Privacy: Securing Computers
It's a sad fact that just like cell phones, stock operating systems like Windows and Mac track their users to an excessive degree. Not to pick on them unfairly, but Windows 10 is by far the worst offender. However, you shouldn't assume that using Mac is the better option.
In a perfect world, the best option is Linux. Linux is an open-source operating system with dozens of variants, each offering their own unique set of features. Most linux distributions are very private and secure compared to Windows and Mac by default, though some place additional emphasis on privacy or security. I recommend Debian in most situations. It has the most support, it is built on open-source freeware, and it can support the most programs that users of mainstream softwares have come to rely on. At very least, I recommend it as a starting point to get used to linux and explore the world of alternative operating systems. However, other distributions worth noting are Linux Mint (if you want a more Windows-XP feel) and Fedora (apps may not work as smoothly on Fedora, but Fedora's security is significantly better than Debian).
However, I realize that not everybody has the luxury of switching to Linux for any number of reasons, such as needing a mainstream OS for your job or being in possession of a device that is technically not yours and therefore you can't make such changes to. In those situations, I have listed a set of recommend settings for both Windows and Mac that I encourage you to change to make your device a little more private and secure.
Mac OS: Catalina
- General: Default web browser: Firefox
- Siri: Enable Ask Siri: Off
- Touch ID: Don’t use
- Security & Privacy: General: Require password immediately after sleep or screen saver begins
- Security & Privacy: General: Disable automatic login
- Security & Privacy: General: Allow apps downloaded from: App Store and identified developers
- Security & Privacy: FileVault: Turn On FileVault
- Security & Privacy: Firewall: Turn On Firewall
- Security & Privacy: Privacy: Evaluate app settings
- Software Update: Automatically keep my Mac up to date
- Bluetooth: Turn Bluetooth Off
- Keyboard: Dictation: Off
- Sharing: Off
- Time Machine: Back Up Automatically
- Time Machine: Select Backup Disk
- Avoid setting up the machine with an Apple ID if possible
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into Little Snitch.
- Advanced users are encouraged to set up DNSCrypt.
- System: Shared experiences: Share across devices: Off
- Devices: Typing: Everything off
- Devices: AutoPlay: Off
- Phone: Do not link
- Network & Internet: Use random hardware addresses: On
- Apps: Startup: Go through each app and see if you need it to start automatically when the computer does. If not, disable it. This will help your computer boot faster
- Accounts: Use a local account when possible, when signing up on a new computer, disconnect internet to force local account
- Accounts: Sign-in options: Require sign-in: When PC wakes up from sleep
- Accounts: Sign-in options: Password: Use a passphrase
- Accounts: Sign-in options: Privacy: Show account details on sign-in screen: Off
- Privacy: General: All off
- Lock Screen: Contact information: Leave this blank unless you have a good reason not to
- Privacy: General: All off
- Privacy: Diagnostics & feedback: Diagnostic data: Basic
- Privacy: Diagnostics & feedback: Improve inking & typing recognition: Off
- Privacy: Diagnostics & feedback: Tailored experiences: Off
- Privacy: Diagnostics & feedback: Activity history: All off
- Privacy: Diagnostics & feedback: Location: Location service: Off
- Privacy: Diagnostics & feedback: Camera: Check permissions
- Privacy: Diagnostics & feedback: Microphone: Check permissions
- Privacy: Diagnostics & feedback: Account info: Allow apps to access your account info: Off
- Privacy: Diagnostics & feedback: Contacts: Allow apps to access your contacts: Off
- Privacy: Diagnostics & feedback: Calendar: Allow apps to access your calendar: Off
- Privacy: Diagnostics & feedback: Call history: Allow apps to access your call history: Off
- Privacy: Diagnostics & feedback: Email: Allow apps to access your email: Off
- Privacy: Diagnostics & feedback: Tasks: Allow apps to access your tasks: Off
- Privacy: Diagnostics & feedback: Messaging: Allow apps to access your messages: Off
- Privacy: Diagnostics & feedback: Radios: Let apps control radios: Off
- Privacy: Diagnostics & feedback: Other devices: Communicate with unpaired devices: Off
- Privacy: Diagnostics & feedback: Background apps: Off
- Privacy: Diagnostics & feedback: App diagnostics: Off
- Privacy: Diagnostics & feedback: Documents: Allow apps to access your documents library: Off
- Privacy: Diagnostics & feedback: Pictures: Allow apps to access your picture library: Off
- Privacy: Diagnostics & feedback: Videos: Allow apps to access your video library: Off
- Privacy: Diagnostics & feedback: File system: Allow apps to access your file system: Off
- Update & Security: Windows Security: Open Windows Defender: Security Center: Virus & Threat Protection: Firewall & Network Protection: All firewalls on.
- Download WindowsSpyBlocker and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI."
- Some version of Windows 10 now support DNS-over-HTTPS. See How Network Communication Works for more information on why protecting DNS matters. If your computer supports this feature, follow these instructions to enable it. If not, download DNSCrypt. I recommend using Simple DNSCrypt for most users. So click that link, download the .msi(x64 Installer). Install it, then launch it when done. Under "Main Menu: Configuration" ensure all boxes are checked. In the settings (the gear icon in the top right) ensure "Start SimpleDNSCrypt in tray" and "Check for updates on startup" are checked.
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into W10Privacy.
By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices handle. Keep in mind that you're not completely eliminating it, but you're reducing as much as you reasonably can.
Good Practices for Any OS
By default, both Mac and Windows will create an administrator account when you sign up. After signing up, create a second non-admin account and use that as your main account. This makes it harder for programs to be installed without your knowledge and reduces the risk of malware and viruses getting installed.
Personally, I think third-party antivirus software has become unnecessarymessag. Using a good ad blocker and good online habits is generally enough to keep any generic malware off your device. Unless someone is targeting you specifically, this is usually enough. However, both Windows and Mac both come with built-in antimalware that I encourage you to make use of. On Windows it's called Defender. While Microsoft's antivirus used to be a joke in the past, experts now agree that the modern Defender is quite powerful and will protect you from most mainstream threats. Macs come with XProtect. Viruses on Linux are relatively rare because of the small market share, technical skill of the user base, and many variations, but if you desire more protection there as well you'll have to download a third-party software as most distributions don't come pre-packaged with antimalware. Clam AV is considered the most desirable.
Even with all the plugins, tweaks, and changes we've made to the operating system and the browser, sometimes tracking and garbage files still get through. Cleaning out these files will not only protect your privacy and security, but improve your computer's performance. My first recommendation is the open source software BleachBit. This is a powerful program that securely deletes your unused files, removes errors from the registry, and fixes broken shortcuts among other things. BleachBit is not a difficult program to use, but if you need something a little more intuitive and user-friendly, there is the proprietary CCleaner, which offers all the same features as BleachBit plus a few. I recommend BleachBit because CCleaner has had a few hiccups in the past, but if you find Bleachbit overwhelming or confusing than CCleaner is an acceptable alternative.
Just as with phones, I encourage you to keep your computer as clean of apps and files as possible. Obviously sometimes this is either impossible or just not a reasonable request. You may choose to keep family photos or video games. But, for example, use your browser instead of an app to access Netflix or Hulu. I also encourage you to get rid of files you no longer want or need, such as photos of exes or documents you downloaded once so you could print them off. While these types of things shouldn't really be an issue if you keep your devices encrypted, why risk it?
Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe which is offered by both Bleachbit and CCleaner. Don't do disk wipes on Solid State Drives as this will shorten their lifespans.