How To Make Your Mac PRIVATE
Apple computers are not great for privacy. Ok here’s a nuanced take. Apple does a much better job than Google or Microsoft when it comes to protecting your privacy. They’ve built some solid safeguards into their ecosystem. But let’s be real: they still collect way too much of your data. At the end of the day, their promise is basically, “Don’t worry;
we’re the only ones spying on you.” Google and Microsoft allow anyone to abuse your data, Apple promises that only they will abuse your data, and Linux doesn’t collect your data. Of course that’s an oversimplification, but essentially if you want the best privacy you’ll want to try out Linux. But if you’re not ready to make the switch to linux yet, how do you at least
make your existing device more private? If you’re on Windows, that’s gonna be really tough. As privacy expert Michael Bazzell, says: “I do not believe any modern Microsoft Windows system is capable of providing a secure or private environment for our daily computing needs. Windows is extremely vulnerable to malicious software and their telemetry of user actions is worse than Apple's. I do not own a Windows computer and I encourage you to avoid them for any sensitive tasks.” But Bazzell does dedicate an entire chapter in his book “Extreme Privacy” to MacOS computers, so that if you want to keep using one because it performs well and has good security, you can at least make it more private. So in this video I’ll walk you through Bazzell’s
recommended setup process, from buying a device or reformatting a used one, to a whole bunch of different settings that you can tweak and programs you can add that will really enhance your privacy. Don’t feel you have to do everything in this video, these are all steps that you can tweak in isolation, so feel free to skip around to different chapters depending on what you want to know. But taken in its entirety, this video will allow you to use an Apple computer without sending your sensitive data to Apple, and without needing an Apple account to install software.
Now I went through this process at least half a dozen times on different Machines, and the exact order in which some of the settings appeared varied slightly from Machine to Machine. So I highly recommend you read Michael Bazzell’s book, which dives deeper into these slight differences. So let’s get started with purchasing your Mac. If you use a credit card, the serial number of your computer will be forever tied to your identity.
The best way to purchase is in person using cash. At the Apple store, you WILL be judged for having that much cash on you. But it is perfectly within your right to use cash to make purchases. Expect the process to go something like this: Are you paying with a credit card? Can I pay with cash? *grumble *smile *grumble *grumble That’ll be $3000 Great! And be prepared that the Apple store is going to go out of its way to try to collect identifying information from you. What’s your Apple ID? I don’t have one. I can set you up with one. No thanks What’s your phone number? I’m between phones at the moment.
What’s your occupation? Just a freelancer. Can I have an email address for the receipt? A printed copy will be fine. Remember, you can just say no. You handled that well. Next you’ll need to choose which model Mac you want. Be aware that all devices at some stage stop receiving updates and security patches. So make sure that you’re not purchasing a machine that is no longer supported, as it’s not secure to keep using the machine.
Two websites that are useful here are end of life which will tell you which OS version is still supported and Apple's support page which will tell you which hardware can run these operating systems. Once you’ve purchased your device, if it’s a refurbished device here are the steps for updating, reformatting, and installing a new OS. If you have a brand new device, feel free to skip ahead, unless you also wanted to reinstall a fresh operating system after purchase. Now to refurbish an old device, there are 3 main steps: update your software, erase your device, and freshly Install a new operating system. We’ll start with updating. Make sure you have an internet connection, then, update your operating system by going to "System Settings", click "General", and go to "Software Update". Allow your Machine to download and install all available updates. When it’s done the computer will reboot, and on the
welcome screen you’ll click “continue”. Now we’re going to erase the contents of the device, so make sure that you have a backup of any files. Once that’s done, go to "System Settings", click "General" and then click "Transfer or Reset".
