Winston Tweaking and Tuning Guide

Winston Tweaking and Tuning Guide

If you just received your Winston, you’re probably pretty excited to get it set up and working optimally for your particular needs. We’ve done our best to provide a couple of default setups that work for most people, but we know from chatting with new customers that these settings aren’t always ideal.

This guide is intended to quickly walk you through the major settings you can change to get things working the way you like.

Initial Configuration

During setup, you were prompted to pick one of the two default settings. If you pick the wrong one, you might be a little disappointed so let’s first go over what each one does.

Tip: You can go back to this page while on your Winston network and choose a different option at any time. Your change will take place immediately after clicking the “Next” button.

“Standard” Mode

This is recommended configuration for those who are most concerned about protecting their online privacy. Here’s what it does:

  • Installs a number of recommended static privacy lists which have relatively few compatibility problems. You should still set up Modules (described next) and you may have to troubleshoot any other sites or services which act up due to blocking.

  • Installs recommended exceptions for widely used streaming, gaming and web conferencing sites.

  • Routes sites which Winston deems to have a high privacy risk over the distributed privacy mesh network to cloak your IP. Other sites route locally. The P2P network can be a little slower than your local connection so this gives a nice tradeoff between speed and privacy.

“Fast” Mode

As our user base grew, we found that many customers were more focused on improving the network speed and had very low tolerance for websites, apps or devices which acted up due to Winston blocking their privacy leaks.

You might prefer this option if:

  • You have teenagers in the home who live on social media, you may hear some complaints if you were to choose Standard mode.

  • You don’t want to (or can’t) install the Winston web extension in your family’s browsers

  • You don’t want to (or can’t) troubleshoot if a website or other service stops working due to having its privacy leaks closed

Fast mode installs a smaller set of static rules that block a lot of advertising on the network while maximizing speed and minimizing compatibility problems.


  • It installs only Winston’s “Tiny Blocklist” – a curated list of obnoxious and useless ad and tracking servers that have wide reach and no known compatibility issues.

  • Disables the privacy mesh network completely – no traffic in or out.

Choosing Compatibility Modules

If you’re running in Standard mode, it’s important to review Winston’s compatibility modules and install any which might be applicable in your home.

Compatibility modules are curated sets of rules that are designed to make specific apps and websites work without the need to manually troubleshoot and whitelist them.

For instance, Winston aggressively blocks data leaks so you might notice that Google Calendar and Gmail have trouble making scheduling and invite suggestions. You can readily fix that while not revealing everything about your personal life to Google by selecting the “Gmail and Google Calendar” module:
Another really common use case we encounter is that the Facebook app on iOS requires access to its social graph in order to view comments. So if you can’t convince your family to stop using the Facebook app on their iPhones, the “Facebook and Instagram” app will let it through.

Tip: The setup website will quietly analyze your network traffic in the background and attempt to make some recommendations. Often, setup is so fast that there’s not enough time to gather data, so you can return to this page a day or two after initial setup to see if there are some new recommendations available. You can toggle these on at any time.

If you prefer to browse through all available modules, you can do this from our dashboard at Privacy Settings > Modules or just click the following URL:

Our team is always adding new modules to our library and we welcome feedback from users! If you find a particular domain that you have to whitelist to make some app work that is not in our modules library, let us know and we can potentially share it with other users.

Note: Module recommendations are not available in the current version of the dashboard. We’re working on a new version and they will be there soon.

Update: You can also access modules from our new mobile app, coming very soon.

Advanced Tweaks

Winston used to offer an “Advanced” setup option but we found that many users were accidentally shooting themselves in the foot with it. This mode turned all privacy protection options to their highest settings, which then required a lot of up front tuning to get things working properly on the local network.

Some people like this but it isn’t suitable for most of our users. If you're in the former group, we’ll walk through the effects of individual settings so you can tweak things exactly how you want them.

Find these settings here:

Privacy Settings >> Advanced Settings


  • Enable Winston – this is a master kill switch which effectively takes Winston offline. If you encounter a problem, there’s no need to unplug the device. This should make everything work the way it was originally intended.

  • WAN Address – If running Winston in front of your wireless router, this will usually be your public IP address. It will be the IP which was assigned to Winston if it’s running behind the router.

  • LAN Address – (read only) the IP which Winston assigned to your local wireless router, or the IP which was assigned to Winston if it’s running behind the router.

