An open API service indexing awesome lists of open source software.

https://github.com/gearlight-labs/privacywarden

PrivacyWarden — Mullvad VPN privacy manager for VTubers. Auto-toggles VPN modes, monitors DNS, detects threats, and protects your identity during live streams.
https://github.com/gearlight-labs/privacywarden

csharp dns dotnet mullvad privacy privacy-tools security streaming vpn vtuber windows windows-service

Last synced: 25 days ago
JSON representation

PrivacyWarden — Mullvad VPN privacy manager for VTubers. Auto-toggles VPN modes, monitors DNS, detects threats, and protects your identity during live streams.

Awesome Lists containing this project

README

          

# PrivacyWarden

> Windows hardening for streamers, VTubers, and anyone who's tired of getting their IP grabbed.

[![License: MIT](https://img.shields.io/badge/License-MIT-cyan.svg)](LICENSE)
[![Platform](https://img.shields.io/badge/Platform-Windows%2010%2F11-blue.svg)](https://privwarden.org)
[![PowerShell](https://img.shields.io/badge/PowerShell-5.1%2B-blue.svg)](https://privwarden.org)
[![Website](https://img.shields.io/badge/Website-privwarden.org-cyan.svg)](https://privwarden.org)
[![Version](https://img.shields.io/badge/Collection-v3.2.8-cyan.svg)](CHANGELOG.md)

**Made by Aya Yoki (AyaYokiVT) — [Gearlight Labs](https://github.com/Gearlight-Labs)**

---

## What is this?

I made PrivacyWarden because every "Windows hardening guide" I found was written for IT admins, not for people who stream to thousands of people and have their real name and city floating around in Discord DMs.

The threat model is different when you're a streamer or VTuber. You're not worried about nation-state actors. You're worried about someone in your chat dropping an IP grabber link, a fake brand deal with a RAT attached, or a stalker piecing together your location from stream metadata. Generic hardening guides don't cover that. This one does.

**How it works:** Go to [privwarden.org](https://privwarden.org), pick a profile that fits your situation, download one PowerShell script, run it as Administrator. That's it. The script code comes directly from [`collections/windows.yaml`](collections/windows.yaml) in this repo — nothing hidden.

> ⚠️ **This project is in early development.** Every system is different. Read what each step does before you apply it. Don't just select everything and click generate — the profiles exist for a reason.

---

## Quick Start

### Option 1: Website (easiest)

1. Go to **[privwarden.org](https://privwarden.org)**
2. Pick a profile — or go through individual steps if you know what you're doing
3. Choose Apply, Audit, or Undo
4. Download the script and run it as Administrator

### Option 2: Run directly

```powershell
# Runs the standard profile — fetches latest YAML from GitHub at runtime
irm https://raw.githubusercontent.com/Gearlight-Labs/PrivacyWarden/main/scripts/Setup-PrivacyWarden-Hardening.ps1 | iex
```

### Option 3: Clone and run locally

```powershell
git clone https://github.com/Gearlight-Labs/PrivacyWarden.git
cd PrivacyWarden
.\scripts\Setup-PrivacyWarden-Hardening.ps1 -Local
```

---

## What it covers

| Phase | Steps | What it actually does |
|---|---|---|
| Network | NET01–NET11 | Kills LLMNR, NetBIOS, WPAD, IPv6 tunnels, sets Quad9 DNS |
| Telemetry | TEL01–TEL10 | Kills DiagTrack, Advertising ID, Cortana, Recall AI, telemetry tasks |
| System | SYS01–SYS08 | ASLR/DEP, SEHOP, LSA protection, SMBv1, UAC, ASR rules, firewall |
| Malware | MAL01–MAL08 | WSH, AutoRun, dangerous file extensions, Office macros, Defender |
| Apps | OBS01–OBS05, DIS01–DIS06, BRW01–BRW11 | OBS, Discord, browser hardening |
| Advanced | ADV01–ADV13 | Controlled Folder Access, Remote Registry, WinRM, RDP, Print Spooler |
| Threat Blocking | THR01–THR14 | IP grabbers, KiwiFarms mirrors, doxxing sites, stalkerware C2, 83,599 domains |

---

## Profiles

Pick one that fits. Don't select everything.

| Profile | Steps | Who it's for |
|---|---|---|
| Standard | 58 | Good starting point for most people |
| Streamer | 78 | Active streamers — won't break OBS or streaming tools |
| VTuber | 80 | VTuber-specific — covers Discord, browser, identity exposure |
| Paranoid | 82 | Everything. Test on a spare machine first. |
| Network & Privacy | 19 | Just the network and telemetry stuff |
| **Gaming** | **76** | **Anti-cheat safe — see below** |

---

## Gaming Profile (AC-SAFE)

The Gaming profile skips the 5 steps that are known to conflict with kernel-level anti-cheat. Everything else still applies.

