Blackbird logo

## Blackbird ReadMe

Blackbird V6 (version 0.9)


A privacywall for Windows, designed to dismantle built-in data collection and give the PC back to the user. Blackbird is not a realtime security application, it does not run in the background and does not install anything. Run it once and you're set. Internet access is required only to resolve hostnames to IP addresses during the process of applying Blackbird. If access is unavailable Blackbird will still run all local tweaks but the scanner will report [Telemetry = Not blocked] since no network blocks will be set. You may also need to re-apply Blackbird after updating Windows as some updates tend to turn stuff back on.

We are not responsible for any damage done to your PC while using our software.
With that said, Blackbird has been tested thoroughly and we do offer technical support should any issues arise (contact above). We also welcome any suggestions and tips or you can just say hi.


OneDrive (Windows 10):
After using Blackbird's Recovery-mode or the -o switch (Enable OneDrive), the OneDrive folder may not appear in Explorer if it has been disabled previously by Blackbird.
To fix this the user must completely refresh the OneDrive service by converting their account to a local one then back to a Microsoft account:
- Go to Settings page.
- Select 'Accounts' and click on 'Sign in with a local account instead'. Follow on screen instructions.
- Same thing to convert back, except click on 'Sign in with a Microsoft account instead'.
- If this did not solve the problem the user may need to run the OneDrive Troubleshooter application offered by Microsoft.

Network Discovery:
Blackbird disables 2 services, SSDP Discovery & UPnP Device Host, which are required to run Network Discovery on your PC. You need to re-enable (set to auto-start) these services before you can turn Network Discovery back on.

Blackbird 32bit (Windows Vista/7/8):
The 32bit version of Blackbird does not check if Windows automatic updates are enabled due to security limitations. 64bit version is not affected.


- Disables OneDrive
- Disables Cortana
- Disables Bing-integration
- Disables Wi-Fi Sense
- Disables system-wide Windows/Office Telemetry on any Windows version
- Disables all Diagnostic-tracking / CEIP / Telemetry / Compatibility services, tasks and agents
- Disables web content evaluation / URL check-in ("SmartScreen")
- Disables Windows Media Online DRM
- Disables Windows P2P Update sharing
- Disables all AutoLoggers
- Disables Start menu ads
- Disables Windows Error Reporting
- Disables Xbox Live services
- Prevents cross-device synchronization
- Prevents all location/contacts/handwritting/password sharing
- Prevents device meta-data collection
- Patches various data-leaks (IE/EDGE, Defender, Explorer, MRT, SMB)
- Removes Windows Genuine Advantage (WGA)
- Removes your unique Ad-ID tracking token and disables further Windows advertising profiling
- Removes GWX and all Windows 10 Upgrade triggers, icons, messages and other nagging
- Removes Windows 10 Upgrade setup files on Windows 7/8
- Removes a bunch of Windows Vista, 7, 8, 8.1 telemetry updates
- Blocks 150+ different tracking/telemetry/ad servers (supports IPv6/IPv4, Wifi/Eth, custom lists)
- Bonus blocks (some) Youtube, Skype, Facebook ads


- Double-click blackbird.exe,
- Click Yes if prompted by UAC,
- Blackbird will perform a quick security scan (green means good - red means bad),
- Press any key to apply,
- Reboot the computer when it's finished. All done.

(OPTIONAL) -- Blocking custom hosts
- Write the hostnames or IP addresses (ipv4/ipv6) in a text file called HOSTS.TXT
(IMPORTANT: Each host must be placed in it's own line),
- Put the file in the same directory as the Blackbird executable,
- Run Blackbird normally.

It will automatically search for the hosts.txt file at Blackbird startup, notifying the user accordingly, and resolve/block all hosts listed when Blackbird is applied.
Ignores lines beginning with # and any empty spaces. Hosts.txt file example:

#This is a comment.
#Each host must be placed in it's own line, like so:
#end of example.

Note: IPv6 addressing is currently limited internally to /128 prefix range. You can only block single hosts by using the hosts.txt method. Working on it though.


