Apple tries to position itself as the most privacy sensitive big tech company on the market today. In recent years Apple has embedded privacy features in its products that can for example defeat tracking pixels in marketing emails, there now is a Lockdown Mode (MacOS Ventura or later) that can be activated to mitigate tageted cyber attacks and there are new plans to implement strong end-to-end enryption for iCloud in the near future, which in theory should even prevent Apple from being able to view the content of its customer's data in Apple's iCloud (?). This is part of a business strategy that wants to distinguish Apple from competitors like Google and Microsoft through a deliberate focus on privacy and security. However, since Apple's source code is proprietary and since the corporation is an American company under US jurisdiction, these features remain a question of trust - at least to some extend. If you want to hide data from US law enforcement we can neither recommend you work with closed sorce software nor any commercial product by an American company...
While Apple claims that privacy is important, many features that can improve your privacy and security on MacOS are not enabled by default. We noticed that a lot of our colleagues and friends, most of them are artists and designers who use MacOS almost every day, not only leave their computer in its standard factory configuration, but also have very little knowledge of how to reduce their digital fingerprint and what steps can be taken to enhance their online privacy. It is true that you will loose some comfort and functionality to a certain degree if you focus on your privacy. However, we believe that it is worth it. In the end it is about finding the right balance between privacy and security on the one hand and comfort and ease on the other.
This is a problem that can be solved and also the reason why we wrote an interactive script that can guide you through all relevant MacOS System Preferences that are related to your online privacy and digital security. The choice is always yours.
In the following post we will provide a brief outline of what our script does. This guide is targeted to users who wish to make informed decisions and who want to improve their privacy and security on a Mac. We want everybody to be able to follow this guide, which is why our script is meant to be educative and a source of learning.
MAC OS PRIVACY & SECURITY SCRIPT
We have written two separate versions of this script: Our scripts for MacOS Ventura and for MacOS Monterey are both interactive scripts that guide you through all relevant standard MacOS Privacy and Security Settings. The scripts also give you a brief explanation of each available option, so you can make an informed decision wether or not you want to change the respective system setting. We have also written a speedy version for both MacOS Ventura and MacOS Monterey with less explanation that allows you to skip quickly through all available options.
Please note that at the time of writing we do not have access to the latest ARM64 Silicon Mac with M1 Security Chip. We wrote and tested our scripts on an Intel-based Mac running MacOS Monterey and MacOS Ventura.
The script will explain and guide you through the following System Settings:
- Turn off Apple Remote Events
- Disable Apple Remote Management Service
- Disable Siri
- Adjust Spotlight Search Settings
- Disable Spotlight Search Indexing
- Disable Internet Based Spell Correction
- Turn off Apple Analytics and Targeted Apple Advertising
- Turn off Location Services
- Configure iCLoud Settings
- Stop storing documents to iCloud by default
- Turn off Airdrop File Sharing
- Hide Recent Items in Dock
- Disable Captive Portal
- Enable and configure basic Application Layer Firewall
- Disable Guest Accounts
- Disable Unauthorised Connections (SSH, SFTP, TFTP, Bonjour Multicast, Telnet)
- Disable Printer Sharing (CUPS Server)
- Setup Screen Saver Session Lock
- Setup Firmware Password (relevant only for Intel based Macs)
- Prevent Firmware Password Resets (relevant only for Intel based Macs)
- Enable FileVault (Full Disk Encryption)
- Lockdown Mode (MacOS Ventura or newer)
... how to download ...
... and run the script ...
BE CAREFUL: YOU SHOULD ALWAYS LOOK AT THE CONTENT OF ANY SHELL SCRIPT YOU DOWNLOAD FROM AN UNKNOWN SOURCE BEFORE YOU EXECUTE IT! VERIFY ITS CONTENT FIRST TO MAKE SURE IT IS SAFE TO EXECUTE!
We host our scripts visible for everyone to see on our github page.
To run our script, you first have to download it. Open the Terminal.app (found with Spotlight: press ⌘ and [SPACE], then type Terminal, or in your Applications -> Utilities Folder). In your Terminal, use this command to navigate to your Downloads Folder:
Download the interactive script for MacOS Ventura:
# MacOS Ventura:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/MacOS-Ventura_Privacy-and-Security-Settings.sh
Download the speedy install script for MacOS Ventura:
# Speedy Install MacOS Ventura:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/SPEEDY-INSTALL_MacOS-Ventura_Privacy-and-Security-Settings.sh
Download the interactive script for MacOS Monterey:
# MacOS Monterey:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/MacOS-Monterey_Privacy-and-Security-Settings.sh
Download the speedy install script for MacOS Monterey:
# Speedy Install MacOS Monterey:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/SPEEDY-INSTALL_MacOS-Monterey_Privacy-and-Security-Settings.sh
Give the respective file execute permissions:
chmod +x *Privacy-and-Security-Settings.sh
Execute the script (depending wether you are on MacOS Monterey or MacOS Ventura):
Now follow the instructions of the script:
Our script can adjust most System Settings that are enabled by default in MacOS. You just have to press [Y/y] + [ENTER] to proceed, [N/n] + [ENTER] to skip a specific option, or [C/c] + [ENTER] to cancel. If manual action is required, this script will open the respective Settings Tab for you, so you can implement the changes yourself.