  • Passthrough Mode – If Winston has only a single IP behind it (ie: a wireless router will have one IP but a switch will have multiple) then Winston will automatically passthrough IP traffic to it. If passthrough mode is not enabled, then you’ll have to manually set up port forwarding rules if needed (found in Advanced Settings).

  • Intercept HTTP/S Traffic – These two toggles enable Winston to intercept traffic on port 80 and 443. This enables Winston to log traffic, analyze it and display it in “Live View”. If turned off, then HTTP/S traffic will not route over P2P. These toggles should generally be on unless you are temporarily turning them off for debugging purposes.

  • Filtered DNS – This enables network wide ad blocking on devices that don’t support the web extension (ie: most of them). This generally should be on. If turned off, the web extensions will continue to function but other devices will be unprotected. Note that your local DNS activity will still be encrypted and hidden from your local ISP, even if disabled.

  • Enable Extensions - Deactivates all Winston browser extensions on the local network. Can take a few minutes to take effect.

  • Smart Blocking – This enables rate limiting of connections made to websites which pose a lesser degree of privacy risk. It essentially enables those websites to occasionally connect for a short period of time in any 24 hour period but then shuts them down the rest of the time. This greatly improves compatibility with mobile apps and connected devices. Only the truly paranoid who don’t mind manually troubleshooting should disable it.

  • Encrypt HTTP Requests – If enabled, will encrypt normally encrypted data (HTTP) and route it over the distributed privacy mesh network. This prevents the data from being inspected and/or modified by your local ISP.

Privacy Mesh Network

There are several choices for this setting:

  • Disabled – All participation in the private network is disabled. You will not receive the benefit of having random traffic injected on your network, nor will your requests or IP address be cloaked. This is the fastest setting. Users with slow uplink speeds may wish to choose this setting.

  • Ignore – Your local activity will never be scrambled over the private mesh network but you will still receive the benefit of having traffic randomly scrambled over your local IP, which obscures your internet activity. This is generally just as fast as the “Disabled” setting, unless you have a very slow uplink speed on your network.

  • High Risk Sites Only (recommended setting) – Sites deemed by Winston to pose the greatest privacy risk will be scrambled over the mesh network. Other sites will connect locally. You will also receive the benefit of having traffic randomly scrambled over your local IP, further obscuring your actual internet activity.

  • Enable – All traffic goes over the private mesh network. Generally recommended only for the paranoid as the private mesh network will be a little slower than routing locally.

Web Extensions

During the setup process, you will be prompted to install the web extensions. If you didn’t install them at the time, you can always go back and do so here:

The extensions are strongly recommended if running in “Standard” mode.If you're in "Fast" mode, they are only useful in helping you click through ads that would otherwise be blocked (ie: Google or Facebook ads that you might actually want to see).

Here’s what the web extensions do:

  • Easily whitelist a site that’s acting up due to being blocked by Winston. This will enable the website to work as well as all of the subrequests made on that page. Just click the icon in your browser toolbar and flip the purple toggle switch at the lower right of the popup.

  • AI smart cookie filtering - Unlike your browser, which will block third party cookies only, our AI is clever and blocks tracking cookies hidden in first party requests. It will do so with an eye towards maintaining compatibility by selectively rewriting suspicious cookies to expire more quickly. For instance, instead of Youtube following you around for 5 years, Winston expires the tracking ids after 24 hours.

  • Blocks hidden tracking ids – Even if you have multiple ad blockers installed, Chrome still sneakily sends a unique identifier for your browser back to Google. Winston blocks this as well as many other types of hidden identifiers which are injected into URLs, HTTP headers and URL parameters.

  • Enables automated Captchas to work – Many pihole and ad block users report issues with Captchas. Winston’s web extension enables them to work properly so browsing the web doesn’t become a constant annoyance.

  • Stops Browser Fingerprinting – The constant war on cookies has forced many advertisers to resort to cookieless fingerprinting techniques. These techniques can even track you in Incognito mode. Winston’s web extension injects a powerful anti-fingerprinting library into every page. This library introduces data entropy into the API calls used by fingerprinting algorithms, tricking them into thinking they have uniquely identified you when in fact they are simply receiving random noise.

  • Website Benchmarking – The upper left icon of the web extension offers a benchmarking option to compare filtered and unfiltered site speed. It’s a fun way to see the real cost of time and data you’re paying to let companies spy on you.

Have tips, suggestions or questions about tweaking your Winston? Reach out to our support team for answers!