You can also run Blackbird from CMD with the following command-line switches available:

blackbird -v = Verbose Mode. Displays additional information on all changes as they're being made.
blackbird -s = Silent Mode. No additional user interaction required, good for scripts
blackbird -r = Recovery Mode. Restores all values changed by Blackbird to default Microsoft values.
blackbird -std = Run Blackbird in STD mode (see below).
blackbird -scan = A full privacy scan of your system.
blackbird -kc = Kill Cortana completely (prevent searchUI.exe from loading)
blackbird -ke = Kill Microsoft Edge
blackbird -kf = Kill Windows Feedback/ContactSupport
blackbird -kl = Kill Lockscreen
blackbird -kall = Kill all System Apps
blackbird -noupdate = Skip blacklisted Windows update removal.
blackbird -nohost = Skip host blocking.
blackbird -nospeed = Skip system optimizations
blackbird -o = Enable OneDrive.
blackbird -p = Enable Diagnostic Policy service.
blackbird -t = Enable Sensors / Auto-screen rotation on tablets.
blackbird -x = Enable Xbox Live services.
blackbird -l = Fix LAN connectivity problems after using Blackbird.
blackbird -a = Disable SmartScreen application checking.
blackbird -b = Disable Runtime Broker (will cause most UWP/Metro apps to not work).
blackbird -c = Disable bacground access for all default system apps.
blackbird -d = Disable Windows Defender.
blackbird -e = Disable SMB over NetBIOS (close listening port 445).
blackbird -f = Disable most used apps displayed in Start menu.
blackbird -h = Disable Hibernation (deletes hiberfil.sys file from root).
blackbird -u = Disable automatic installation of updates / Sets to manual download and install only.
blackbird -m = Disable automatic installation of Malicious Removal Tool updates.
blackbird -n = Remove Blackbird network blocks.
blackbird -? = Displays help information.

- You can run up to 9 different switches at one time (excluding -R, -STD & -SCAN which can only be executed one at a time.)
- All killed system applications can be revived using Blackbird's Recovery mode (-r)

== BLACKBIRD STD (Beta) ==

"SpyTask Destroyer" can be used to force removal of specific Windows scheduled tasks that for some reason cannot be disabled by running Blackbird normally. Should STD find any such tasks it will first attempt to end and disable it. Only should it fail to do so will STD force removal of the task. A signature engine is used so STD only removes pre-configured tasks that can be safely disabled and are known data-collectors.
Any tasks explicitly deleted by SpyTask Destroyer CANNOT BE RESTORED without Windows reinstallation/recovery/factory defaults.

Disabling/removing the WinSAT task will cause your system to stop sending scheduled TRIM command to host SSD. You can still issue TRIM manually after.
STD does not care what hard drive you're using, it will forcefully disable/remove all tasks it considers bad.
WinSAT is not disabled if running Blackbird normally on a SSD-installed system.

== FAQ ==

Q: Blackbird is stuck/hangs/crashes.
A: It takes a while (up to 1h on older CPUs) but if you're sure it's stuck, close blackbird, open cmd as admin, cd to the directory where you put the blackbird.exe file.
Type blackbird -v and hit enter. This should give you a more detailed view of what's going on.

Q: Blackbird shows errors like "access denied", "unable to read file", "system error"...
A: This is normal, especially under W10. Try closing and running Blackbird again, this somehow forces Windows to behave. Not sure why.

Q: My antivirus reports Blackbird as malware.
A: This seems to mostly happen with the 32bit version but we assure you, it's a false-positive. Use the 64bit version if possible, AVs seem to like it more for some reason.
We suspect this occurs because of the nature and relative obscurity of our software (registry editing,telemetry dismantling,..) Some temporary files are created during usage but they are all deleted before you even exit the program.

Q: After running Blackbird I have problems connecting to my LAN. Do you even test, bro?
A: Blackbird, by default, applies some security tweaks (SMB user credentials leaking in this case) that may interfere with some networks. To fix LAN connectivity issues simply run Blackbird with the -L switch:
In CMD type blackbird -L after Blackbird has already been applied to your PC.

Q: Startup scanner shows red stuff even after applying Blackbird. Why?
A: The scanner is a little wonky, it may detect Blackbird was not fully applied for any of the following reasons:
- No internet connection. Either blocked by firewall or not available on your PC, Blackbird cannot resolve hostnames to IP addresses and block them effectively, resulting in "Telemetry=Not Blocked".
- An aggressive AV blocked Blackbird from accessing system files/registry/settings. Not much we can do here, go with your gut.
- Certain Scheduled tasks are stubborn. Use the -STD switch to remove them.
- An update turned stuff back on. Check our website for an up-to-date version.
- Localization/other bugs with the scanner itself. Help us fix it by contacting us!

Q: I don't like what Blackbird did to my computer. How do I change it back?
A: Start cmd as administrator, cd to the directory where you put the blackbird.exe file,
type blackbird -R and press enter.
This will run Blackbird in Recovery Mode and will restore all changes made by Blackbird back to their default Microsoft values.