Privacy: Securing Computers
Just like cell phones, desktop operating systems like Windows and Mac track their users to an excessive degree. Windows 10 is by far the worst offender, however Mac also has their share of telemetry.
In a perfect world, the best option is Linux. Linux is an open-source operating system with dozens of variants, each offering their own unique set of features and target audience. Most linux distributions are considerably more private compared to Windows and Mac, though some place additional emphasis on privacy or security. I recommend Pop! OS for most users. It is based on Debian, so it can more easily support most programs that users of mainstream softwares have come to rely on, and it has a very user-friendly interface that most users will easily adjust to. At very least, I recommend it as a starting point to get used to Linux and explore the world of alternative operating systems. Another distribution worth noting is Fedora. Fedora is less user friendly than Debian, but the security is significantly better. Please note that Linux is significantly better for privacy, but is not a huge improvement in security and in some cases can actually be worse. However, as with web browsers, I believe that this tradeoff is insignificant for most users, provided that you use good online habits and are reasonably cautious.
Not everybody has the luxury of switching to Linux for any number of reasons, such as needing a a specialized program that only runs on Mac/Windows or being in possession of a device that is technically not yours and therefore you can't make such changes to. For those situations, I have listed a set of recommend settings for both Mac and Windows that I encourage you to change (if you can) to make your device a little more private and secure. You can see my criteria for this page and why I recommended these settings here.
Mac OS 11.4: Big Sur
- General: Default web browser: Brave/Firefox
- Siri: Enable Ask Siri: Off
- Touch ID: Don’t use
- Security & Privacy: General: Require password immediately after sleep or screen saver begins
- Security & Privacy: General: Disable automatic login
- Security & Privacy: General: Allow apps downloaded from: App Store and identified developers
- Security & Privacy: FileVault: Turn On FileVault
- Security & Privacy: Firewall: Turn On Firewall
- Security & Privacy: Privacy: Evaluate app settings
- Software Update: Automatically keep my Mac up to date
- Bluetooth: Turn Bluetooth Off
- Keyboard: Dictation: Off
- Sharing: Off
- Time Machine: Back Up Automatically
- Time Machine: Select Backup Disk
- Avoid setting up the machine with an Apple ID if possible
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into Little Snitch.
- Advanced users are encouraged to set up DNSCrypt.
Windows 10: Version 21H1
- System: Notifications & actions: Show notifications on the lock screen: Off
- System: Shared experiences: Share across devices: Off
- Devices: Typing: Everything off
- Devices: AutoPlay: Off
- Phone: Do not link
- Network & Internet: Wi-Fi: Use random hardware addresses: On
- Apps: Apps & features: Uninstall anything you don't use
- Apps: Apps & features: Default apps: Email: Thunderbird; Music player: VLC; Photo viewer: ImageGlass; Video player: VLC; Web browser: Brave/Firefox
- Accounts: Sign-in options: Require sign-in: When PC wakes up from sleep
- Accounts: Sign-in options: Password: Use a passphrase
- Accounts: Sign-in options: Privacy: Show account details on sign-in screen: Off
- Privacy: General: All off
- Privacy: Speech: Online speech recognition: Off
- Privacy: Inking & typing presonaliziatoin: Getting to know you: Off
- Privacy: Diagnostics & feedback: Diagnostic data: Required diagnostic data
- Privacy: Diagnostics & feedback: Improve inking & typing recognition: Off
- Privacy: Diagnostics & feedback: Tailored experiences: Off
- Privacy: Activity history: Send my activity history to Microsoft: Off
- Privacy: App permisions: Review each setting and disable accordingly
- Update & Security: Windows Security: Open Windows Security: Virus & Threat Protection: All protections on
- Update & Security: Windows Security: Open Windows Security: Firewall & Network Protection: All firewalls on
- Update & Security: Backup:
- Download WindowsSpyBlocker and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," and "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI."
- Some versions of Windows 10 now support DNS-over-HTTPS. See How Network Communication Works for more information on why protecting DNS matters. If your computer supports this feature, follow these instructions to enable it. If not, download DNSCrypt. Download the appropriate installer, install it, then launch it when done. Under "Main Menu: Configuration" ensure all boxes are checked. In the settings (the gear icon in the top right) ensure "Start SimpleDNSCrypt in tray" and "Check for updates on startup" are checked.
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into W10Privacy.
By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices perform.
By default, both Mac and Windows will create an administrator account when you sign up. After signing up, create a second non-admin account and use that as your main account. This makes it harder for programs to be installed without your knowledge and reduces the risk of malware and viruses getting installed.
Third-party antivirus software has become unnecessary. Using a good ad blocker and good online habits is generally enough to keep any generic malware off your device. Both Windows and Mac both come with built-in malware protection that I encourage you to make use of. On Windows it's called Defender. Macs come with XProtect. Viruses on Linux are relatively rare for a variety of reasons, but if you desire more protection there as well Clam AV is considered the most desirable.
Even with all the plugins, tweaks, and changes we've made to the operating system and the browser, sometimes tracking and other unnecessary files still get through. Cleaning out these files will not only protect your privacy and security, but improve your computer's performance. I recommend using BleachBit for this. This is a powerful program that securely deletes your unused files, removes errors from the registry, and fixes broken shortcuts among other things.
Just as with phones, I encourage you to have as few apps, programs, and files as possible on your computer. Sometimes this is either impossible or just not a reasonable request but, for example, you can use your browser instead of an app to access Netflix or Hulu. I also encourage you to regularly look for and get rid of files you no longer want or need, such as photos of exes or documents you downloaded once so you could print them off. This could potentially be dangerous if your device falls into the wrong hands.
Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe, which is offered by Bleachbit. Don't do disk wipes on Solid State Drives as this will shorten their lifespans.