The Complete MacOS Privacy & Security Guide: BYE Apple!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
mac os yes whether you're stuck on mac os for work for school or you genuinely love it because you're an apple fanboy this is our second to last guide linux will be our last one so make sure you subscribe to catch that it will be phenomenal and on that note before you leave your angry comment imagine trying to make mac os private we need to address this every time for you gatekeepers privacy is a sliding scale there are countless improvements people can make to improve their privacy and security even on mac os as we'll prove in this very extensive guide where we push mac os to its limits if you're looking for linux again that guide is coming soon and we'll even talk more about mac os alternatives later in this video we have three zones for this guide to make it easier for you to follow zone one shouldn't impact day-to-day usage so i recommend you implement everything within it zone two will require small changes that may impact convenience and zone three is for those looking to go above and beyond this is mostly a guideline and your specific needs may vary depending on your threat model if you want to learn how to threat model and develop a plan and deciding what you want to protect refer to this great source in a description you'll find links for resources in the description as well let's start with zone one your device password your device's password is your first form of protection on your device making it not only an important thing to secure but an important thing to implement use a strong password if you're logged out of your device having that strong password will be your first line of defense we discourage the use of touch id though it is ultimately better than a weak password or none at all following the advice of edward snowden and countless other tech professionals we recommend using a passphrase something easy for you to remember but difficult to hack like margaret thatcher is 110 sexy wow as a side note make sure notifications as well as any voice assistance and settings toggles are not publicly accessible on your lock screen for anyone to view passwords you use on websites are a commonly left out part of your security if you're using the same or similar passwords for all your services one breach can very easily lead to the others being breached since they utilize the same or similar credentials weak passwords are in general very easy to crack make sure at least in zone 1 that you are using strong unique passwords i'll leave a source on what that means and different methods of doing it zone 2 will go further into this and different recommendations that you should probably follow unlike windows mac os has wonderful built-in disk encryption tools that you don't need to pay extra for bitlocker i guess it's just included in the apple tax just go to system preferences security and privacy file vault enable it and follow the prompts it's that simple and will prevent someone from accessing your data without a password which is otherwise possible even with your user password these are two different things we've covered in an old video veracrypt is an open source file encryption tool though there's always the built-in disk utility as well should we still recommend downloading veracrypt as you can still create new encrypted containers or just use encryption for flash drives and external drives we have a guide on veracrypt we recommend checking that out to make it easier for you if you've never used it before this will always confuse me but mac os has a built-in firewall that's last i checked off by default so go into your system preferences security and privacy and just enable the firewall it's that easy you can customize it a bit more if you're tech savvy but for most people just getting it enabled is the most important part anti-viruses are tricky as they can catch some malware with often a detrimental impact to your privacy the first thing everyone should do is just stop using their free antivirus from a commercial company with absolutely no business model they're probably just relying on data frankly on mac os in 2021 we recommend most of our viewers don't use any antivirus as the likelihood of being impacted is extremely slim especially if you're following proper etiquette section 3 of go incognito really deep dives into what to do and not to do to prevent malware and other naughty things online imagine you're a goalkeeper and an antivirus is the net behind you it's not meant to be your first line of defense you are also check out virustotal it allows you to upload any file online from malware though even they don't have a great privacy policy you should assume everything you upload to virustotal it will be public information so don't actually upload sensitive personal documents to virustotal your browser has the ability to track everywhere you go on the internet so ensuring you are using something with proven security and privacy is paramount to protecting all of your web traffic safari honestly isn't terrible it's one of the better default browsers you can use out of all operating systems however brave and firefox are options too as well as the tor browser we'll talk more about these browsers and your options down the road but for now in zone one just avoiding and getting off google chrome is a fantastic first step we have a top five browsers video which goes into your options and the pros and cons of each similar to your browser your search engine also has the capability of tracking everything you do on the internet which major companies like google do the two mainstream recommendations are duckduckgo and start page so see if you can implement one of those within your browsers or use something else with privacy and open source in mind like search dot me your ip address uniquely identifies you on the internet and it's used by websites to track you not to mention your isp can harvest all of your web data especially here in the united states a simple way to prevent this is by utilizing a trusted vpn provider to handle your web traffic as for which vpn to choose the golden question we do systematic community driven vpn reviews on our channel it's a mouthful i'll leave our most current top five best vpns video as a card if you want a more thorough answer and in a description we also have all our open source tools on our website including a chart where you can compare different services to make it simple for you at the time of making this video we're gonna recommend proton vpn ivpn mulvad