The New Oil logo Dark Mode

Privacy: Securing Computers

It's a sad fact that just like cell phones, stock operating systems like Windows and Mac track their users to an excessive degree. Not to pick on them unfairly, but Windows 10 is by far the worst offender. However, you shouldn't assume that using Mac is the better option.

In a perfect world, the best option is Linux. Linux is an open-source operating system with dozens of variants, each offering their own unique set of features and target audience. Most linux distributions are considerably more private compared to Windows and Mac, though some place additional emphasis on privacy or security. I recommend Debian in most situations. It has a lot of availabe support online, it is built on open-source freeware, and it can more easily support most programs that users of mainstream softwares have come to rely on, like Discord and Slack. At very least, I recommend it as a starting point to get used to Linux and explore the world of alternative operating systems. Another distribution worth noting is Fedora. Fedora is less user friendly than Debian, but the security is significantly better.

However, I realize that not everybody has the luxury of switching to Linux for any number of reasons, such as needing a mainstream OS for your job or being in possession of a device that is technically not yours and therefore you can't make such changes to. In those situations, I have listed a set of recommend settings for both Windows and Mac that I encourage you to change to make your device a little more private and secure. You can see my criteria for this page and why I recommended these settings here.

Mac OS 11.4: Big Sur

  • General: Default web browser: Brave/Firefox
  • Siri: Enable Ask Siri: Off
  • Touch ID: Don’t use
  • Security & Privacy: General: Require password immediately after sleep or screen saver begins
  • Security & Privacy: General: Disable automatic login
  • Security & Privacy: General: Allow apps downloaded from: App Store and identified developers
  • Security & Privacy: FileVault: Turn On FileVault
  • Security & Privacy: Firewall: Turn On Firewall
  • Security & Privacy: Privacy: Evaluate app settings
  • Software Update: Automatically keep my Mac up to date
  • Bluetooth: Turn Bluetooth Off
  • Keyboard: Dictation: Off
  • Sharing: Off
  • Time Machine: Back Up Automatically
  • Time Machine: Select Backup Disk
  • Avoid setting up the machine with an Apple ID if possible
  • Advanced users who want more granular control and feel comfortable making extreme changes may want to look into Little Snitch.
  • Advanced users are encouraged to set up DNSCrypt.

Windows 10: Version 21H1

  • System: Notifications & actions: Show notifications on the lock screen: Off
  • System: Shared experiences: Share across devices: Off
  • Devices: Typing: Everything off
  • Devices: AutoPlay: Off
  • Phone: Do not link
  • Network & Internet: Wi-Fi: Use random hardware addresses: On
  • Apps: Apps & features: Uninstall anything you don't use
  • Apps: Apps & features: Default apps: Email: Thunderbird; Music player: VLC; Photo viewer: ImageGlass; Video player: VLC; Web browser: Brave/Firefox
  • Accounts: Sign-in options: Require sign-in: When PC wakes up from sleep
  • Accounts: Sign-in options: Password: Use a passphrase
  • Accounts: Sign-in options: Privacy: Show account details on sign-in screen: Off
  • Privacy: General: All off
  • Privacy: Speech: Online speech recognition: Off
  • Privacy: Inking & typing presonaliziatoin: Getting to know you: Off
  • Privacy: Diagnostics & feedback: Diagnostic data: Required diagnostic data
  • Privacy: Diagnostics & feedback: Improve inking & typing recognition: Off
  • Privacy: Diagnostics & feedback: Tailored experiences: Off
  • Privacy: Activity history: Send my activity history to Microsoft: Off
  • Privacy: App permisions: Review each setting and disable accordingly
  • Update & Security: Windows Security: Open Windows Security: Virus & Threat Protection: All protections on
  • Update & Security: Windows Security: Open Windows Security: Firewall & Network Protection: All firewalls on
  • Update & Security: Backup:
  • Download WindowsSpyBlocker and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI."
  • Some version of Windows 10 now support DNS-over-HTTPS. See How Network Communication Works for more information on why protecting DNS matters. If your computer supports this feature, follow these instructions to enable it. If not, download DNSCrypt. I recommend using Simple DNSCrypt for most users. So click that link, download the .msi(x64 Installer). Install it, then launch it when done. Under "Main Menu: Configuration" ensure all boxes are checked. In the settings (the gear icon in the top right) ensure "Start SimpleDNSCrypt in tray" and "Check for updates on startup" are checked.
  • Advanced users who want more granular control and feel comfortable making extreme changes may want to look into W10Privacy.

By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices handle. Keep in mind that you're not completely eliminating it, but you're reducing as much as you reasonably can.

Good Practices for Any OS

By default, both Mac and Windows will create an administrator account when you sign up. After signing up, create a second non-admin account and use that as your main account. This makes it harder for programs to be installed without your knowledge and reduces the risk of malware and viruses getting installed.

Third-party antivirus software has become unnecessary. Using a good ad blocker and good online habits is generally enough to keep any generic malware off your device. Unless someone is targeting you specifically, this is usually enough. However, both Windows and Mac both come with built-in antimalware that I encourage you to make use of. On Windows it's called Defender. While Microsoft's antivirus used to be a joke in the past, experts now agree that the modern Defender is quite powerful and will protect you from most mainstream threats. Macs come with XProtect. Viruses on Linux are relatively rare because of the small market share and technical skill of the user base, but if you desire more protection there as well you'll have to download a third-party software as most distributions don't come pre-packaged with antimalware. Clam AV is considered the most desirable.

Even with all the plugins, tweaks, and changes we've made to the operating system and the browser, sometimes tracking and garbage files still get through. Cleaning out these files will not only protect your privacy and security, but improve your computer's performance. I recommend using open source software BleachBit for this. This is a powerful program that securely deletes your unused files, removes errors from the registry, and fixes broken shortcuts among other things.

Just as with phones, I encourage you to keep your computer as clean of apps and files as possible. Obviously sometimes this is either impossible or just not a reasonable request. You may choose to keep family photos or video games. But, for example, use your browser instead of an app to access Netflix or Hulu. I also encourage you to get rid of files you no longer want or need, such as photos of exes or documents you downloaded once so you could print them off. While these types of things shouldn't really be an issue if you keep your devices encrypted, why risk it?

Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe, which is offered by Bleachbit. Don't do disk wipes on Solid State Drives as this will shorten their lifespans.