diese Website in deutscher Sprache - this website in Dutch

Work privately with your Mac

Apple says it takes privacy very seriously and advertises it as well. You have a number of options for keeping the contents of your Mac to yourself. This against passers-by as well as hackers. First to nosey people:

Turn off automatic login
If you don't, anyone can work with your Mac, just like that.



Take a break from your place without any worries
Under the Apple Menu you will find 'Lock screen'. You cannot enter your Mac without the account password.



Take a break from your place without worries 2
If necessary, you may have to forget to lock your Mac. Then you could have done this better in advance:
Go to System Preferences => Security & Privacy. Enter your password:



You will find this option under General:
Check 'Prompt for password IMMEDIATELY after sleep or screen saver starts' **.



** Note: Settings for Sleep Mode and Screen Saver can be found resp. in System Preferences Energy Saver and Desktop & Screen Saver, as covered in chapter Preferences. Do not choose too much time before entering Sleep Mode!


Double security: two-factor authorization
Apple offers you the option to add an extra layer of security to your Apple ID. This is called two factor authrorization.
For important changes you have to enter an extra confirmation. You will receive a notification on your iPhone with a code. You then have to enter that code on your Mac.

For example, log in again with your Apple ID:




And then you still have to enter your Mac password:



You have now had a check twice via two different channels. Hence "two-factor". You have just logged in again:




Enable two-factor authorization
Go to System Preferences => Apple ID => Password & Security:



Check Two-factor authorization and enter the phone number of your iPhone.

NOTE: If desired, you can also use the Recovery key as an extra spare.



Privacy with backup: protect your Time Machine backup
To prevent the data from being read just like that, you have the option to encrypt the backup. No one can access it without the correct account name and password.



More about backing up with Time Machine in chapter Backing up.


Privacy in Spotlight
In System Preferences => Spotlight => Privacy you can choose to exclude folders for Spotlight to search in:




Privacy in Safari: quickly clear your browsing history
In Safari, go to the History menu and choose Clear History. This option will delete your entire surfing history in an instant ... Useful if your mother / wife / guy suddenly comes home. ;-)

Privacy in Safari: Surf without a trace
In Safari, instead of 'New window', choose a 'New private window' and the program will not keep any traces of your internet session.

Privacy in Safari: tracking or tracking
Lots of websites have plugins that approach sites differently and tell them who came by. This way, a trace can be formed of websites that you like to visit. You will then be shown advertisements that match your web behavior and your search results will also be affected. They make a 'profile' of you.
Companies such as Google and Facebook find this particularly interesting. In fact, they live from it!
You can uncheck this in Safari Preferences:



Go to Privacy and choose 'Prevent cross-site tracking'.



Safari will now stop trackers. Just click on the shield at the top of Safari - and shudder - how many there may be:



Even if you open a blank new window, you will see a report for the past week:



Privacy in Safari: Cookies
For several years now you may have come across a so-called cookie notification on many websites:



You are told that the website wants to place a so-called Cookie, a small file on your computer. The reason is that you can then be recognized when you come by again. This can be useful for the website as well as for you. This way, the website knows whether visitors are coming back, yes or no, and you always have the same settings in front of you.

Why then those warnings for Cookies?
European Union rules require a warning before Cookies may be placed. Because thanks to these cookies, websites know more and more about your surfing behavior. And that is an invasion of your privacy.

NOTE: Macmiep.nl does not place cookies on your Mac itself, the Google search engine does. MacMiep hates these reports and refuses to show one on her own website.

How do I see what Cookies my Mac has received?
In Safari, go to the Preferences menu and look at Privacy.



Here you can block all cookies.
You can also see which websites have filled your cookie tin:



You can also delete cookies here.



Privacy in Safari: Location Services
A website can find out where you are (approximately) by means of your WiFi location or GPS info. This can be useful if you want to know where the nearest Appie Happie can be found.
Don't you want this? Go to System Preferenceeuren => Security and Privacy. To the left of the list is Location Services. On the right you can see per app who has permission to know your place on earth.
Uncheck Safari.

Note: If desired, turn off all location services, but apps like 'Maps' will stop working properly. And no more Find My Mac!




Privacy in Safari: Using a search engine that doesn't track me
In Safari preferences, switch to DuckDuckGo if you don't want Google to track you and create a profile of you based on your search history.

Google Chrome
Following internet users will automatically bring you to the 'free' browser Google Chrome. In itself a great browser, nice and fast too. However, the browser is not for free!
They want something in return: all actions you take are stored and analyzed by Google. The goal is to create a profile of you so they can better serve their advertisers - and earn more money.

Facebook
If you are a member of Facebook, you have lost your privacy anyway. You and your behavior online are their business model. Many websites already have a Facebook button. With this you can share their article on Facebook, but this is how Facebook follows you too. This is also possible if you are not a member! Anti-tracking software such as in Safari is also effective against this.