and winscribe for a focus on user privacy which is what this video is mostly about links to all those are down below dns is a domain name service and they are like a phone book for the internet directing you to the sites you visit every day the problem is most default dns providers track your browsing so use a dns provider with privacy in mind if you're using a vpn service it likely uses its own dns meaning you don't need to worry about this if you aren't using a vpn check out the dns options on privacy tools io and manually set them on your mac instructions on how to do that are below as well you can also use some browsers that utilize other dns improvements if you choose to lastly you can use a host file on your macbook to prevent certain naughty domains from being accessed altogether this is broad but less is almost always more when it comes to security and privacy each additional program and setting you utilize increases attack surface and the possibility of abuse with your personal information if you're a person with a never-ending list of programs that you mostly never use they're likely not just doing harm in the background with your data but also negatively impacting storage space and power consumption so delete them or for the bloatware uninstall as much as you can some programs like discord have progressive web apps so if you can utilize the web app within your browser to function like the program it's a great way to separate the program and keep it within your browser which is typically safer and gives you more control outside of programs and settings try to frequently clear data you don't need like old system logs temporary data like browser cache history cookies and any sensitive data that doesn't need to be on your computer 24 7. tying into minimalism there are lots of settings on mac os and it's programs that you may never use that are pointlessly collecting data about you the general rule of thumb is if you're not using it turn it off this may include things like siri some icloud features disabling the remote options in the sharing menu limiting what spotlight can access especially spotlight suggestions which sends all of your queries to apple there are dozens of things inside your settings i recommend disabling i'll leave a link below for a great blog post of someone who compiled lots of these settings it's a bit outdated but still mostly holds up make sure to be thorough and double check everything do not forget to go through each individual program settings as well to ensure nothing is needlessly tracking you in the background on a similar note program and os permissions should not be taken lightly out of all the desktop operating systems in 2021 mac os uh hands down has the best permission setup so take advantage of it programs need a permission to record your screen access your camera track your keyboard input use things like bluetooth and even access your file storage you can make it so your browser only has access to files in your downloads folder so it's physically impossible for your browser or any other program to access your sensitive documents make sure to take advantage of it and make sure to brag to all your windows friends because they have an abomination alternative most things you read about like the newest intimidating mac os exploits are almost always patched through updates the best thing to do as annoying as they can be is to utilize automatic software updates for mac os and all of your programs to keep up with the newest updates and concerns for all operating systems and just general pricing security check out our weekly news podcast surveillance report we do our best job of trying to keep you all educated on this stuff because it's really hard to keep up with and that is going to wrap up zone one let's get ready for zone two f-o-s-s stands for free and open source this means the software's code is publicly accessible to the community this ensures you can verify the security and privacy behind the software we have a video covering this a lot more thoroughly in general i'd advise moving from proprietary to fast programs as much as possible yes mac os is proprietary but improvements are improvements some vpns like proton vpn ivpn and multa have open source clients signal has a desktop program that's open source and all recommended browsers mentioned in zone one are open source as well just go through your list of programs and type each of them into alternative2.net with the open source filter and see if there's something you can switch to it's okay if your os isn't completely open source your computer is ironically used less for communication than you might think at least in the context of direct contact with another individual or individuals with email it's recommended to keep email in your browser to add an additional safety layer between an email and your operating system though mac os does typically do an overall good job of sandboxing things properly in regards to what email provider to use we have a nice video on that with direct messaging first i recommend switching to something built from the ground up to protect you like signal or another messenger listed on our site's resources page from there i'd say imessage isn't a terrible option though we'd still push you to consider those other messengers finally if you are stuck using something like facebook messenger or whatsapp at least enable end-to-end encryption where you can and try to keep the program off of your computer as well keeping them inside your browser instead from there thanks to the pandemic video conferencing is the next big thing and like direct messaging the first goal is to move to things that just naturally respect you jitsy calyx meet an instance of jitsi and big blue button are all good alternatives to zoom skype and others oh and signal finally got desktop video support so that works too it's phenomenal from there facetime is a decent option i don't think it's terrible and it's likely better than things like zoom and others finally like direct messaging if you are stuck on a not so great platform the goal is to keep it inside your browser when possible and avoid using the program we'll talk about virtual machines later in the video which are also good tools for invasive programs when you need them avoiding google is a great step for controlling your data as google is not a privacy friendly company whatsoever for zone 2 disable as much as possible related to google in your my activity page and ensure you're using 2fa and have properly secured your account additionally being less reliant on