies in Windows 11 for Privacy Protection: Step-by-Step Guide to Block Microsoft Telemetry

Windows 11 sends hundreds of requests to Microsoft servers every day: data about your hardware, installed programs, behavior in the system, and even fragments of typed text. Most users are unaware of this — and do nothing about it. In this article, we will discuss how to set up a proxy in Windows 11 to take telemetry traffic under control and explain why system settings alone are not enough.

What exactly does Windows 11 collect and where does it go

Before setting up a proxy, it is important to understand what we are dealing with. Windows 11 uses several independent data collection mechanisms, and each works in its own way.

Main components of telemetry

DiagTrack (Connected User Experiences and Telemetry) is the main telemetry service. It runs in the background constantly and sends data to the servers vortex.data.microsoft.com and settings-win.data.microsoft.com. This is where information about crashes, installed applications, and system feature usage is sent.

Windows Error Reporting is the error reporting service. Every time an application hangs or crashes, the system generates a report and sends it to Microsoft. The report includes the call stack, software version, and device ID.

Cortana and Search — even if you do not use the voice assistant, search queries from the Start menu are sent to Bing by default. This applies to local queries as well, unless "cloud search" is disabled in the settings.

SmartScreen — the filter checks every file executed and website visited against Microsoft's cloud database. Technically, this is a security feature, but in reality, Microsoft gets a complete list of what you open.

Advertising and Advertising ID — Windows 11 assigns a unique advertising ID to each user, which is passed to applications from the Microsoft Store for targeted advertising.

All these requests come directly from your real IP address. Microsoft sees the address from which the data comes and can match it with your account and geographical location. This is where the proxy comes into play.

Why a proxy is not paranoia, but a working tool

Many believe that worrying about Windows telemetry is the domain of paranoids. In fact, it is a matter of control over one's own data, and it is relevant to a wide range of people.

For marketers and arbitrageurs, this is critically important: if you work with multiple advertising accounts in Facebook Ads, Google Ads, or TikTok Ads, your operating system constantly "reveals" your real IP. If this IP enters Microsoft databases and then intersects with advertising platform data — you get an additional vector for de-anonymization.

For SMM specialists managing 10–30 client accounts on Instagram or TikTok from one computer, leaking the real IP through Windows system services poses an additional risk of linking accounts together.

For regular users, a proxy allows hiding the real IP from corporate servers, reducing the amount of data collected, and gaining basic control over what leaves the computer.

A proxy solves a specific task: all system traffic, including requests from telemetry services, goes not from your real IP, but through an intermediary server. Microsoft receives the data but sees the IP of the proxy server, not your home or work address.

It is important to understand: a proxy does not encrypt traffic by itself (unlike a VPN), but masks the source of requests. For the task of hiding the real IP from telemetry, this is sufficient.

System proxy in Windows 11: setting it up through settings

Windows 11 has a built-in mechanism for setting up a proxy. This is the simplest way — and the first place to start. However, it has a serious limitation, which we will discuss below.

Step-by-step setup of the system proxy

Step 1. Open "Settings" — press Win + I.

Step 2. Go to Network & Internet → Proxy.

Step 3. You will see two setup options:

• Automatically detect settings — the system searches for a PAC file on the network. Usually not needed for home users.
• Use setup script — specify the URL of the PAC file. Used in corporate networks.
• Use a proxy server — manual setup. This is the option we need.

Step 4. Turn on the "Use a proxy server" switch.

Step 5. Enter the proxy details:

• Address — the IP address or domain of the proxy server (e.g., 185.123.45.67)
• Port — usually 3128, 8080, or 1080 (depends on the type of proxy)

Step 6. In the "Don't use a proxy server for these addresses" field, you can add exceptions — for example, local addresses (localhost;127.0.0.1).

Step 7. Click "Save".

Configuring a proxy through the registry and group policies

For deeper control over system services, you can use the Windows registry and the group policy editor. These methods allow you to set the proxy at the system level, not just for user applications.

Setting up through the registry

The system proxy is stored in the registry at: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Key parameters to configure:

• ProxyEnable (DWORD) — value 1 enables the proxy, 0 disables it
• ProxyServer (String) — address and port in the format 185.123.45.67:8080
• ProxyOverride (String) — exceptions, for example <local>

To apply settings at the system level (not just for the current user), the same parameters need to be duplicated in the branch: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

Setting up through group policies (Windows 11 Pro and higher)

Step 1. Press Win + R, type gpedit.msc, and press Enter.

Step 2. Navigate to: Computer Configuration → Administrative Templates → Windows Components → Data Collection and Preview Builds.

Step 3. Here you will find the policy "Configure Connected User Experiences and Telemetry". Enable it and set the value to "Diagnostic data disabled" (if available in your version of Windows).

Step 4. Additionally, in the section User Configuration → Windows Settings → Internet Explorer Settings → Connections → Proxy Settings, you can set the proxy for all users of the system.

Third-party tools: how to route telemetry traffic through a proxy

Since Windows system services often ignore the standard proxy, full control requires tools that operate at the network stack level — intercepting all connections, including system ones.

Proxifier — intercepting all traffic

Proxifier is one of the most popular tools for forcing traffic through a proxy. It works as a network driver and intercepts connections from any processes, including system services.

How to set up Proxifier to block telemetry:

1. Install Proxifier and open it.
2. Go to Profile → Proxy Servers → Add.
3. Enter the address and port of your proxy, select the protocol (SOCKS5 or HTTPS).
4. If the proxy requires authentication — enter the username and password.
5. Go to Profile → Proxification Rules.
6. Create a rule: Application = Any, Target Host = *microsoft.com; *.windows.com; vortex.data.microsoft.com, Action = Proxy (your proxy).
7. Click OK and apply the settings.

