Apple markets itself as a privacy-focused company. And compared to Google or Microsoft, it is. But let’s be clear: Apple is still collecting a lot of your data.
If you want the most private computer setup, your best option is to switch to Linux. Not everyone is ready to take that step though, and many might prefer to keep their existing computer instead.
If you want to keep your current device but make it more private, what are your options?
Windows is basically a privacy disaster. Privacy expert Michael Bazzell says in his book Extreme Privacy:
“I do not believe any modern Microsoft Windows system is capable of providing a secure or private environment for our daily computing needs. Windows is extremely vulnerable to malicious software and their telemetry of user actions is worse than Apple’s. I do not own a Windows computer and I encourage you to avoid them for any sensitive tasks”.
If you want to keep your Mac without handing over your digital life to Apple, there are ways to lock it down and make it more private.
In this article, I’ll walk you through how to set up a Mac for better privacy—from purchasing the computer to tweaking your system settings, installing tools, and blocking unwanted data flows.
We’ll be following the setup laid out by Michael Bazzell in Extreme Privacy, with some added tips from my own experience.
We also made a video tutorial that you can follow along.
You don’t need to do everything. Each chapter is modular. But if you follow the full guide, you’ll end up with a Mac that doesn’t require an Apple ID, doesn’t leak constant data, and gives you control over your digital environment.
Buying your Mac
Choose a model that still gets security updates
Apple eventually drops support for older devices. A privacy-hardened system isn’t useful if it doesn’t receive security updates.
Two helpful sites:
Pay with cash in a physical store
If you buy a Mac with a credit card, the serial number is forever linked to your identity.
Cash keeps you anonymous. You might get strange looks, but it’s completely within your rights. Be polite. Be firm. They’ll grumble. That’s fine.
Fresh install of macOS
If it’s a refurbished Mac—or even brand new—it’s worth doing a clean install.
Update macOS
- System Settings > General > Software Update
- Install updates, reboot, and reach the welcome screen.
Erase all content
- System Settings > General > Transfer or Reset > Erase All Content and Settings
- Enter your password, confirm warnings
- Your Mac will restart and erase itself
This restores factory defaults: user data and settings are gone, but the OS remains installed.
Optional: Wipe the disk completely (advanced)
If you want a truly clean install, you’ll need to manually erase the entire internal disk. Only do this if you’re comfortable in recovery mode.
Modern Macs split the system into two parts—a sealed system volume and a data volume—tied together with something called firmlinks. If you don’t erase both correctly, you can end up with phantom volumes that clog your disk and break things silently.
Steps:
- Enter Recovery Mode:
- Apple Silicon: Hold power > click “Options”
- Intel: Hold Command + R on boot
- Open Disk Utility
- Click View > Show All Devices
- Select the top-level physical disk (e.g., “Apple SSD”)
- Click Erase
- Name: Macintosh HD
- Format: APFS
- Scheme: GUID Partition Map
Warning: Skip “Show All Devices” or erase the wrong item and you could brick your Mac. Only do this if you understand what you’re doing.
Once erased, return to the recovery menu and choose Reinstall macOS.
First boot setup
macOS wants to immediately link your device to iCloud and Apple services. Stay offline as long as possible.
Setup tips:
- Region: Choose your location
- Accessibility: Skip
- Wi-Fi: Click “Other Network Options” > “My computer does not connect to the internet”
- Data & Privacy: Continue
- Migration Assistant: Skip (we’re starting fresh!)
- Apple ID: Choose “Set up later”
- Terms: Agree
- Computer Name: Use a generic name like Laptop or Computer
- Password: Strong and memorable. No hint. Write it down somewhere safe.
- Location Services: Off
- Time Zone: Set manually
- Analytics: Off
- Screen Time: Skip
- Siri: Skip
- Touch ID: Optional
- Display Mode: Your choice
Harden system settings
Wi-fi & bluetooth
- System Settings > Wi-Fi: Turn off
- Disable “Ask to join networks” and “Ask to join hotspots”
- System Settings > Bluetooth: Turn off
Firewall (built-In)
- System Settings > Network > Firewall: Turn on
- Disable “Automatically allow built-in software…”
- Disable “Automatically allow downloaded signed software…”
- Enable Stealth Mode
- Remove any pre-approved entries
Notifications
- System Settings > Notifications
- Show Previews: Never
- Turn off for Lock Screen, Sleep, and Mirroring
- Manually disable for each app
Sound settings
- System Settings > Sound
- Alert Volume: Minimum
- Disable sound effects and interface feedback
AirDrop & sharing
- System Settings > General > AirDrop & Handoff: Turn everything off
- System Settings > General > Sharing: Disable all toggles
Siri & Apple Intelligence
- System Settings > Siri & Dictation: Disable all
- Disable Apple Intelligence and per-app Siri access
Switch time server
Your Mac pings Apple to sync the time—leaking your IP every time it does.
Switch to a decentralized time server instead.
How:
- System Settings > General > Date & Time
- Click “Set…” > Enter password
- Enter:
pool.ntp.org - Click Done
Spotlight & gatekeeper
Spotlight
- System Settings > Spotlight: Turn off “Help Apple improve search”
Gatekeeper
Gatekeeper prevents you from opening non-Apple-approved apps and sends app data to Apple.
If you’re a confident user, disable it:
- Terminal:
sudo spctl --master-disable - System Settings > Privacy & Security: Allow apps from anywhere
FileVault & lockdown mode
FileVault
Encrypt your entire disk:
- System Settings > Privacy & Security > FileVault: Turn on
- Choose “Create a recovery key and do not use iCloud”
- Write down your recovery key. Store it OFF your computer.
Lockdown mode (Optional)
Restricts features like USB accessories, AirDrop, and others. Useful for high-risk users.
Customize appearance & finder
Desktop & dock
- Disable “Show Suggested and Recent Apps”
- Disable “Recent apps in Stage Manager”
Wallpaper
Use a solid color instead of version-specific defaults to reduce your system’s fingerprint.
Lock screen
- Screensaver: Never
- Require password: Immediately
- Sleep timer: Your preference (e.g. 1 hour)
Finder preferences
- Show all file extensions
- Hide Recents and Tags
- Set default folder to Documents
- View hidden files:
Shift + Command + .
Block outbound connections
macOS and many apps connect to servers without asking. You’ll want to monitor and block them.
Use Little Snitch (or LuLu)
- Download from: obdev.at/products/littlesnitch
- Optionally install via USB to stay offline
- We have a full setup tutorial on YouTube
- Michael Bazzell provides a preset configuration in his book
Browser
Install a privacy-respecting browser like Brave or Mullvad.
Compare options at privacytests.org
VPN
Use trusted providers like Mullvad or ProtonVPN.
Be careful which VPN you download — they’re often scamware and data collection tools.
Watch this video for more
Optional: Use Homebrew
Instead of the App Store, install software via Homebrew.
We’ll cover this more in a future guide.
Final takeaways
If you followed this guide, you now have:
- A Mac with no Apple ID
- No iCloud tether
- Full disk encryption (FileVault)
- A silent firewall
- Blocked outbound connections
- A private browser and VPN setup
You’ve taken serious steps to reclaim your digital autonomy. Well done.
In an upcoming guide, we’ll explore how to take the next step: switching to Linux.
Thanks again to Michael Bazzell for his work.
Find his book Extreme Privacy at: inteltechniques.com/book7.html
Yours in privacy,
Naomi