google is equally important so switching from chrome to brave gives you a less google life and you don't need to go cold turkey to make improvements switching your default search engine turning off everything in the my activity page and switching from chrome to brave is huge and should only take you maybe 15 minutes to do also while we're here log out of google and your os settings as well as any other accounts if you can the less you have the better let's actually talk about apple you are on a mac after all one very cool thing is it's pretty easy to use your mac without any apple account altogether for zone 2 though i encourage you to limit your use of your apple account to prevent some of its data collection this mostly means going into your icloud and limiting as much as you can in the system preferences siri is another place i'd consider opting out of since there is data collection involved with using siri you can also refuse to use the app store and download programs from the program's official sites something you should probably be doing anyway just try to take some steps in limiting your reliance on mr tim to continue with passwords outside using strong and unique passwords which we covered in zone 1 where and how they're stored can be incredibly important as well password managers are a commonly recommended way to go we have covered what passer majors to use in the lesson of go incognito so check that out for a long answer in short avoid storing your passwords within your browser if you want simple cloud syncing between your devices bit warden is probably the way to go it's open source and it's pretty well trusted if you want a more diy password manager there's keypass which is local we have a whole guide to keep us on our channel for those who want to learn how it works as well as a comparison video between these two fantastic open source password managers beyond having a strong password implementing two-factor authentication is arguably just as important 2fa combines something you know a password with something you have like a code generated locally on a separate device at the very least sms 2fa which are those texts you receive with the code is better than nothing although there are a couple issues with sms-2fa such as the risk of sim-swapping the better and more recommended option is a local authenticator app on your phone that uses a qr code not every site supports this but many do so look for it and use it instead of sms when available if you want fast recommendations android has andotp and aegis and for ios there's authenticator and tofu part two of browsers is to take things to the next level i'd recommend sticking to strictly open source browsers like tor firefox brave and chromium and properly hardening and configuring each browser for the absolute best safety we cover firefox hardening and go incognito and brave mostly requires just basic settings toggles as it does much of the work for you out of the box tor should not be messed with outside the basic safety sliders no matter which browser you choose you should avoid installing extensions you don't need as these can be extremely problematic radios apply to anything that gives off a signal on your computer this means mainly wi-fi bluetooth and gps we'll cover the more extreme solutions in zone 3 but for zone 2 try disabling bluetooth and location services when they're not being used bluetooth for one can be an insecure protocol not to mention it being an instrumental tool used to track your movements this is a smaller concern on your computer as it's likely not traveling around town like your phone but it's still good practice the general rule of thumb for radios is if it doesn't need to be on just turn it off the last radio you should be aware of is wi-fi your device broadcasts a unique id called a mac address which can be used to track you we covered how this is done and how elaborate it can be in go incognito in short consider randomizing your mac address this is not yet a built-in feature for mac os but it can be done manually though it seems the documentation for doing this is still pretty limited since they changed some things in big sur i'll leave the stack exchange solution down below that seems to be working i can't believe that's like the best resource i found for this mac os offers multiple user accounts you can use these to compartmentalize or separate different aspects of your life maybe you have a business account a school account a dating account and then your personal account the options are really limitless here the goal is to separate aspects of your life that don't need to be intermixed for both privacy and security benefits additionally for those who want to go above and beyond you can have an administrator account and a standard user account and stick to only using that standard user account for your daily usage as a security perk this prevents any rogue applications malware or anything else from utilizing that administrative access to damage your system which is normally kind of required let's talk about physical protection and some tips related to that consider locking your desktop or laptop to a desk or wall if this is an option i'll leave some products below also don't leave your system unattended especially in public make sure it's always with you and if you are forced to leave your system unattended at the very least make sure you're logged out next most people are aware of this one but covering your cameras can prevent the theoretical camera hack where someone spies on you through your webcam cover them up very carefully though with the macbooks if you never use your cameras and don't want to just use tape a nice thing with desktops is they normally don't have a webcam like laptops do so you can instead rely on an external webcam with a great amount of peace of mind once it's unplugged the last step for zone 2 is utilizing a privacy screen protector these make it so it's very difficult to view your device's screen from side angles protecting your personal information from snoops and shoulder attacks i'll leave a link in the description of some privacy screen protectors i cannot recommend them more and the peace of mind that they give me in public spaces is just wonderful unless you have creepy roommates desktops at home likely won't benefit much from this but your laptop definitely can so check those out and this is it everybody zone three and like i said earlier this is for the extreme users looking for the utmost security and privacy on their devices [Music] first hardening where you are going to improve the