If you are an avid Apple user, you are probably locked (trapped?) in the 'closed garden' of Apple. However, over the course of chapter 19 (this is 3rd piece in the 'apple pie') we have learned that you can anonymize yourself a little.

Firstly, by starting with a brand-new identity:

Privacy Cookbook - Ch 19 The one with the Apple New Persona
#decentralize.today - #Privacy Cookbook - Chapter 19 - The one with the Apple - A New Persona #privacycookbook #apple #bitrefill #privacy.sexy

After this, we locked the experience down a little more, just to be certain that you have a mix between privacy and the Apple experience:

Privacy Cookbook - Chapter 19.1 - The one with the Apple - locking it down
#decentralize.today - #PrivacyCookbook - Chapter 19.1 - The one with the #Apple - locking it down #firewalls #DNS #privacy #lulu #littlesnitch

Today we want to go over the fine-tuning.

So start by creating a separate account, one which has no admin privilege. This way, you have taken a big step when it comes to security.

Remember to fine tune your firewall and privacy settings in the new profile as well.

I recommend to use Librewolf as your browser.

LibreWolf Browser
An independent fork of Firefox, with the primary goals of privacy, security and user freedom.

If you do so, an essential add-on would be LibRedirect:

LibRedirect – Get this Extension for 🦊 Firefox (en-US)
Download LibRedirect for Firefox. Redirects Twitter, YouTube, Instagram and more to privacy friendly alternatives.

With this add-on, you can redirect traffic to more privacy protected frontends, so Twitter to Nitter, YouTube to Piped etc...

Another great add-on is NoScript and/or uBlock Origin.

If you want to stick with Safari, you can also use the paid app, Privacy Redirect, which automatically can redirect your browser to Nitter, Piped etc.

And even though this might sound like a small thing to do, if you are using Safari, change your search engine to DuckDuckGo. If you leave the search engine on Google, it will continue to receive metadata from you.

Apple also connects to token.safebrowsing.apple, so block this domain with your firewall and/or AdGuard. This domain is basically Google Safe Browsing (Apple proxied). Block safebrowsing.googleapis.com as well.

Click Safari -> Preferences -> Security

And disable fraudulent sites, while this is optional it is Google Safe Browsing, and I just don't recommend Google knowing anything about your browsing.  

Click Safari -> Preferences -> Privacy

Switch off Web advertising and Apple Pay and Apple Card

Even though I prefer LibreWolf, keep in mind that Safari (except the Google Safe browsing) is a decent and privacy-friendly browser that does not connect to too many intrusive services (except Google safe browsing). I would use a combination between LibreWolf and Safari. Keep in mind that Safari is used by most Apple users, so your fingerprinting will be unique to Apple, but not to many other companies. So, this is an advantage to using it as your main browser.

For your most private browser experience, you can install the Tor Browser:

The Tor Project | Privacy & Freedom Online
Defend yourself against tracking and surveillance. Circumvent censorship.

As with any OS I do recommend using a password manager. You have a great option with Bitwarden, which works on any device, regardless of if it's Mac, Android, Windows or a browser. Chose it over the built-in Apple Keychain. You don't want your keychain backup running over iCloud, even if Apple claims they can't read it. Additionally, you will be able to keep your password manager if you ever decide to leave Apple.

Keep in mind, Bitwarden also works on iOS, so you do not need to pay per subscription on iOS and macOS. Bitwarden also works with Firefox and any other browser.

Another great Apple only password manager is Strongbox which is not free (as with most great apps on Apple). Strongbox, however, is compatible with Keepass, so you can use that on other devices, and if you ever switch from Apple, you are good to go with a backup.

Strongbox works 'out of the box' with Safari. It also has a separate (subscription-based) iOS version.

iOS and MacOS KeePass Password Manager | Strongbox
Strongbox is the world’s leading password manager for iPhone and Mac. Built to utilise industry standard formats, it’s ready to secure your data.

Overall, macOS will never be as private and free (as in freedom) as Linux is. But if you use Apple because you need to, for example FaceTime and iMessaging (with colleges), or you have any other reason to stick with Apple, Video Editing or being heavily invested in Apple already, you can get some privacy out of the devices.

This 3-step guide is designed to allow all Apple services to work. You can lock down more if you desire, for example, with firewalls and/or AdGuard. The sky's the limit, and it's easy to use.  

I would not use iCloud if you don't need it for any specific reason!? If you need a cloud, use Nextcloud and host it yourself. If you use iCloud, use Cryptomator to encrypt your files.

Cryptomator - Free Cloud Encryption for Dropbox & Co
Encrypt Dropbox, Google Drive, and any other cloud. Cryptomator is free and open source.

Attempt to block as many unnecessary connections as possible with your firewall. This will be  a challenge at the beginning, as you will have many pop-ups. But over time, the firewall won't bother you too many times. And you have an experience that you can enjoy.

Stay safe (even when on an Apple device ;).

The Privacy Advocate

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element (Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at decentralize.today and at blog@decentralize.today
Share this post