It's a sad fact that just like cell phones, stock operating systems like Windows and Mac track their users to an excessive degree. Not to pick on them unfairly, but Windows 10 is by far the worst offender. However, you shouldn't assume that using Mac is the better option.
In a perfect world, the best option is Linux. Linux is an open-source operating system with dozens of variants, each offering their own unique set of features. Most linux distributions are very private and secure compared to Windows and Mac by default, though some place additional emphasis on privacy or security. I recommend Debian in most situations. It has the most support, it is built on open-source freeware, and it can support the most programs that users of mainstream softwares have come to rely on. At very least, I recommend it as a starting point to get used to linux and explore the world of alternative operating systems.
However, I realize that not everybody has the luxury of switching to Linux for any number of reasons, such as needing a mainstream OS for your job or being in posession of a device that is technically not yours and therefore you can't make such changes to. In those situations, I have listed a set of recommend settings for both Windows and Mac that I encourage you to change to make your device a little more private and secure.
Mac OS: Catalina
- General: Default web browser: Firefox
- Siri: Enable Ask Siri: Off
- Touch ID: Don’t use
- Security & Privacy: General: Require password immediately after sleep or screen saver begins
- Security & Privacy: General: Disable automatic login
- Security & Privacy: General: Allow apps downloaded from: App Store and identified developers
- Security & Privacy: FileVault: Turn On FileVault
- Security & Privacy: Firewall: Turn On Firewall
- Security & Privacy: Privacy: Evaluate app settings
- Software Update: Automatically keep my Mac up to date
- Bluetooth: Turn Bluetooth Off
- Keyboard: Dictation: Off
- Sharing: Off
- Time Machine: Back Up Automatically
- Time Machine: Select Backup Disk
- Avoid setting up the machine with an Apple ID if possible
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into Little Snitch.
- System: Shared experiences: Share across devices: Off
- Devices: Typing: Everything off
- Devices: AutoPlay: Off
- Phone: Do not link
- Network & Internet: Use random hardware addresses: On
- Apps: Default apps:
- Apps: Startup: Go through each app and see if you need it to start automatically when the computer does. If not, disable it. This will help your computer boot faster
- Accounts: Use a local account when possible, when signing up on a new computer, disconnect internet to force local account
- Accounts: Sign-in options: Require sign-in: When PC wakes up from sleep
- Accounts: Sign-in options: Password: Use a passphrase
- Accounts: Sign-in options: Privacy: Show account details on sign-in screen: Off
- Privacy: General: All off
- Lock Screen: Contact information: Leave this blank unless you have a good reason not to
- Privacy: General: All off
- Privacy: Diagnostics & feedback: Diagnostic data: Basic
- Privacy: Diagnostics & feedback: Improve inking & typing recognition: Off
- Privacy: Diagnostics & feedback: Tailored experiences: Off
- Privacy: Diagnostics & feedback: Activity history: All off
- Privacy: Diagnostics & feedback: Location: Location service: Off
- Privacy: Diagnostics & feedback: Camera: Check permissions
- Privacy: Diagnostics & feedback: Microphone: Check permissions
- Privacy: Diagnostics & feedback: Account info: Allow apps to access your account info: Off
- Privacy: Diagnostics & feedback: Contacts: Allow apps to access your contacts: Off
- Privacy: Diagnostics & feedback: Calendar: Allow apps to access your calendar: Off
- Privacy: Diagnostics & feedback: Call history: Allow apps to access your call history: Off
- Privacy: Diagnostics & feedback: Email: Allow apps to access your email: Off
- Privacy: Diagnostics & feedback: Tasks: Allow apps to access your tasks: Off
- Privacy: Diagnostics & feedback: Messaging: Allow apps to access your messages: Off
- Privacy: Diagnostics & feedback: Radios: Let apps control radios: Off
- Privacy: Diagnostics & feedback: Other devices: Communicate with unpaired devices: Off
- Privacy: Diagnostics & feedback: Background apps: Off
- Privacy: Diagnostics & feedback: App diagnostics: Off
- Privacy: Diagnostics & feedback: Documents: Allow apps to access your documents library: Off
- Privacy: Diagnostics & feedback: Pictures: Allow apps to access your picture library: Off
- Privacy: Diagnostics & feedback: Videos: Allow apps to access your video library: Off
- Privacy: Diagnostics & feedback: File system: Allow apps to access your file system: Off
- Download WindowsSpyBlocker and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," "Add spy rules."
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into W10Privacy.
By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices handle. Keep in mind that you're not completely eliminating it, but you're reducing as much as you reasonably can.
Good Practices for Any OS
By default, both Mac and Windows will create an adminsitrator account when you sign up. After signing up, create a second non-admin account and use that as your main account. This makes it harder for programs to be installed without your knowledge and reduces the risk of malware and viruses getting installed.
Personally, I think antivirus software has become a bit outdated. Using a good ad blocker and good online habits is generally enough to keep any generic malware off your device. Unless someone is targeting you specifically, this is usually enough. However, if you want to be extra certain, Bitdefender is currently dominating the reviews. I have used it in the past and found it to be worth every penny. It even has a trial period. But if you're on a budget, Malwarebytes is a reputable, effective alternative.
Finally, even with all the plugins, tweaks, and changes we've made to the operating system and the browser, sometimes tracking and garbage files still get through. Cleaning out these files will not only protect your privacy and security, but improve your computer's performance. My first recommendation is the open source software BleachBit. This is a powerful program that securely deletes your unused files, removes errors from the registry, and fixes broken shortcuts among other things. BleachBit is not a difficult program to use, but if you need something a little more intuitive and user-friendly, there is the proprietary CCleaner, which offers all the same features as BleachBit plus a few. I recommend BleachBit because CCleaner has had a few hiccups in the past, but if you find Bleachbit overwhelming or confusing than CCleaner is an acceptable alternative. Previous Next