You’ll choose the "Erase All Content and Settings" button. The “erase assistant” will open, and you’ll enter your password. Confirm the warnings to complete the process. Your Mac will restart and begin erasing. Recovery assistant will open, and you’ll
be asked to connect to a wifi network to proceed. Your Mac will be activated, and it will automatically restart. This process that you’ve just completed is like a reset to factory defaults, where user files, settings, apps you installed, and configurations are erased. But your system volume remains intact, meaning that the operating system
itself is not erased, it’s still installed. So now we’ll erase the internal disk COMPLETELY and reinstall MacOS from scratch, which is always a good idea if you have a used device. To do this, you’ll have to enter recovery mode. Once the device has rebooted and the welcome screen appears, you’ll enter recovery mode. To
do this, if you have Apple silicon, you’ll shut down the computer and then hold the power button until you see "Loading startup options" and then click options, and continue. If you have an Intel-based Mac you’ll restart the computer and immediately press and hold command R until the Apple logo appears. You’ll be asked to select a language. One option you’ll then be given is to install a new copy of the operating system, which will overwrite system files but won’t erase everything. If you’re not super tech savvy, just choose this option and follow the prompts. If you’d prefer to do a truly clean install,
you’ll first have to erase your disks, but things can get screwy. Let me explain: on newer Macs, the system is split into 2 sections tied together with something called firmlinks. There’s a read-only, sealed system volume, and a separate data volume for your files. If you don’t erase both properly, MacOS can get confused and create phantom volumes or fail to link the new system properly. This happened to me once, and I couldn’t figure out why computer memory kept getting filled up when I thought I had deleted everything, but it turns out there was a phantom volume hidden in there that I wasn’t even aware of. So if you
want a clean install of the operating system, and you’re more tech savvy, here’s how to do it. In recovery mode, choose Disk Utility. Then under view, click “show all devices” The top-level physical disk will be named something like “Apple SSD” and under it will be something like container disk3. Select “Apple SSD” Click Erase at the top You’ll be asked to confirm that you want to erase the top-level disk, and create a new APFS container under it. For “name” write Macintosh HD. You can rename it if you want,
but I recommend sticking with Macintosh HD. For format: it should be APFS. and under scheme, keep GUID partition map selected. The click “erase” and the Apple logo will appear as the Machine erases, and then you’ll get to the Mac activation page. You’ll again need an internet connection to proceed.
Once you connect, you’ll see the text “Your Mac is activated”. Click “exit to recover”. Now you’ll again get the option of reinstalling your operating system. Select that option, and continue. You’ll get a licensing agreement that you need to agree to. Click agree, then confirm that you agree. Did you read it? I know you didn’t. Here’s what it said: By clicking agree you are also acknowledging that Apple may sew your mouth to the butthole of another iTunes user. Ok it probably didn’t say that. Probably.
There are also websites like Terms of Service; Didn’t Read, that will summarize these things if you’d like to get an idea of what you’re actually signing up for. Next you’ll choose the disk where you want to install MacOS, and you’ll select the newly erased volume Macintosh HD, or whatever you named it. And click continue. The installation could take a while depending on your internet speed. Once the computer has rebooted, you should possess a clean installation of MacOS ready for us to set up. Let’s go through the setup slowly. Don’t connect to the internet yet, we want to put up some protections on the computer first. Launch your MacOS for the first time,
and click next on the welcome screen. Depending on which version of the OS you’re running you might see a slightly different order for the following. Select your region and click continue. Click "Not Now" for Accessibility options. When prompted to select your wifi network, choose “other network options, then select "My computer does not connect to the internet". Click "Continue" and then continue again
on the popup. On the Data and privacy notification, click "Continue". On Migration Assistant Click "Not Now". You may be tempted to migrate your backup onto your new device; but the point of this tutorial is to start fresh, not carry over old bloat or legacy settings. We're rebuilding
our Mac with privacy, and security in mind. So skip Migration Assistant. You might be prompted here to sign in with an Apple ID. If so, select “set up later”. Next you’ll come to a terms and conditions page. Click agree AFTER reading all 5 million words thoroughly, of course, which may or may not include the following: You’re telling me that everytime you guys download an update for iTunes, you read the entire terms and conditions? Of course. Well, how do you know if you agree to something if you don’t read it? Now you’ll Create a local account for your computer. You should choose a generic name, such as "Laptop" or "Computer", because the name you give your device becomes part of how the computer identifies itself both locally and on networks.
