Setting up a new computer is hard enough, but if you're privacy minded, things are even more complicated. This is especially the case with a Mac, which keeps all kinds of stuff behind the scenes. Whether you're setting up a new system or installing a new version of OS X, now's a good time to check your privacy settings.
We all need to protect our private data. But when you're working with sensitive files, pictures, and your passwords, you want to ensure other people can't easily get to it. Beyond that, with a Mac, even simple things like your text messages can pop up in someone else's face if you're not careful. For some of us, this can feel like a huge privacy issue, but thankfully OS X has tons of settings you can tweak to lock down your data, search results, and more.
Audit OS X's System Settings
By default, OS X is all about ease of use. This is great, except that it means your private data is generally in the open, sitting around for anyone (or any app) to find. Much of the default behaviour in OS X is meant to make things easier for you, but it also means that if someone sits down at your computer they can accidentally come across a ton of stuff you might not want them to. Here are a few general settings worth tweaking:
- Tweak your privacy system preferences: OS X has a built-in privacy tool that's worth customising.. Head to System Preferences > Security & Privacy and select the Privacy tab. Here, you can set which applications have access to your location data, iCloud data, and what can access deep system stuff (this is listed under Accessibility, but mostly includes apps like application launchers and text expansion programs). You can disable app access in bulk here or on an application-by-application basis.
- Turn on FireVault: OS X comes with built-in encryption software called FireVault. When you turn it on, you'll need a login password or recovery key to see any data on your computer. Head to System Preferences > Security & Privacy and select the FireVault tab. Turn it on and it will encrypt your whole drive. This password protects everything, which makes it a lot harder for prying eyes to access your data without your password. It also means you need your password at all time, so don't lose it!
- Don't use Keychain: Keychain is Apple's built-in password system. You have to use it for your login, but don't use it for your browser data. With just your login password, someone can access all your other passwords, network drives, encrypted files, app passwords, and more stored on your computer. Instead, use a password manager like LastPass or 1Password that requires a master password (beyond your login password) to use.
- Manage your iCloud settings: iCloud is one of the big selling points with OS X is its integration with iOS. iCloud syncs all your photos, files, and everything else across your devices. If you're on a shared computer, you might want to disable iCloud entirely. Just hop into System Preferences > iCloud and click the "Sign Out" button. It will stop syncing everything (which isn't as convenient), but at least your data won't be so easily accessible. That said, if you still really want to use iCloud, at least make sure you have two-factor authentication turned on.
- Disable iMessage and Facetime: "Continuity" is a big selling point for Apple. From your Mac, you can send and receive calls and texts that are synced with your iPhone. One potential problem comes when someone else is using your computer (or peeking over your shoulder) and you receive a text message you don't want them to see. On top of seeing the notification with the message, they can also access entire conversations in Messages. If this is unsettling to you, you'll want to disable Messages. Open up Messages, select Message > Preferences and sign out of your Apple ID. You can do the same with Facetime for phone calls.
- Disable Spotlight Web Search: In order for Spotlight to work, it needs to send your search data to Google, Apple, and Bing (whichever you're using at the time.) That's ok, but any time you search for something using Spotlight, Apple collects that data, too.. While Apple claims this is anonymized, it still feels a bit creepy.. To turn it off, head to System Preferences > Spotlight > Search Results and uncheck the boxes for Spotlight Suggestions and Bing Web Searches. If you still want the power of Spotlight without the creepiness, we recommend Alfred.
- Hide files from Spotlight: Speaking of Spotlight, you'll also want to customise where it can search for files. If someone is sitting at your computer, they can tap Command+Space to search for any file on your computer (and search inside files as well). This is awesome when you're looking for something yourself, but also makes it pretty easy for anyone snooping on you. Luckily, you can customise how this works. Head to System Preferences > Spotlight. Here, you can uncheck any boxes for search results you don't want Spotlight to show. Spotlight will still index those files, but they won't show in search results. You can also click the Privacy tab and add any folders that you don't want Spotlight to index. This way, they won't show up in search results at all.
Once all of those settings are tweaked, OS X is pretty locked down. You'll lose some of the functionality that makes OS X convenient, but at least you won't just be handing private data over to anyone (or any app) who sits down at your computer.
Protect Your Apps and Your Data
OS X doesn't protect your data from apps you download, so you'll need to do that yourself. Apple does try to make sure you don't install anything without thinking about it, and has tools to restrict you from installing unsigned apps -- but once they're installed, OS X assumes you know what you're doing. Caring about your privacy online is a big step to making sure you do, but you can do a few other things as well.
- Download privacy-protecting browser extensions: You likely spend a lot of time online, so it's worth locking down your browsing habits. Install browser extensions like AdBlock Plus, Disconnect, and other privacy-protecting extensions to keep your data safe.
- Use a VPN: Virtual private networks (VPNs) are helpful for protecting your privacy. Setting up a VPN ensures your browsing traffic is encrypted, which is especially important if you're on a MacBook and working from coffee shops or other places with unsecured Wi-Fi networks.
- Only allow approved apps: The internet's filled with billions of apps and some of them might come packed with malware, spyware, or other malicious code. Macs are no different. Apple does give the option to only install trustworthy apps that have been submitted, reviewed, and added to the Mac App Store, but if you turn that off you need to be especially careful. To enable this feature, head to System Preferences > Security & Privacy and select the General tab. You'll see an option for "Allow apps downloaded from." Check the box next to Mac App Store. This means only approved and signed apps can be installed. If you fancy yourself a bit more savvy than that, you can go with the "Mac App Store and identified developers" option as well.
Of course, that's just the least you can do. Certain privacy-focused web browsers are also useful because Incognito mode isn't really the best for privacy. You can also stray away from Google and change your default search engine to something like DuckDuckGo to help keep your browsing a little more private. Installing an anti-virus app is also a good idea. Though we're all told Macs don't have virus problems, you're still at risk of cross-platform browser and web-based exploits (in Flash and Java, for example), and you don't want to inadvertently spread Windows malware through shared files or attachments, so it's better to be safe.
Lock Down Physical Access to Your Computer
Locking down the data on your computer is only half the battle. Apple's most popular computers are laptops, and that means it's crucial to lock down physical access to your computer as well.
- Enable your lock screen: Head into System Preferences > Security & Privacy and select the General tab. Check the boxes next to "Require password" and "Disable automatic login" to make sure that a password is required to access your computer.
Hide user accounts: By default, when you get to the lock screen, you'll see options for different user accounts on the system. Someone can theoretically sit there and guess your password over and over if they want. If you want another layer of security, you can hide that so you have to enter in both a username and password to login. Once you enable this, you'll have to login with both every time. From the Terminal, type in:
sudo dscl . create /Users/hiddenuser IsHidden 1
- Make a guest user account: When you do need to hand over your computer for a friend to use, it's best to create a guest account so they don't accidentally go snooping through your stuff. Head to System Preferences > Users & Groups and click on the Guest User option. Check the box next to "Allow guests to log in to this computer." If you've enabled FireVault, guests can only access Safari, which is likely all they really need.
- Secure your Wi-Fi: Finally, you'll also want to make sure your home Wi-Fi is secure so neighbours and passersby can't snoop in on your data. Keeping your Wi-Fi secure is easy and once you're set up you don't really need to think about it again.
With all that, your computer should be both secure and most of your data private. Of course, there's no such thing as perfect security, but at the very least you're making your data harder for people to access. Or, in the case of OS X, you're making it so some random passerby or untrustworthy app doesn't just accidentally eavesdrop on you.