Privacy: Securing Computers
Just like cell phones, desktop operating systems like Windows and Mac track their users to an excessive degree. Windows 10 is by far the worst offender, however Mac also has their share of telemetry.
In a perfect world, the best option is Linux. Linux is an open-source operating system with dozens of variants, each offering their own unique set of features and target audience. Most linux distributions are considerably more private compared to Windows and Mac, though some place additional emphasis on privacy or security. I recommend Pop! OS for most users. It is based on Debian, so it can more easily support most programs that users of mainstream softwares have come to rely on, and it has a very user-friendly interface that most users will easily adjust to. At very least, I recommend it as a starting point to get used to Linux and explore the world of alternative operating systems. Another distribution worth noting is Fedora. I believe Fedora is less user friendly than Debian because many popular services - such as Discord, Spotify, and even Signal - offer native support for Debian-based operating systems but not for Fedora. However, Fedora does prefer Flatpaks over Snaps (which are workarounds for the lack of support), which are considered to offer better security. Fedora also runs on a rolling release schedule, meaning that the latest features are constantly being added and updated. In other words: Debian-based operating systems are more likely to "just work" for a long period of time, while Fedora-based systems will cater more to those who want the "latest and greatest" features. Either way, please note that Linux is significantly better for privacy, but is not necessarily a huge improvement in security and in some cases can actually be worse. However, as with web browsers, I believe that this tradeoff is insignificant for most users, provided that you use good online habits and are reasonably cautious.
Not everybody has the luxury of switching to Linux for any number of reasons, such as needing a a specialized program that only runs on Mac/Windows or being in possession of a device that is technically not yours and therefore you can't make such changes to. For those situations, I have listed a set of recommend settings for both Mac and Windows that I encourage you to change (if you can) to make your device a little more private and secure. You can see my criteria for this page and why I recommended these settings here.
Mac OS 11.4: Big Sur
- General: Default web browser: Brave/Firefox
- Siri: Enable Ask Siri: Off
- Touch ID: Don’t use
- Security & Privacy: General: Require password immediately after sleep or screen saver begins
- Security & Privacy: General: Disable automatic login
- Security & Privacy: General: Allow apps downloaded from: App Store and identified developers
- Security & Privacy: FileVault: Turn On FileVault
- Security & Privacy: Firewall: Turn On Firewall
- Security & Privacy: Privacy: Evaluate app settings
- Software Update: Automatically keep my Mac up to date
- Bluetooth: Turn Bluetooth Off
- Keyboard: Dictation: Off
- Sharing: Off
- Time Machine: Back Up Automatically
- Time Machine: Select Backup Disk
- Avoid setting up the machine with an Apple ID if possible
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into Little Snitch or LuLu. These are firewalls to help further control the traffic leaving your device and reduce data collection by Apple and others..
- If you don't plan to use a VPN, then I encourage you to use an Encrypted DNS Resolver (instructions on how to set that up here).
Windows 10: Version 21H1
- System: Notifications & actions: Show notifications on the lock screen: Off
- System: Shared experiences: Share across devices: Off
- Devices: Typing: Everything off
- Devices: AutoPlay: Off
- Phone: Do not link
- Network & Internet: Wi-Fi: Use random hardware addresses: On
- Apps: Apps & features: Uninstall anything you don't use
- Apps: Apps & features: Default apps: Email: Thunderbird; Music player: VLC; Photo viewer: ImageGlass; Video player: VLC; Web browser: Brave/Firefox
- Accounts: Sign-in options: Require sign-in: When PC wakes up from sleep
- Accounts: Sign-in options: Password: Use a passphrase
- Accounts: Sign-in options: Privacy: Show account details on sign-in screen: Off
- Privacy: General: All off
- Privacy: Speech: Online speech recognition: Off
- Privacy: Inking & typing presonaliziatoin: Getting to know you: Off
- Privacy: Diagnostics & feedback: Diagnostic data: Required diagnostic data
- Privacy: Diagnostics & feedback: Improve inking & typing recognition: Off
- Privacy: Diagnostics & feedback: Tailored experiences: Off
- Privacy: Activity history: Send my activity history to Microsoft: Off
- Privacy: App permisions: Review each setting and disable accordingly
- Update & Security: Windows Security: Open Windows Security: Virus & Threat Protection: All protections on
- Update & Security: Windows Security: Open Windows Security: Firewall & Network Protection: All firewalls on
- Update & Security: Backup:
- Download WindowsSpyBlocker and run it. Select option 1 "Telemetry," then option 1 "Firewall," and finally options 1 and 2, "Add extra rules," and "Add spy rules." After that's done, type "back" to go back to the previous menu, then select option 2 "NCSI," then select either option 2 or option 3, "Apply Debian NCSI" or "Apply Firefox NCSI."
- If you don't plan to use a VPN, then I encourage you to use an Encrypted DNS Resolver (instructions on how to set that up here)
- If you don't plan to use a VPN, then I encourage you to use an Encrypted DNS Resolver. Follow these instructions to change your DNS. Select "Encrypted preferred, unencrypted allowed" if the option is available. If the option is not available, the rest of the steps should still apply.
- Advanced users who want more granular control and feel comfortable making extreme changes may want to look into W10Privacy and Bulk Crap Uninstaller to remove additional, pre-installed bloatware and Portmaster or Simplewall for additional firewall controls to block outoing connections and further reduce data collection by Microsoft and other third parties.
By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices perform.
Best Practices
By default, both Mac and Windows will create an administrator account when you sign up. After signing up, create a second non-admin account and use that as your main account. This makes it harder for programs to be installed without your knowledge and reduces the risk of malware and viruses getting installed.
Third-party antivirus software has become unnecessary. Using a good ad blocker and good online habits is generally enough to keep any generic malware off your device. Both Windows and Mac both come with built-in malware protection that I encourage you to make use of. On Windows it's called Defender (aka windows defender. Macs come with XProtect. Viruses on Linux are relatively rare for a variety of reasons, but if you desire more protection there as well Clam AV is considered the most desirable.
Even with all the plugins, tweaks, and changes we've made to the operating system and the browser, sometimes tracking and other unnecessary files still get through. Cleaning out these files will not only protect your privacy and security, but improve your computer's performance. I recommend using BleachBit for this. This is a powerful program that securely deletes your unused files, removes errors from the registry, and fixes broken shortcuts among other things.
Just as with phones, I encourage you to have as few apps, programs, and files as possible on your computer. Sometimes this is either impossible or just not a reasonable request but, for example, you can use your browser instead of an app to access Netflix or Hulu. I also encourage you to regularly look for and get rid of files you no longer want or need, such as photos of exes or documents you downloaded once so you could print them off. This could potentially be dangerous if your device falls into the wrong hands.
Keep in mind that forensic software can still often recover "deleted" items so if you have anything you want gone for good, be sure to perform a disk wipe, which is offered by Bleachbit. Don't do disk wipes on Solid State Drives as this will shorten their lifespans.