security and privacy of mac os through more advanced configuration changes and yes actually it is pretty advanced apple allows you to set a firmware password to prevent booting from anything that's not your startup disk instructions will be below though keep in mind this can be theoretically bypassed pretty easily it's just an additional layer of protection the next step i'd recommend is a firewall designed for outgoing requests meaning you can prevent any program or domain from accessing the internet from your computer lulu is a phenomenal fast option that allows you to block many things even apple's own domains so you can really fine-tune what your computer is doing some people recommend little snitch though frankly i found lulu to do everything i needed and it's completely free and open source so try lulu first and if you see something it doesn't do that little snitch does then sure try a little snitch from there mac os hardening is really more on the complex side so proceed with caution this github repo is ah such a blessing seriously it's it's just phenomenal if you really are taking this seriously and want to do the smallest possible things um you have that kind of threat model this is where you're gonna go like everything else in this video links are in the description and this will allow you to be a pro to take google a step further you should at this point fully delete it or remove every trace of it on your system unless you have some elaborate solution to properly compartmentalize things to repeat zone two if this is all too extreme at the very least ensure you've handed over as little personal information as possible to google disable the analytics performed by them in the settings disable as many features as possible and logged into your google my activity page and disabled everything and logged out of google on your os side note delete social media too we just made a video talking about this and how awesome it can be we already hinted at it earlier but as you can expect a good thing to do at this point is logging out of all apple related functions on your mac unlike the iphone you can install download and use programs because there's no reliance on the app store you will lose out on some things like find my mac and other icloud related functions but honestly it's not terribly difficult for most people unless they're really involved in the apple ecosystem alright and then snip snip these are those pesky cameras and mics if you really don't want them consider removing the cameras depending on your mac model this may be extremely simple or near impossible you can also snip the microphone and stick to only using the microphone on your earbuds this is for extreme threat models but the option is available desktop users likely don't have to worry about this do note that opening up your device will void its warranty we're talking about apple here right to repair let's go and finally as nice as mac os can be sometimes the easier option is honestly just to switch your os gatekeeping aside so here are some things you can do or implement into your life first virtual machines we've covered using virtual machines for improving privacy and security in go incognito and it stands true for this video as well you can use linux as a guest os for your mac or you can fully migrate to linux and use windows in a virtual machine second you can dual boot maybe bootcamp already has some issues with windows and linux will make things a bit more complicated though it is technically possible on most mac models and there are some guides online if you're able to get this running this gives you a lot of compartmentalization while still letting you boot into mac os for certain things maybe linux is used for everything except video production and that's the only data apple gets about you which isn't really incriminating for most threat models third there are live operating systems these can be any generic linux distro like a ubuntu live os or it can be something more hardcore like tails the point stands if you are stuck on mac os don't want vms can't or don't want to dual boots but still need a safe place where you can have peace of mind you can always keep a flash drive that lets you access an os that you can put a lot more faith in though fair warning like dual booting it seems like kind of a pain in the ass compared to most normal computers fourth you fully move to a new os it's probably worth your time if you're doing this to just get a whole new machine if you were to go this route since it's probably simpler and less expensive than going with a mac and that wraps up zone three and that's kind of summarizes how to make mac os as private and secure as we can it's important to emphasize improvements are improvements and you shouldn't listen to the dip to immediately dismiss mac os without understanding why a user may be dependent on it the os you choose is your decision and we will help you as much as we can to work with your configuration and lifestyle if you liked this video we made a windows version of it as well as an ios and android version so you can bring all of your devices to mac safety we even made an all-encompassing become anonymous guide for broader advice applicable to everything aside from this if you really want to dive into the world of privacy from start to finish our go incognito course is a phenomenal way to not only learn the ropes but finish feeling confident in your ability to protect yourself online it's our most thorough dive into privacy and people seem to love it so definitely check that out below i can't recommend it more and don't forget to like and subscribe and the massive thanks to our supporters who believe in our mission in spreading pricey to the masses their names are probably being shown at the bottom right now as i'm talking we can't do it without you see you next time on tech lore and goodbye
Info
Channel: Techlore
Views: 20,026
Rating: undefined out of 5
Keywords: apple privacy, macbook privacy, MacOS Privacy, macos security, anonymous, how to, macbook pro, ios privacy, mac tips, cyber security, mac privacy, mac security, apple security, complete guide, become anonymous, tutorial, privacy settings, remove apple, Big Sur privacy, security, privacy, VPN, proxy, tor, Linux, virtual machine, iCloud, apple privacy tracking, apple privacy update, apple privacy features, apple privacy settings, MacOS privacy settings, MacOS hardening, techlore
Id: lFx5icuE6Io
Channel Id: undefined
Length: 22min 47sec (1367 seconds)
Published: Fri May 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.