### What it's compatible with

| Anti-Cheat | Games |
|---|---|
| Easy Anti-Cheat (EAC) | Fortnite, Apex Legends, Rust, Dead by Daylight, 200+ others |
| BattlEye | PUBG, Rainbow Six Siege, DayZ, Arma 3 |
| GameGuard | MapleStory, Phantasy Star Online 2 |
| HoYoKProtect | Genshin Impact, Honkai: Star Rail, Zenless Zone Zero |
| Vanguard | Valorant |
| FACEIT | CS2 on FACEIT |

### What gets skipped and why

| Step | Name | Why |
|---|---|---|
| ADV01 | Controlled Folder Access | Blocks anti-cheat from writing to protected folders |
| MAL08 | Disable Windows Script Host | Some launchers use WSH for integrity checks |
| MAL01 | Disable AutoRun | Can interfere with game launcher auto-start |
| ADV05 | Disable Remote Registry | Some anti-cheat telemetry reads the registry |
| THR11 | Hosts file blocking | Large hosts file slows DNS during game startup |

> **Vanguard note:** Vanguard (Valorant's anti-cheat) runs a kernel driver (`vgk.sys`) that loads at boot. ADV01 (Controlled Folder Access) and MAL08 (DCOM restrictions) are the two steps most likely to cause issues. If Valorant won't launch after applying the Gaming profile, try disabling those two first.

If a game still won't launch after applying the Gaming profile, go through the excluded steps one by one. ADV01 and THR11 are usually the culprit.

---

## Execution modes

```powershell
.\Setup-PrivacyWarden-Hardening.ps1 # Apply (interactive menu)
.\Setup-PrivacyWarden-Hardening.ps1 -Profile standard # Apply a specific profile
.\Setup-PrivacyWarden-Hardening.ps1 -Profile gaming # Apply gaming profile
.\Setup-PrivacyWarden-Hardening.ps1 -Check # Audit — no changes
.\Setup-PrivacyWarden-Hardening.ps1 -Undo # Undo everything
.\Setup-PrivacyWarden-Hardening.ps1 -Local # Use local YAML (offline)
```

Undo mode reverses every registry key, service, and policy change back to Windows defaults. It's not perfect — if something else changed your system between Apply and Undo, it can't account for that.

---

## How the YAML works

Every step in [`collections/windows.yaml`](collections/windows.yaml) has three code blocks:

```yaml
- id: NET01
name: "Disable LLMNR"
description: "Stops LLMNR broadcast queries that can be used to capture credentials on shared networks."
phase: network
recommend: standard
code: |
# PowerShell to apply this step
checkCode: |
# PowerShell to verify this step (read-only)
revertCode: |
# PowerShell to undo this step
```

The website reads this file at runtime and generates your script from it. The PS1 wrapper does the same thing when you run it directly. Nothing is hardcoded in the script itself.

Want to add a step? Edit the YAML and open a PR. See [CONTRIBUTING.md](docs/CONTRIBUTING.md).

---

## Repo structure

```
collections/
windows.yaml ← All 82 hardening steps
windows.yaml.sha256 ← SHA-256 integrity check
docs/
USER_GUIDE.md
FAQ.md
SECURITY.md
CONTRIBUTING.md
scripts/
Setup-PrivacyWarden-Hardening.ps1 ← YAML-driven wrapper
src/
PrivacyWarden/ ← C# tray app (Mullvad VPN auto-switcher, companion tool)
```

---

## Security & privacy

No data collection. No accounts. No telemetry. Scripts are generated in your browser from the YAML in this repo. Run `-Check` to audit without making changes. Run `-Undo` to revert. Verify the YAML against `windows.yaml.sha256` if you want to confirm it hasn't been tampered with.

Full details in [SECURITY.md](docs/SECURITY.md).

---

## Contributing

See [CONTRIBUTING.md](docs/CONTRIBUTING.md).

---

## Acknowledgements

[privacy.sexy](https://privacy.sexy) — the YAML-driven template engine architecture that PrivacyWarden's collection format is based on. Their open-source approach to script generation (define steps in YAML, compile to scripts at runtime) is what made this project possible. If you want a general-purpose privacy tool without the streamer/VTuber focus, check them out.

---

## Questions

Open a [GitHub issue](https://github.com/Gearlight-Labs/PrivacyWarden/issues) or email gearlightlabs@gmail.com.

---

**Collection v3.2.8 · Made by Aya Yoki (AyaYokiVT) · [@AyaYokiVT](https://twitter.com/AyaYokiVT)**

[MIT License](LICENSE)