[CursedUrn]

> I've disabled most of the telemetry

How can you be sure about this? They patch and update the telemetry code frequently, for example, when they updated it to get around hostfile blocking, or moved their servers to new addresses for the same reason. The Windows 10 upgrade assistant that was installed without warning on Windows 7 included telemetry that regularly scanned all the executables on your drives and sent the list to Microsoft (ostensibly to check for compatibility, but I'm sure they kept the data around). If you can't trust the OS and they can update it at will, you have no hope of privacy.

[p1peridine]

It's not easy but it is possible. You'd have to disable Windows update, IE and Edge, SMB, MRT, Defender, AutoLoggers, WMP DRM, GWX, SmartScreen, WER and change a bunch of registry keys. Disable certain services and scheduled tasks.

DiagTrack and all of it's sub-components have to be completely disabled and replaced with decoy files.

To verify, you'd have to monitor certain APIs via WinDbg and trace certain EventProviders using Windows Performance Recorder over a period of 24 hours to make sure there are no escalation issues (DiagTrack).

Pro-tip: if the EventLog (view them using Event Viewer) is not full of errors that constantly reappear you haven't disabled Telemetry properly.