Last week we opened the eyes of a few readers when it comes to the people who follow you around. From the supermarket to your home, going through your trash and knowing more about you than your own mother or the Stasi in East Germany.

EXPOSED! Orwell’s Blueprint - Chapter One! data collection avoidance
We have, in this new collection within the EXPOSED! series, a guide on how toworry less about the man in-front of your house and the guys who follow you homefrom the supermarket. This EXPOSED! mini-series is more of a mix between thePrivacy Cookbook and the EXPOSED! series proper, a totally new a…

Of course this behavior happens daily when it comes to your online life. Perhaps checking the Privacy Cookbook would be a good start for many, but we decided to go straight to pointing out each of the companies you use in your daily life that are responsible and give you solutions on how to protect ypurself and maybe regain a little of your privacy back.

My son pointed out that he has an iPad and is on Apple for life, so he is way ahead of the people who follow him around. Of course apples, snakes, Adam and Eve can tell a very different story featuring the forbidden fruit.

He said:

After all Apple is not an advertising company but sells hardware.

Yes, indeed, Apple does sell hardware but immediately locks you in so smartly into an ecosystem that you can’t really escape. Well, you could, but you're likely in and spending money on apps, services, subscriptions etc. But this is not what today's EXPOSED! is all about. It's about how Apple makes you believe you are safer than with Android, it's about how Apple are the 'good guys' when it comes to protecting your privacy. Nonetheless, I am certain that if Tim Cook had more time he would stand in front of your house himself.

No, Apple is not selling your data to advertising agencies, but is, in fact, allowing other companies (for a fee) to do just that. For example, Google is still the preselected search engine on your iPhone 'out of the box'. Do you think that's a coincidence? Google have paid a lot directly to Apple to get that spot, and they still do. Apple is not doing the dirty work, they're outsourcing for a fee, to let others do it!

A study showed how Android and Apple both send data to the mothership every four and a half minutes, and even iOS send 20x fewer data, this is still telementary you did not sign up for.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

Watch this video and a lot of the claims of Apple will fake!

Telemetary, DNS, AdBlocking

We have most of the telemetary domains and can simply block them with apps like AdGuard on iOS.

https://raw.githubusercontent.com/adversarialtools/apple-telemetry/master/blacklist

But of course this is not the only list you should use.

SteveBlack is another must have, here:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-social/hosts

All Google domains

https://raw.githubusercontent.com/nickspaargaren/pihole-google/master/pihole-google.txt

Facebook

https://raw.githubusercontent.com/jmdugan/blocklists/master/corporations/facebook/all

And this is where the first recommendation comes in. I highly recommend AdGuard or AdGuard Plus on any iOS device. Select a DNS server and add the Apple telemetary domains to your custom blocklist. Don’t worry all services will still work as intended. The DNS can be any of the preselected ones (as long as it's not Cloudflare) or if you are a NextDNS user, you can add them manually to AdGuard. You can, of course, run NextDNS on your device natively and add all the domains in the blocklist manually to NextDNS. It’s a little more work, but it would work on all your devices where you use NextDNS including your router if you set it up that way.

Having DNS and AdGuard you are significantly more private on your Apple device. You'll also have way less ads and it makes your browsing experience more pleaant, plus not so many people will follow you around ;)

That is, however, not all you need to do with your shiny iDevice.

A great list of DNS providers which you can add with one click to your iOS device and you can find it here:

Encrypted DNS Party
Encrypted DNS Configuration Profiles for Apple Devices

Browser

Browser on iOS is always Safari, you can use DuckDuckGo, Brave or others to have a second browser but it is still the same Safari engine.

However, in separating your normal life from your online life it might be worth installing a second browser.  I would use SnowHaze or Onionbrowser for your more private searches. You can set different search engines which is great. You can add or use the preconfigured privacy search engines preselected on SnowHaze. The browser has also some neat features which makes it a great pick when it comes to privacy. Tor is integrated in beta and so is a VPN (paid service).

Safari has only 5 search engines, I recommend using DuckDuckGo.

Find Safari on the Settings Page
Search Engine -> DuckDuckGo
Search Engine Suggestions (Off)
Safari Suggestions (Off)
Block Pop Ups (On)
Downloads -> on my iPad/iPhone
Prevent Cross-Site Tracking (On)

VPN

VPN is one of those things. Great if you host it yourself, perhaps even great if you can trust that the VPN provider has no logs. I recommend only 3 VPN providers that I trust which is ProtonVPN, iVPN and Mullvad.

VPN & DNS

iVPN allows you to set your own DNS which could be NextDNS with the Apple telemetary domains added to the personal blocklist. iVPN even offers a great list with the built-in firewall (It blocks Facebook and Google), it does not block the Apple Telemetary, so we recommend using NextDNS with iVPN and add the telemetary domains to your NextDNS setup.

If you like to use ProtonVPN (which also allows blocking trackers) and Mullvad they both work with AdGuard together, but it keeps disconnecting or stops working as intended, in my experience. To get around that use the official Wireguard app and add your accounts via QR or a file, then edit the proxy and remove the DNS part (on the Wireguard app). This way Wireguard will use the DNS you set up on your device, which could be NextDNS with your telemetary domains manually added.

Another great solution is https://passepartoutvpn.app

And with Passepartout you can add a custom DNS to your setup.

Less is more

Less is more...think of what you really need? Do you need every app? Could you use a browser to check on some of these (possibly websites or services). You can even add them to the Home Screen, which is almost like having an app, except that it's not sending data to the app developer all the time. Check what you need and when you need it.

Privacy settings

Siri & Search (on the settings page)
Listen for "Hey Siri" -> Off
Press Top Button for Siri -> Off (if you use Siri leave it on)

On this page you'll see all your apps (chose carefully what Siri should be allowed to access or switch all off)

In General (Settings Page) find Background App Refresh
Chose here what you actually need and improve your battery life as an added bonus!