In other words, if you call your Mac “Naomi’s MacBook Pro,” that exact identifier may leak out in multiple situations, such as being broadcast over Wi-Fi, Bluetooth, or network sharing. It can appear in logs, discovery services, or nearby device lists. By using a generic name like Laptop or Computer instead of your own, you minimize exposing personal details, making it harder for others to identify and target you. Then choose a very strong password that you can remember. I don’t add any password hint, but I do make sure I have my password recorded safely somewhere. Then Click "Continue". Make sure location services is not enabled, then click "Continue".
Confirm choice by clicking "Don't Use". Select your desired time zone and click "Continue". Deselect all analytics options and click "Continue". Bypass "Screen Time" settings by clicking on "Set Up Later". And then you’ll get an “Apple Intelligence” page. Click continue. On the Siri page, bypass set by clicking “set up later” Next is the touch ID section. You can choose whether you want to activate this. Your fingerprint data never actually leaves your Mac, and isn’t uploaded to Apple’s servers. It’s stored locally in the Secure Enclave on your Mac’s chip.
The benefit of using this feature is that it allows you to discreetly unlock and authorize actions in public places without having to type in your password when others might see it, so I personally like it. You can decide whether you want to set it up. Choose your desired screen mode and click "Continue". You’ll come to a welcome screen, and click continue, and then you’ll be brought to your new desktop. We can now start tweaking settings within our computer, starting with WiFi and Bluetooth Go to "System Settings" Go to "Wi-Fi" on the left menu, and then toggle it off. Disable both "Ask to join networks" and "Ask to join hotspots". Now go to Bluetooth from the left menu and disable it.
Next, we’ll configure the operating system's firewall. A firewall monitors and manages network traffic going to and from your device. By enforcing rules on which connections are allowed or blocked, it helps protect against unwanted or malicious access. There are 2 firewalls we’ll set up in this video. The first is the operating system’s inbuilt
firewall, which is just responsible for the way the operating system treats incoming connections. We’ll configure this to automatically block incoming connections unless we specifically allow them when prompted. Select "Network" from the left menu and select "Firewall". Toggle the Firewall on and click "Options". Disable "Automatically allow built-in software to receive incoming connections”. Disable "Automatically allow downloaded signed software to receive incoming connections”.
Enable "Stealth mode". This makes your Mac ignore or drop certain types of unsolicited network traffic, like ping requests, which can help it appear “invisible” to scanners or other devices on a network. This reduces the chance of attackers identifying and probing your Mac. You’ll notice how with the latest OS,
Mac now auto-approves a bunch of firewall rules even on fresh install. You don’t need to keep these enabled unless you’re specifically using these features. On my computer I turned them off by selecting them all and then clicking the negative button. Then Click "OK". Next step is notifications. You don’t necessarily want your sensitive applications to display content on the screen when you’re not around or when others may be looking. Also I find that having notifications on makes me reactive instead of intentional with how I use my device, so for mental health I try not to have notifications unless really needed.
Select "Notifications" from the left menu. Change "Show previews" to "Never". Disable "Allow notifications when the device is sleeping". Disable "Allow notifications when the screen is locked". Disable "Allow notifications when mirroring or sharing the display".
And I keep “Summarize notifications” off. Now go through each application and disable the notifications inside each, clicking the arrow when you’re done to get back to the previous screen. I also like to disable unnecessary sounds by going to "Sound" in the left menu. I change "Alert Volume" to the minimum setting. Disable "Play sound on startup". Disable "Play user interface sound effects". And disable "Play feedback when volume is changed".
Now let’s look at our airdrop, siri, and sharing settings. Select "General" from the left menu. Go to "AirDrop & Handoff". Disable everything in this screen. Confirm AirDrop is set to "No One".
Now go back to "General" from the left menu. Select "Sharing". Confirm all options are disabled. On the latest OS you’ll see "Apple intelligence and Siri" in the left menu. Click it. And turn off Apple intelligence. Confirm that "Siri" is also disabled.
2025-05-11 10:57