Anonymous internet
Imagine you are traveling to China, Iran or another country that has internet censorship. Then you can use the 'anonymous' network Tor. With Tor it is not possible to trace where you are or where you send data. But keep in mind that many exit nodes are likely to be in the hands of various secret services.
Tor is also available for the Mac: Tor project https://www.torproject.org.
So TOR is not a child pornography network, as some politicians would like us to believe!

You can also work with a virtual private network: VPN
In countries like Iran, people often work with VPN. Your computer establishes a connection with a VPN server, from which you can continue surfing. Your own IP address thus remains hidden from the outside world. After all, your computer will have the address of that VPN server. VPN is often a paid service. The internet browser Opera offers a free VPN server.


Privacy at customs
Note: if you are going to the United States, for example, realize that customs may view and copy all data on your Mac or iPhone / iPad there. You may be able to counteract this with the tips below.



Encrypt your data
In case of theft of your Mac's hard drive, the files on it are readable. This is regardless of whether your login name and password are known to the thief. In addition to disconnecting the disk, it is also possible to connect a Mac in so-called 'target mode' to another Mac in order to approach the hard disk as an external hard disk. In addition, a hacker with physical access to your Mac by means of scrips on a USB stick may also enter your Mac.


Filevault You therefore have the option to encrypt all your data with FileVault. This can be found at System Preferences => Security & Privacy => Filevault.



You will be asked if you can unlock the FileVault using your iCloud account:



Note: For Macs with multiple users on board: All users must agree to set up FileVault. Their password will be asked before FileVault can be set!

WARNING
Look before you leap
If you have lost your master password, you have also lost your data! So only use FileVault when you think it is strictly necessary.
For mere mortals, stay away from FileVault!



Secure sensitive data using a secure disk image.
You can create a virtual disk, a so-called disk image or .dmg: Disk Image. Here you can safely store sensitive information.

Make a secure USB stick (free tip for law enforcement and defense)
You can then also put this disk image on a USB stick or something. This way you have an excellently secured stick in your hands. The security works according to the AES encryption.

You can create a virtual disk with the Disk Utility program. You can find it in the Utilities folder, or via Spotlight:



Create a secure disk image
Open Disk Utility:



and under the menu choose File => New Disk Image => Empty Disk Image :.



Enter name and size and choose AES-128 or AES-256 for encryption:



Choose Create and enter a password:



Important: uncheck Keep password in Keychain access!



And your virtual disk appears as .dmg:



Double-click to open the drive and drag and drop the files you want to keep safe:





Secure USB stick
You can also put the .dmg file on a USB stick. From now on you need a password to extract this .dmg. With the correct password .dmg will open to a virtual disk.



Extra tough security for your Mac
There is a way to lock your entire Mac from outsiders. This goes further than logging into the MacOS system. It is the Firmware Password. This makes it impossible to have the Mac boot from an external drive. In fact, no one can do anything with your Mac without a password.
You must enter this password before MacOS itself is started. It is in a chip on the motherboard of your Mac. So in the hardware.
If you've lost it: too bad.

Note: One caveat here is that your Mac can no longer be found with Find My Mac in case it is stolen. But a thief cannot do anything with it too.

Set firmware password
Boot from the Recovery partition *.
From the Utilities menu, choose => Startup Security Utility.
Then enable the Firmware Password.
* Explanation about this in the chapter Problems.



Without a password, the Mac does nothing at all.



Note: You can also turn off Firmware password protection by following the same route.



Safely erase a hard drive
Contrary to popular belief, erasing a hard drive does not mean that all data is really gone. Usually only the index part of this data is destroyed.
The data itself remains!
'Disk Utility' therefore offers the possibility to overwrite your hard disk several times and thus make all original data unreadable.





Under Structure you select the file system that the disk should get.

NOTE: Always choose APFS for SSD drives.



Now you choose which Security option you take. The safest is the best, but takes a long time:



Note: If you want to sell your Mac, boot from Recovery before you can erase the startup disk (which contains Mac OS). You start up with Command-R. More about this in chapter Help!

Erase SSD drives
Be careful with an SSD drive. All blocks on the disk will be written with data. An SSD drive becomes slower when there are more blocks of data. The Mac can thus become noticeably slower. However, give it a night, then MacOS will 'trim' the drive itself (erase empty blocks so that the drive regains its speed).


Apple about the privacy of her apps


The next chapter is:
malware for the Mac






Disclaimer: MacMiep is independent. This means she writes what she wants, based on 30 years of Mac-experience. She doesn't get paid for stories (positive or negative) on this website. MacMiep is not interested in your data. However, she does use Google's services. Google is indeed interested. Are you happy with MacMiep? Please support your local cat shelter.