Messaging

Messaging! Yes, you have iMessage preinstalled and when you text and see the blue (not the green) iMessage bubble you are at least E2EE (end-to-end-encrypted). This said Apple even claims the encryption happens on your phone as soon you enable iCloud for iMessage. Apple has your key and messages backed up in the cloud, accessible by Apple employees, hackers and perhaps law enforcement.

If you use iMessage, sign out of the iCloud (at least with iMessage and FaceTime).

Find Messages on the Setting Page
Keep Messages and chose 30 days (unless you like to have the messages stored in the cloud for longer)

You have, of course, better options, like Matrix (Fluffychat, Element, etc). Threema or Signal are also decent options and available on Android, so you can chat with others on non iDevices.

Email

ProtonMail and TutaNota are great options, we have a full guide including AnonAddy in our Privacy Cookbook:

Privacy Cookbook - Chapter 10.1 - Identity Preservation - Email
One of the biggest security issues around today’s internet world is email. Afterall, this is something that has been around for a relatively long time andemails are needed on almost every website you sign up to. So, as we know, anemail is a pretty easy point of failure and can give away a lot of …

Password manager

Of course Apple has its own password manager, but then again you get into the situation where iCloud backup could be accessed by Apple. I recommend Strongbox or Bitwarden on iOS.

Privacy Cookbook - Ch 6.9.2 - PCs, Desk & Laptops - Password Managers
When it comes to passwords, it is always smart to use a password manager.Consider this, if you can remember a password easily, then it will probably alsobe easy to crack. Most password manager reviews and privacy advocates alike recommend Bitwarden asthe best available manager. It’s open source,…

Password managers have 2FA option included, and I recommend using them. SMS 2FA is not really secure so use the 2FA of your password manager. Strongbox allows to you to have your passwords synced over iCloud and even gives the option to do it over Nextcloud, which would be my recommendation if you have your passwords synced on multiple devices. The beauty of Strongbox is the encryption happens within Strongbox on your device, so even if you sync it over iCloud, you do not need to worry as if you use the built in password manager from Apple. Even though Apple claims the same, you do not use a separate password to your iCloud, so I highly recommend using Strongbox or Bitwarden.

Location services

Approximate Location

iOS now lets you share 'approximate location' with apps and not just 'precise location'. That means the app won’t have your exact location but one within a 10-square km radius of your actual location, so the app won't know your exact street address, but just the approximate area where you are located. This is handy for weather or news apps etc.

To enable approximate locations jump over to Settings -> app (weather, news etc), tab on Location, then toggle ON/OFF precise location. Out of the box it's off...and the app will ask you if you'd like to share your precise or your approximate location.

Even so, I would recommend having location services off at any time and just switch the approximate location on when you actually need it.

Go to Settings -> Privacy -> Location services -> System Services and switch everything off, except the last point which says Status Bar Icon. This will ensure you see if Apple or anyone else is still using the location services to pinpoint you. Now, jump back one step and switch Location Services Off!

Go to Settings -> Privacy -> Calendar on the Settings Page and switch off Location Suggestions.

Photo Library

When a third-party app requests access to photos, let's say you want to share a photo on Signal, you can now not just grant access to all pictures, but limit it to a few selected photos. This is great as it ensures that the app only gets the picture you are willing to share and not access your entire library. Yes! We're talking about Google, Facebook, Twitter and all the other greedy companies!

This setting can be adjusted by clicking on Settings -> app (example Signal), tab Photos, now you can chose Selected Photos, All Photos or None.

Apps allowed to track

Since iOS 14 all apps need to ask if they are allowed to track you for targeted ads! This applies to all apps not just on the Safari browser, so to control this jump to Settings -> Privacy, tab on Tracking and toggle Allow Apps to Request to Track. Or just do it as I do and let this one slide and have it untoggled which means no app can track you! Well, at least they shouldn’t, it probably doesn't mean they won't try to anyway.

Privacy information within the App Store

Since iOS 14 the user has a great way to see what apps actually request. In theory this shows what an app wants to access and what they will do with your data. This information covers 31 categories. This includes, but is not limited to, data linked to you, data used to track you, your contacts, financial information, location, browsing history, identifier etc.

In other words, you now get to know a little more about the apps you want to download before you actually download them. However, this information is submitted from the app developer, Apple claims that when a developer gets caught submitting wrong information the app will be removed from the app store.

WiFi Private Address

iOS 14 now features “Use Private Address" which prevents network operators from tracking your iDevice.

To enable this go to Settings -> WiFi -> network (the one you used to get connected) then toggle Use Private Address.

As you can see, Apple has indeed some privacy features which are great if you know how to use them. However, telemetary and the standard setup of iOS does not get the boogie man out from in front of your house, in the mall or lets your data rat you out. But with the right setup, you can limit this information. Every little counts, and every little thing you adjust on your device gives the marketing, advertising and metadata tracking agencies less power. Start with a DNS. Take this article and do a bit more, but most of all, do not trust Apple telling you they care about your privacy. After all you're carrying an ankle monitor like a criminal with you, at all time, at your own will. Crazy world we live in, and yet we didn't totally lose the war on privacy or encryption. Let's fight on with the little things.

Now you might still believe Apple is your friend, I highly recommend reading the EXPOSED! we did a while back, which shows the true colors of Apple!

EXPOSED! - the Apple of my eye or how rotten is your iPhone (and Mac)
In the second article on corporate maleficence, I will be taking a look at theApple Inc. Apple has shown itself to be a complete poodle when it comes to its relationshipwith China. During the recent mass demonstrations in Hong Kong, it pulled acrowd-sourced app from it’s App Store which allowed …