Before we jump into secure Linux distribution and what options you  have to make your computer really secure, let's cover off MacOS.

Firstly, I recommend to start with a fresh copy of your OS. Even though this step is optional for you, I strongly recommend you to do so.

Boot into Recovery Mode
Hold command + R when you boot up your Mac
Now go to Utilities —> Firmware Password and set a Password
Next format your boot drive and install MacOS

Now boot up your Mac and create an administrator account.

Use a really strong password, perhaps even a passphrase (a sentence with multiple words and a number and special character) for example


Now create a User account with unprivileged (non-administration) power for day to day usage.

Next System Preferences —> Security & Privacy —> General and set Require password after sleep to Immediately

Set also Allow apps from to App Store and identified developers

System Preferences —> Security & Privacy —> Firewall and turn it ON

—> Firewall Options
Check Block all incoming connections

System Preferences —> Security & Privacy —> Privacy —> Location
Uncheck Enable Location Services

System Preferences —> Security & Privacy —> Analytics
Uncheck Share Mac Analytics

System Preferences —> Sharing
Turn OFF every service

System preferences —> Spotlight — Search Results
Uncheck Spotlight Suggestions and allow Spotlight Suggestions Look up

System Preferences —> General
Uncheck Allow Handoff between Mac and iCloud devices

System Preferences —> Bluetooth
Turn it OFF (you can turn it on whenever you use a Bluetooth devices I recommend  switching it off during the time when no device is connected)

System Preferences —> Security & Privacy —> FileVault
Turn it ON

Finder —> Preferences — Advanced
Check Show file name extension

Disable Captive Portal (you can use your browser to archive the same) & Crash report

Start the terminal

LuLu is a great open-source outbound firewall, consider using it or  Little Snitch what is sadly not open-source but does have great features.

Now reboot your Mac and log in with the user account (not the administrator).

System Preferences > Security & Privacy > Privacy > Contacts/Calendars/Reminders/Photos

Remove any app that you don’t want to have access to those folders

System Preferences > Security & Privacy > Privacy > Camera/Microphone

Remove any app you don’t actually use the camera or microphone with

System Preferences > Security & Privacy > Privacy > Full Disk Access

Remove any app you don’t need to have full-disk access

System Preferences > Security & Privacy > Privacy > Advertising

Check Limit Ad Tracking and reset your Advertising identifier (same as on iOS)

You know I am always recommending to use your own DNS servers

System Preferences > Network > Advanced > DNS

Use any of our recommended list

The Privacy Cookbook - Chapter 2 – Protecting your DNS
We promised you that within this cookbook we will go deeper into the rabbithole....well, here we go and in this chapter let’s start with something simple!DNS! Most people are not aware what DNS is or what it does.
The Domain Name System(DNS) is one of the foundations of the internet, yet most p…

You can also install AdGuard which we also always recommend as a better Firewall/DNS option

Next, just as always, do not use the pre-installed browser. We recommend Firefox with the following setup and tweaks:

Privacy Cookbook - Chapter 3.4 - Browser Security
Today’s Privacy Cookbook is all about browser security. Lets start with Chrome or Chromium! If it is your main browser, do the following.....use your browser to go to, to download the latest Firefox and after doing thatdelete Chrome! Congrats you have fixed the first i…
Privacy Cookbook - Chapter 3.3 - uBlock Origin
Today we’re going to talk about uBlock Origin and if you’ve followed the previous chapters on ad-blocking articles here is a little extra informationfor you. Even if you are using either of the two ad blocking apps (AdGuard Homeor Pi-Hole) please use uBlock Origin[…

Block bad traffic by modifying your host file

Open the terminal and type

Use any of this blocklists

Privacy Cookbook - Chapter 3 - Ad and Bad traffic filtering
​The internet is one scary place. Most people wouldn’t know that as they go totheir favourite website that they have no idea what else is connecting to theirdevice. I have a crazy example: my Samsung Note 10 had most of the requestedconnections coming all day from and from…

As a password manager we strongly recommend KeePassXC or Bitwarden

Note: Bitwarden usies Google Analytics in the apps which is not the best advert when it comes to a privacy focused app!

Make sure to have MacOS and all software installed updated at all times.

A safe and secure OS is only as secure as the latest treats being patched ;)

Also encrypt sensitive data and don't use the iCloud!

Make your backups locally and don't upload your pictures to the cloud. It might be handy, but it is not secure!

In the next few chapters we will focus on Linux and different Linux distributions & setups. See you soon!

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at and at
Share this post