MacOS Privacy & Security Settings

A simple interactive script that guides you through all MacOS System Preferences that are relevant for your privacy and security.

MacOS Privacy & Security Settings


Apple tries to position itself as the most privacy sensitive big tech company on the market today. In recent years Apple has embedded privacy features in its products that can for example defeat tracking pixels in marketing emails, there now is a Lockdown Mode (MacOS Ventura or later) that can be activated to mitigate tageted cyber attacks and there are new plans to implement strong end-to-end enryption for iCloud in the near future, which in theory should even prevent Apple from being able to view the content of its customer's data in Apple's iCloud (?). This is part of a business strategy that wants to distinguish Apple from competitors like Google and Microsoft through a deliberate focus on privacy and security. However, since Apple's source code is proprietary and since the corporation is an American company under US jurisdiction, these features remain a question of trust - at least to some extend. If you want to hide data from US law enforcement we can neither recommend you work with closed sorce software nor any commercial product by an American company...

While Apple claims that privacy is important, many features that can improve your privacy and security on MacOS are not enabled by default. We noticed that a lot of our colleagues and friends, most of them are artists and designers who use MacOS almost every day, not only leave their computer in its standard factory configuration, but also have very little knowledge of how to reduce their digital fingerprint and what steps can be taken to enhance their online privacy. It is true that you will loose some comfort and functionality to a certain degree if you focus on your privacy. However, we believe that it is worth it. In the end it is about finding the right balance between privacy and security on the one hand and comfort and ease on the other.

This is a problem that can be solved and also the reason why we wrote an interactive script that can guide you through all relevant MacOS System Preferences that are related to your online privacy and digital security. The choice is always yours.

In the following post we will provide a brief outline of what our script does. This guide is targeted to users who wish to make informed decisions and who want to improve their privacy and security on a Mac. We want everybody to be able to follow this guide, which is why our script is meant to be educative and a source of learning.

MAC OS PRIVACY & SECURITY SCRIPT

ABOUT

We have written two separate versions of this script: Our scripts for MacOS Ventura and for MacOS Monterey are both interactive scripts that guide you through all relevant standard MacOS Privacy and Security Settings. The scripts also give you a brief explanation of each available option, so you can make an informed decision wether or not you want to change the respective system setting. We have also written a speedy version for both MacOS Ventura and MacOS Monterey with less explanation that allows you to skip quickly through all available options.

Please note that at the time of writing we do not have access to the latest ARM64 Silicon Mac with M1 Security Chip. We wrote and tested our scripts on an Intel-based Mac running MacOS Monterey and MacOS Ventura.

The script will explain and guide you through the following System Settings:


Privacy

  1. Turn off Apple Remote Events
  2. Disable Apple Remote Management Service
  3. Disable Siri
  4. Adjust Spotlight Search Settings
  5. Disable Spotlight Search Indexing
  6. Disable Internet Based Spell Correction
  7. Turn off Apple Analytics and Targeted Apple Advertising
  8. Turn off Location Services
  9. Configure iCLoud Settings
  10. Stop storing documents to iCloud by default
  11. Turn off Airdrop File Sharing
  12. Hide Recent Items in Dock

Security

  1. Disable Captive Portal
  2. Enable and configure basic Application Layer Firewall
  3. Disable Guest Accounts
  4. Disable Unauthorised Connections (SSH, SFTP, TFTP, Bonjour Multicast, Telnet)
  5. Disable Printer Sharing (CUPS Server)
  6. Setup Screen Saver Session Lock
  7. Setup Firmware Password (relevant only for Intel based Macs)
  8. Prevent Firmware Password Resets (relevant only for Intel based Macs)
  9. Enable FileVault (Full Disk Encryption)
  10. Lockdown Mode (MacOS Ventura or newer)

... how to download ...

... and run the script ...

BE CAREFUL: YOU SHOULD ALWAYS LOOK AT THE CONTENT OF ANY SHELL SCRIPT YOU DOWNLOAD FROM AN UNKNOWN SOURCE BEFORE YOU EXECUTE IT! VERIFY ITS CONTENT FIRST TO MAKE SURE IT IS SAFE TO EXECUTE!

We host our scripts visible for everyone to see on our github page.

To run our script, you first have to download it. Open the Terminal.app (found with Spotlight: press โŒ˜ and [SPACE], then type Terminal, or in your Applications -> Utilities Folder). In your Terminal, use this command to navigate to your Downloads Folder:

cd ~/Downloads

Download the interactive script for MacOS Ventura:

# MacOS Ventura:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/MacOS-Ventura_Privacy-and-Security-Settings.sh

Download the speedy install script for MacOS Ventura:

# Speedy Install MacOS Ventura:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/SPEEDY-INSTALL_MacOS-Ventura_Privacy-and-Security-Settings.sh

Download the interactive script for MacOS Monterey:

# MacOS Monterey:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/MacOS-Monterey_Privacy-and-Security-Settings.sh

Download the speedy install script for MacOS Monterey:

# Speedy Install MacOS Monterey:
curl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/01_Privacy-and-Security-Settings/script/SPEEDY-INSTALL_MacOS-Monterey_Privacy-and-Security-Settings.sh

Give the respective file execute permissions:

chmod +x *Privacy-and-Security-Settings.sh

Execute the script (depending wether you are on MacOS Monterey or MacOS Ventura):

./MacOS-Ventura_Privacy-and-Security-Settings.sh
./SPEEDY-INSTALL_MacOS-Ventura_Privacy-and-Security-Settings.sh
./MacOS-Monterey_Privacy-and-Security-Settings.sh
./SPEEDY-INSTALL_MacOS-Monterey_Privacy-and-Security-Settings.sh

Now follow the instructions of the script:

Our script can adjust most System Settings that are enabled by default in MacOS. You just have to press [Y/y] + [ENTER] to proceed, [N/n] + [ENTER] to skip a specific option, or [C/c] + [ENTER] to cancel. If manual action is required, this script will open the respective Settings Tab for you, so you can implement the changes yourself.

PREVIEW:


Additional Resources

Special thanks to privacy.sexy and macOS-Security-and-Privacy-Guide.
Without these two resources, this guide would not exist.

MacOS-Privacy-and-Security-Enhancements/01_Privacy-and-Security-Settings at main ยท term7/MacOS-Privacy-and-Security-Enhancements
Executables to enhance MacOS Privacy and Security. Contribute to term7/MacOS-Privacy-and-Security-Enhancements development by creating an account on GitHub.
Privacy is sexy ๐Ÿ‘๐Ÿ† - Enforce privacy & security on Windows and macOS
Web tool to generate scripts for enforcing privacy & security best-practices such as stopping data collection of Windows and different softwares on it.