3 minutes reading time (694 words)

Privacy Cookbook - Chapter 6.1 - PCs, Desk & Laptops - MacOS


Before we jump into secure Linux distribution and what options you have to make your computer really secure, let's cover off MacOS.

Firstly, I recommend to start with a fresh copy of your OS. Even though this step is optional for you, I strongly recommend you to do so.

Boot into Recovery Mode
Hold command + R when you boot up your Mac
Now go to Utilities —> Firmware Password and set a Password
Next format your boot drive and install MacOS

Now boot up your Mac and create an administrator account. 

Use a really strong password, perhaps even a passphrase (a sentence with multiple words and a number and special character) for example 


Now create a User account with unprivileged (non-administration) power for day to day usage.

Next System Preferences —> Security & Privacy —> General and set Require password after sleep to Immediately

Set also Allow apps from to App Store and identified developers

System Preferences —> Security & Privacy —> Firewall and turn it ON

—> Firewall Options
Check Block all incoming connections

System Preferences —> Security & Privacy —> Privacy —> Location
Uncheck Enable Location Services

System Preferences —> Security & Privacy —> Analytics
Uncheck Share Mac Analytics

System Preferences —> Sharing
Turn OFF every service

System preferences —> Spotlight — Search Results
Uncheck Spotlight Suggestions and allow Spotlight Suggestions Look up

System Preferences —> General
Uncheck Allow Handoff between Mac and iCloud devices

System Preferences —> Bluetooth
Turn it OFF (you can turn it on whenever you use a Bluetooth devices I recommend switching it off during the time when no device is connected)

System Preferences —> Security & Privacy —> FileVault
Turn it ON

Finder —> Preferences — Advanced
Check Show file name extension

Disable Captive Portal (you can use your browser to archive the same) & Crash report

Start the terminal

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false

sudo defaults write com.apple.CrashReporter DialogType none

Also secure your FileVault on sleep

sudo sh -c 'pmset -a destroyfvkeyonstandby 1; pmset -a hibernatemode 25; pmset -a powernap 0; pmset -a standby 0; pmset -a standbydelay 0; pmset -a autopoweroff 0' 

LuLu is a great open-source outbound firewall, consider using it or Little Snitch what is sadly not open-source but does have great features.

Now reboot your Mac and log in with the user account (not the administrator).

System Preferences > Security & Privacy > Privacy > Contacts/Calendars/Reminders/Photos

Remove any app that you don’t want to have access to those folders

System Preferences > Security & Privacy > Privacy > Camera/Microphone

Remove any app you don’t actually use the camera or microphone with

System Preferences > Security & Privacy > Privacy > Full Disk Access

Remove any app you don’t need to have full-disk access

System Preferences > Security & Privacy > Privacy > Advertising

Check Limit Ad Tracking and reset your Advertising identifier (same as on iOS)

You know I am always recommending to use your own DNS servers

System Preferences > Network > Advanced > DNS

Use any of our recommended list

The Privacy Cookbook - Chapter 2 – Protecting your DNS

You can also install AdGuard which we also always recommend as a better Firewall/DNS option

Next, just as always, do not use the pre-installed browser. We recommend Firefox with the following setup and tweaks:

Privacy Cookbook - Chapter 3.4 - Browser Security

Privacy Cookbook - Chapter 3.3 - uBlock Origin

Block bad traffic by modifying your host file

Open the terminal and type

sudo nano /etc/hosts 

Use any of this blocklists 

Privacy Cookbook - Chapter 3 - Ad and Bad traffic filtering

As a password manager we strongly recommend KeePassXC or Bitwarden

Note: Bitwarden usies Google Analytics in the apps which is not the best advert when it comes to a privacy focused app!

Make sure to have MacOS and all software installed updated at all times. 

A safe and secure OS is only as secure as the latest treats being patched ;)

Also encrypt sensitive data and don't use the iCloud! 

Make your backups locally and don't upload your pictures to the cloud. It might be handy, but it is not secure!

In the next few chapters we will focus on Linux and different Linux distributions & setups. See you soon!


Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location