Apple markets itself as a privacy-focused company. And compared to Google or Microsoft, it is. But let’s be clear: Apple is still collecting a lot of your data.
If you want the most private computer setup, your best option is to switch to Linux. Not everyone is ready to take that step though, and many might prefer to keep their existing computer instead.
If you want to keep your current device but make it more private, what are your options?
Windows is basically a privacy disaster. Privacy expert Michael Bazzell says in his book Extreme Privacy:
“I do not believe any modern Microsoft Windows system is capable of providing a secure or private environment for our daily computing needs. Windows is extremely vulnerable to malicious software and their telemetry of user actions is worse than Apple’s. I do not own a Windows computer and I encourage you to avoid them for any sensitive tasks”.
If you want to keep your Mac without handing over your digital life to Apple, there are ways to lock it down and make it more private.
In this article, I’ll walk you through how to set up a Mac for better privacy—from purchasing the computer to tweaking your system settings, installing tools, and blocking unwanted data flows.
We’ll be following the setup laid out by Michael Bazzell in Extreme Privacy, with some added tips from my own experience.
We also made a video tutorial that you can follow along.
You don’t need to do everything. Each chapter is modular. But if you follow the full guide, you’ll end up with a Mac that doesn’t require an Apple ID, doesn’t leak constant data, and gives you control over your digital environment.
Two helpful sites:
If you buy a Mac with a credit card, the serial number is forever linked to your identity.
Cash keeps you anonymous. You might get strange looks, but it’s completely within your rights. Be polite. Be firm. They’ll grumble. That’s fine.
Fresh install of macOS
If it’s a refurbished Mac—or even brand new—it’s worth doing a clean install.
- System Settings > General > Software Update
- Install updates, reboot, and reach the welcome screen.
- System Settings > General > Transfer or Reset > Erase All Content and Settings
- Enter your password, confirm warnings
- Your Mac will restart and erase itself
This restores factory defaults: user data and settings are gone, but the OS remains installed.
If you want a truly clean install, you’ll need to manually erase the entire internal disk. Only do this if you’re comfortable in recovery mode.
Modern Macs split the system into two parts—a sealed system volume and a data volume—tied together with something called firmlinks. If you don’t erase both correctly, you can end up with phantom volumes that clog your disk and break things silently.
Steps:
- Enter Recovery Mode:
- Apple Silicon: Hold power > click “Options”
- Intel: Hold Command + R on boot
- Open Disk Utility
- Click View > Show All Devices
- Select the top-level physical disk (e.g., “Apple SSD”)
- Click Erase
- Name: Macintosh HD
- Format: APFS
- Scheme: GUID Partition Map
Warning: Skip “Show All Devices” or erase the wrong item and you could brick your Mac. Only do this if you understand what you’re doing.
Once erased, return to the recovery menu and choose Reinstall macOS.
macOS wants to immediately link your device to iCloud and Apple services. Stay offline as long as possible.
Setup tips:
- Region: Choose your location
- Accessibility: Skip
- Wi-Fi: Click “Other Network Options” > “My computer does not connect to the internet”
- Data & Privacy: Continue
- Migration Assistant: Skip (we’re starting fresh!)
- Apple ID: Choose “Set up later”
- Terms: Agree
- Computer Name: Use a generic name like Laptop or Computer
- Password: Strong and memorable. No hint. Write it down somewhere safe.
- Location Services: Off
- Time Zone: Set manually
- Analytics: Off
- Screen Time: Skip
- Siri: Skip
- Touch ID: Optional
- Display Mode: Your choice
Harden system settings
- System Settings > Wi-Fi: Turn off
- Disable “Ask to join networks” and “Ask to join hotspots”
- System Settings > Bluetooth: Turn off
- System Settings > Network > Firewall: Turn on
- Disable “Automatically allow built-in software…”
- Disable “Automatically allow downloaded signed software…”
- Enable Stealth Mode
- Remove any pre-approved entries
- System Settings > Notifications
- Show Previews: Never
- Turn off for Lock Screen, Sleep, and Mirroring
- Manually disable for each app
- System Settings > Sound
- Alert Volume: Minimum
- Disable sound effects and interface feedback
- System Settings > General > AirDrop & Handoff: Turn everything off
- System Settings > General > Sharing: Disable all toggles
- System Settings > Siri & Dictation: Disable all
- Disable Apple Intelligence and per-app Siri access
Your Mac pings Apple to sync the time—leaking your IP every time it does.
Switch to a decentralized time server instead.
How:
- System Settings > General > Date & Time
- Click “Set…” > Enter password
- Enter:
pool.ntp.org
- Click Done
- System Settings > Spotlight: Turn off “Help Apple improve search”
Gatekeeper prevents you from opening non-Apple-approved apps and sends app data to Apple.
If you’re a confident user, disable it:
- Terminal:
sudo spctl --master-disable
- System Settings > Privacy & Security: Allow apps from anywhere
FileVault & lockdown mode
Encrypt your entire disk:
- System Settings > Privacy & Security > FileVault: Turn on
- Choose “Create a recovery key and do not use iCloud”
- Write down your recovery key. Store it OFF your computer.
Restricts features like USB accessories, AirDrop, and others. Useful for high-risk users.
Customize appearance & finder
- Disable “Show Suggested and Recent Apps”
- Disable “Recent apps in Stage Manager”
Use a solid color instead of version-specific defaults to reduce your system’s fingerprint.
- Screensaver: Never
- Require password: Immediately
- Sleep timer: Your preference (e.g. 1 hour)
- Show all file extensions
- Hide Recents and Tags
- Set default folder to Documents
- View hidden files:
Shift + Command + .
Block outbound connections
macOS and many apps connect to servers without asking. You’ll want to monitor and block them.
Install a privacy-respecting browser like Brave or Mullvad.
Compare options at privacytests.org
Use trusted providers like Mullvad or ProtonVPN.
Be careful which VPN you download — they’re often scamware and data collection tools.
Watch this video for more
Instead of the App Store, install software via Homebrew.
We’ll cover this more in a future guide.
Final takeaways
If you followed this guide, you now have:
- A Mac with no Apple ID
- No iCloud tether
- Full disk encryption (FileVault)
- A silent firewall
- Blocked outbound connections
- A private browser and VPN setup
You’ve taken serious steps to reclaim your digital autonomy. Well done.
In an upcoming guide, we’ll explore how to take the next step: switching to Linux.
Thanks again to Michael Bazzell for his work.
Find his book Extreme Privacy at: inteltechniques.com/book7.html
Yours in privacy,
Naomi
Naomi Brockwell is a privacy advocacy and professional speaker, MC, interviewer, producer, podcaster, specialising in blockchain, cryptocurrency and economics. She runs the
NBTV channel on Youtube.
