Credit to Author: Jonny Evans| Date: Mon, 23 Nov 2020 09:29:00 -0800
To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.
The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & Privacy>General and tap Change Password to pick something more challenging.
If you have an Apple Watch you can also enable this to unlock apps and your Mac in this pane, which provides a layer of biometric authorization to secure your Mac a little more.
If your Mac has a TouchID button, then it makes sense to make use of it. It makes no sense at all to use weak passwords for logins if you value your privacy.
While you’re in Security & Privacy>General tale a look at the Require Password checkbox. This sets the time you can leave your Mac inactive before you are required to use the password again.
While it’s tempting to set this a little longer if you are using a complex login, doing so is a false economy if you frequently use your Mac in a public place.
Of course, setting your Mac so it locks after a second’s inactivity can be a little illogical when you’re attempting to get work done, so I tend to set this feature to 5-minutes and learn how to manually lock my Mac when I turn my back.
Apple now offers a menu item that will lock your Mac on request. Open Apple menu>Lock Screen…
You should ensure FireVault protection is active on your Mac. This encrypts all the contents of your Mac to which provide additional protection, you don’t want all your data looked at in the event you lose control of your Mac. Enable this in Security & Privacy>FileVault.
Macs have a built-in firewall and you really need to use it to protect it against network intrusion. Open System Preferences>Security & Privacy>Firewall to enable this. While you are there you should also enable Stealth Mode.
This prevents your computer responding to or acknowledging attempts made to access it from the network using tools like Ping. This makes it a lot harder to target your Mac when you’re using a public access point, for example.
Mac users should make use of a VPN (virtual private network), as these make it far more difficult for others to hack or track your internet traffic.
If your company offers a VPN then use it. If not, then it’s worth investing in a reputable provider as some free VPN services cannot be trusted. Some of the more reputable services include: NordVPN, CyberGhost, ExpressVPN, Windscribe and TunnelBear.
Choosing a good provider matters as you must verify the service they provide is in line with any enterprise security policy.
Another important protection for the privacy conscious is two-factor authentication (2FA) for your Apple ID. With this enabled you will receive a confirmation code whenever someone attempts to login to your Apple ID and will have to authorize such access.
This is important as it helps keep others out of your iCloud and also prevents others undermining FileVault protection on your Mac. Open System Preferences>iCloud>Password & Security and ensure 2FA is On and check the correct phone number is provided.
One way to prevent rogue apps from uploading data they find about you in your Safari History is to use Private Browsing mode. When you do, Safari won’t remember which pages you visit:
Safari on the Mac now provides a Privacy Report for each website you visit – just tap the Shield icon beside the address bar in Safari. It provides you with information collected by Apple’s Intelligent Tracking Prevention tool and show all the trackers attempting to monitor you via that site.
You can also access far more detailed information by choosing Safari>Privacy Report. This will show you all the sites that have tried to track you and share which trackers are the most active. It will also let you know how many times Safari has prevented a tracker from profiling you.
Facebook is squawking its protest against one big Apple privacy innovation that will make it a great deal harder for online entities to track you online. Safari has many other tools to secure your privacy which you should learn:
Open Safari>Preferences>Privacy and you’ll see a range of privacy protection tools:
You can review these settings in Safari>Preferences>Websites. Do spend time reviewing Camera, Microphone, Screen sharing and Location permissions for sites to make sure no sites are quietly gaining access.
Open Safari>Preferences>Search and in the Search engine drop down box select DuckDuckGo as your default. This is one of the best ways to protect your privacy I know of, as this is a search engine capable of delivering excellent results that will not track you.
Safari has a password audit feature which you can access from within the application via Preferences>Passwords. You’ll need to enter your login password, after which you’ll, be able to review all the sites and services Safari knows you have password access to.
Look for a small yellow triangle.
If you see one, select it and then tap the Details… button to find out more. You’ll be warned if a password is easy to crack, or you’ve requested it across multiple sites.
Open Safari>Preferences>Security and make sure Fraudulent sites protection is enabled (checkbox on). In future if you visit a site that’s recognized as a fake, you’ll be warned of this.
Apple has improved its Sign In With Apple service which third party sites and services can now use to replace existing accounts. It’s worth using this service wherever it is available as its far more private and secure than signing in with other such services.
Starting December 2020, Apple insists developers explain the privacy practises of each app they sell in a standardized format that works like a food nutrition label.
You should pay close attention to this information whenever you consider downloading an application to your Mac. It is made available along the app description on the App Store.
Apple at WWDC 2020 confirmed that iOS 14 and macOS 11 would introduce support for a FIDO standard called Web Authentication (WebAuthn) in Safari. This essentially means you’ll be able to use Touch ID and Face ID to provide biometric authentication for websites and services. More info is available here.
Apple scored an own goal on privacy when it was revealed that Siri shared small segments of conversation it records with third parties. Described at the time as a legitimate attempt to improve Siri’s services and accuracy, we were all pretty furious that Apple didn’t tell us it was doing this, despite that Amazon, Google and others do the same.
Apple moved to fix this with new privacy controls for Siri.
In the same pane (System Preferences>Security & Privacy>Privacy) you’ll find a host of additional settings you should regularly review to ensure no app has permission to handle more of your personal information than you want to share.
There are multiple fields here, such as Contacts, Camera, Full Disk Access. Tap each one to verify that only those applications you trust have any access to any of this information. Ask yourself questions as you do so – does this app need this access to work for you? If not, why provide it.
Limiting access in this way may limit what some apps can do, but the trade-off is privacy. Take a moment to explore Apple’s document on these controls here.
Back to System Preferences>Sharing and disable things like screen sharing, file sharing, printer sharing and so on if you are not certain to make use of them.
Do you really want every Notification for every app to appear on your Mac’s screen when you are in a public place? To maximize privacy, open System Preferences>Notifications and disable them for any application you need to keep private. You should also verify that no notification appears on the lockscreen, and set any that you do receive as Banners, as those appear only briefly on screen.
You can create a Guest user ID that you can permit others to use when you allow them to use your Mac. Guests can’t access any of your own apps, data or browser history. To enable this mode:
Guess mode requires no password and only provides access to Safari (when FileVault is as it should be enabled on your Mac). When the guest logs out all information and files in the guest account folder is deleted.
Spotlight does so much, but privacy conscious Mac users may want to prevent Siri Suggestions, which basically relies on your search being quickly shared with Apple to get suggested results from third party services.
You may be OK with this, but some Mac users may want even more privacy, which they can achieve by unchecking Siri Suggestions in System Preferences>Spotlight. To better understand the significance of this, tap the About Search and Privacy button to learn how your data is handled.
Spotlight searches everything. Privacy conscious users may sometimes create a folder (we could call it ‘Confidential’) somewhere on their Mac into which they save any documents or other items that must be kept highly secure.
The trick then is to open System Preferences>Spotlight and tap the Privacy pane.
The ‘Confidential’ folder can then be selected using the + button, or simply dragged and dropped into the box. In future, Spotlight will be prevented from searching through that folder, which prevents the highly confidential documents it contains showing up in search results.
To make this piece as valuable as possible to as many people as possible, I’d welcome any additional ideas around Mac privacy you might wish to share, please drop me a line via Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.