After this, all requests to Microsoft servers, including telemetry, will go through the specified proxy. In Proxifier logs, you will be able to see in real-time which processes are connecting and where.

Charles Proxy / Fiddler — monitoring and interception

Charles Proxy and Fiddler are tools for traffic analysis. They allow not only to redirect traffic through a proxy but also to see the content of requests. This is useful if you want to ensure that telemetry is indeed going through the proxy and to see what data Windows is sending.

Fiddler Classic is a free option for basic monitoring. Charles Proxy is more functional and paid. Both work as local proxies (usually on port 8888) and intercept HTTP/HTTPS traffic.

O&O ShutUp10++ and similar tools — disabling telemetry

A separate class of tools consists of programs for disabling Windows telemetry. O&O ShutUp10++, WPD (Windows Privacy Dashboard), Privacy Cleaner Pro — they do not route traffic through a proxy but disable the data collection services themselves.

The optimal strategy is to combine both approaches. First, disable as much telemetry as possible through ShutUp10++, and then route the remaining system traffic through a proxy using Proxifier. This way, you minimize both the volume of data and its association with your real IP.

What type of proxy to choose for privacy protection

Not all proxies are equally suitable for the task of hiding system traffic. Let's discuss the main types and their applicability.

Residential Proxies: the optimal choice

For the task of hiding Windows system traffic, residential proxies are the most suitable option. They use IP addresses of real home users, making the traffic look as much like regular user traffic as possible. Microsoft will not be able to determine that requests are coming through a proxy.

Another advantage: residential proxies support IP rotation — each new session can use a new address. For telemetry, this means that even if Microsoft analyzes request patterns, they will not be tied to a single address.

Why free proxies are a bad idea for privacy

It may seem paradoxical, but using free proxies for privacy protection is counterproductive. Operators of free proxies may log your traffic, sell data, or inject ads. You escape Microsoft telemetry and end up with a proxy operator who may collect even more data.

For privacy protection, use only paid proxies from reputable providers with a clear no-logs policy.

Protocol: SOCKS5 vs HTTP/HTTPS

For Windows system traffic, it is recommended to use SOCKS5. Unlike HTTP proxies, SOCKS5 operates at a lower level and supports any types of connections, including UDP. This is important because some system services use not only HTTP but also other protocols.

HTTPS proxies are suitable for browser traffic, but for full interception of system requests, SOCKS5 is preferable.

Checklist: checking that telemetry is indeed going through the proxy

After setting up, it is important to ensure that everything works as intended. Here is a step-by-step checklist for verification.

Step 1. Check that the system proxy is active

Open the command prompt (cmd) and execute the command:

netsh winhttp show proxy

If the system proxy is configured, you will see its address and port. If it says "Direct access (no proxy server)" — the system proxy is not configured or did not apply.

Step 2. Check the IP through a browser

Open a browser and go to an IP check website (e.g., 2ip.ru or whoer.net). If the proxy is working correctly, the displayed IP should differ from your real one. This is a basic check — it confirms that browser traffic is going through the proxy.

Step 3. Check system traffic through Proxifier or Fiddler

If you are using Proxifier — open the "Log" or "Connections" tab. You will see a list of all active connections. Look for processes svchost.exe and DiagTrack — they should connect through your proxy, not directly.

Step 4. Check for DNS leaks

Even if traffic is going through the proxy, DNS requests may go directly — this is called a DNS leak. Go to dnsleaktest.com and run an extended test. If the results show the DNS servers of your internet provider instead of the proxy provider — there is a leak.

To eliminate DNS leaks in Windows 11, you can set up DNS-over-HTTPS: Settings → Network & Internet → Wi-Fi (or Ethernet) → Hardware properties → DNS server assignment → Edit → select Cloudflare (1.1.1.1) or Google (8.8.8.8) with DNS-over-HTTPS enabled.

Step 5. Check the logs of telemetry services

Open "Event Viewer": press Win + R, type eventvwr.msc. Navigate to Applications and Services Logs → Microsoft → Windows → DiagTrack. Here you will see when and what data was sent. If there are no submissions — the services are disabled. If there are — make sure they are going through the proxy.

Additionally: disable the advertising ID

Don't forget to disable the Windows advertising ID: Settings → Privacy & security → General → toggle off the switch "Allow apps to show personalized ads using your advertising ID".

It is also recommended to disable input diagnostics (Settings → Privacy → Diagnostics & feedback) and activity history (Settings → Privacy → Activity history). These settings are not overridden by the proxy — they operate at the permission level, not the network traffic level.

Conclusion

Windows 11 is an operating system that is set up by default for maximum data collection. It is impossible to completely disable telemetry through standard settings, but you can significantly limit its capabilities. A combination of three approaches yields the best result: disabling telemetry services through specialized utilities, configuring a system proxy for applications, and using Proxifier to intercept traffic from system services.

The main thing to remember: the standard system proxy in Windows does not intercept traffic from services like DiagTrack and WER. For full control, you need a tool like Proxifier, which operates as a network driver and intercepts connections from any processes.

If you want to set up reliable privacy protection in Windows 11 and route all system traffic through a proxy, we recommend using residential proxies — they provide a high level of anonymity as they use IP addresses of real home users and do not raise suspicions with Microsoft's monitoring systems.