Privacy Cookbook - Chapter 19.1 - The one with the Apple - locking it down
source link: https://decentralize.today/privacy-cookbook-ch-19-1-the-one-with-the-apple-hardening/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Privacy Cookbook - Chapter 19.1 - The one with the Apple - locking it down
Two weeks ago, I started with "Apple - a new Persona", which was designed as the first step toward privacy and security on your Mac. Sadly, even if you start over with a new persona, you still need to do more to protect yourself from Apple. The "Privacy, this is Apple" does not fly very high when it comes to their (off the shelf) products.
So let's now get some apps that will make your browsing and working experience more "fruitful" but less "appley".
On a Mac, you actually already have some excellent options to lock things down.
Firewall
First things first, Mac comes with a built-in firewall. However, Mac's firewall is switched off - by default!
System Preferences —> Security & Privacy —> Firewall and turn it ON
—> Firewall Options
Check 'Block all incoming connections'
(I maybe should have pointed this out in my previous article already!)
Options
Lulu is an open-source firewall that can even block Apple trackers, and it's 100% open-source (did I say that already?:-)). Once you enable Lulu, you get pop up notifications, and can block or allow connections. You can also delete rules or add domains or ports to the rules.
Lulu has a built-in host file that makes blocking domains easy.
Another great, maybe even more powerful solution, is called Little Snitch.
Little Snitch is not open-source, but has had a few audits and built up a great reputation over a number of years. You can get a 30-day free demo, and a single licence will set you back $45.
In conclusion, Little Snitch can do a lot and gives you multiple options. However, it can be a little overwhelming at first, and might not be everyone's cup of tea because of the price tag.
Radio Silent is another simple, powerful, and hassle-free option. In fact, it is absolutely beginner-friendly and protects your privacy. You won't have any pop-ups, you set it all up in the settings and forget about it. It is dead simple to allow or deny an app going online. The app gives you a 24 hours trial version and costs $9 as a one-off charge thereafter.
Between the three options, pick the one that feels best for you, perhaps take the time and try all three. However, the only free and fully open-source solution, Lulu, would be my personal pick, I can recommend it!
The next step is blocking domains at DNS level. Oh yes, DNS again, I know it is my personal agenda to make DNS a thing in everyone's mind.
Options
We have some great solutions for Apple, which all work hand in hand with the firewalls!
The first, and my personally recommended solution, is AdGuard for Mac. Although this solution is not free, it is worth every penny spent on it.
It is not just an easy switch between DNS servers, but is also great for 'on the fly' blocking of domains. It has preselected hostfiles, and it lets you add more by just adding the URLs off a hostfile, for example, the always excellent SteveBlack blocklist.
AdGuard blocks system-wide, so you can also add Apple domains to it.
Another great option, would be to use DeCloudUs which can block all Apple domains. I, personally, would suggest you use it in combination with AdGuard and really lock Apple out of your system!
NextDNS is another good way to lockdown your Mac, you'll need to use the NextDNS Command-Line Client to get it set up.
Any of those solutions will give your Mac the extra privacy and security you need, regardless of which browser or app you are using.
Next week we'll talk about apps, browsers and add-ons etc to give your Mac the extra edge and power you deserve.
Stay safe, stay secure!
The Privacy Advocate
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK