The long-awaited update to Apple’s macOS is out now. Dubbed Big Sur, the update brings a complete overhaul in user interface. Beside the UX changes – which is the most notable change (or shock) – for long-time macOS users, the new OS version brings in plenty of changes under-the-hood. Apple – as the sole protector of our privacy as they like to claim – has taken things further with changes related to privacy.
However much Apple likes to boast how secure their Macs are and how much they care about our privacy, it’s no secret that Apple alone can’t protect our devices from malwares or privacy invasions – especially when the company itself decided to silently allow their own apps to bypass firewall rules and VPN tunnels.
While complete digital privacy might be impossible to achieve as long as you are connected to internet, multiple layers of protections can help you reach closer to it. There are many apps that help you protect digital privacy on macOS. In this guide, I am sharing some privacy apps I install immediacy after upgrading my Mac.
The first thing I like to have control over is which app can connect to internet and which can’t. A firewall helps me do that. While a firewall is built into macOS, it doesn’t help much with blocking.
Right after I upgrade/re-install macOS, I install Lulu – a free and open-source firewall by Patrick Wardle. Apart from being open-source, Lulu firewall’s strength lies in its simplicity. After installing, you set app-specific rules to allow/deny them from making a connection to internet. It might be annoying at first to see allow/deny pop-ups but once it’s done, you can forget about Lulu.
Firewall rules in Lulu can be set temporary or permanent and there’s an option to quickly allow apps developed by Apple (because we should trust Apple?). Lulu can also run silently without alerts but in this mode, it automatically allows all connections — which is not something I want to achieve. So I set rules for all apps and because Lulu allows me to import/export these rules, I don’t have to set these rules every time I re-install macOS or Lulu itself.
Once I have a firewall installed, I will start downloading and installing other apps – a web browser being the first. Yes, Apple touts Safari as a privacy-centric browser, but for me it’s just not the same when it comes to usability and cross-device compatibility. Google Chrome – although the most popular web browser is to be avoided if you care about privacy. That being said, Mozilla Firefox has been my preferred tool to browse the Web for more than a decade.
Firefox is good at balancing privacy and usability in my opinion. And I haven’t found a reason to switch to another browser so far. With the introduction of Enhanced Tracking Protection, Firefox took a big step into being a browser that puts privacy first. I also like the fact that I am in a good company of people and organisations that are vocal about the importance of digital privacy.
Firefox is one of the few Web browsers that are not based on Chromium. But if you prefer a Chromium-based browser that is privacy-friendly, you can try Brave.
Can online advertising and privacy co-exit? I don’t know. May be Google can answer that? I don’t have anything against advertisements. Online ads help publishers — big and small — to generate income which helps them fund their operations. For small publishers, bloggers, content creators etc. it’s not just a matter of profit but survival and ads help with that.
But online advertisement in its present form is a privacy nightmare. They track every more we make on the Web. They even make their way to our emails and ‘suggested’ ads are shown based on their content. Everything I search, visit, read, watch, listen, and buy online is used to serve me ads and I don’t like that. So there, I will use an ad blocker.
But then I realised even ad blockers can be creepy. They know everything what ad companies know and this information can be used to track me. So there has to be a way to protect my privacy which itself is not creepy. And I think AdGuard is one ad blocker that I trust.
Being a paid product, I have a reason to believe that their income is not based on my data. For $30 a year, AdGuard helps me block ads on three devices. For websites I want to support, I can add exceptions. While ad blockers that work as browser extensions only block ads in that browser, AdGuard can block ads system-wide. You can set app-specific rules and AdGuard seamlessly works behind the scenes.
AdGuard does a lot more than just ad blocking and offers many options to further protect online privacy. It’s that one product that I trust with ad blocking and can recommend without hesitance. I hope it continues to be that way.
Because of changes introduced in Big Sur, AdGuard has to change the way it works. This post sheds light on Big Sur and AdGuard compatibility.
Mullvad / NordVPN / ProtonVPN
I have setup the firewall, have got a privacy-friendly web browser, and setup an ad blocker. Now, I am almost ready to start browsing the Web further. But before I do that, I will install a VPN.
While there was a time when the use of Virtual Private Network was associated with corporate employees, hackers, and content pirates, VPNs have now evolved into privacy tools. A VPN helps me change my location, encrypt my traffic, and keep me from being tracked. In addition, it lets me bypass censorship and access websites that are not available in the country I am visiting. I don’t understand why some YouTube videos would be blocked in my country to begin with, but a VPN helps me enjoy these videos at peace.
Now, VPNs have the same data your local ISP would have otherwise. So it’s important to find a trustable VPN provider that wouldn’t be building a profile on me and selling it off for money. I trust Mullvad for their no-nonsense service and NordVPN for their choice of locations, speed, and price.
From time to time, I also use NordVPN and switch between the two. NordVPN’s app is fast, bandwidth is not throttled, and their two (or three) year plan is a bargain. When geo-blocked content, speed, and choice of servers is my concern, I use NordVPN. All other times, I trust Mullvad.
AdGuard also offers a VPN now and so does Firefox (in select locations). But because Apple has decided to exclude their own apps from firewalls and VPNs, a VPN like ProtonVPN is a better option until other VPN apps can come out with more information. Being a system-wide VPN app, ProtonVPN prevents Apple apps from bypassing VPN traffic thanks to its Kill Switch feature.
It’s always a good idea to encrypt your data before it leaves your device — even if your cloud provider claims to offer end-to-end encrypted storage. I use my own cloud storage built with NextCloud instead of trusting third-parties. And to make my data redundant, I also use pCloud which offers zero-knowledge end-to-end encrypted cloud storage.
Because I don’t want to rely on claims by a cloud provider, I use Cryptomator – a free and open-source app that helps me encrypt my data before being uploaded to my clouds. All data that’s synced between my devices and clouds is encrypted and can be used only if I decrypt it first with Cryptomator. If my data was stolen, it would be useless without my decryption key.
Data encrypted with Cryptomator resides in ‘vaults’ and I need to unlock these vaults before I could use the data. I can create multiple vaults — say Data, Pictures, Personal etc. — and all of them can have different passwords. These encrypted vaults can then be kept on a cloud storage, locally or on an external hard drive.
If you do not trust third-party cloud providers, you can create your own cloud storage with NextCloud and use Cryptomator to encrypt your data. If NextCloud is not your thing and you would rather use a provider like Google Drive, you can still use Cryptomator to make sure your data is always encrypted.
While Cryptomator can be used to create ‘vaults’ of data, it’s a good idea to encrypt whole disk – internal and external. macOS already has inbuilt full-disk encryption called FileVault. But to encrypt my external storage, I to use VeraCrypt.
VeraCrypt – a fork of now-defunct TrueCrypt – is a free and open-source app that allows you to encrypt whole partitions and external storage. It offers multiple encryption algorithms including AES and Twofish. Installing and using VeraCrypt is easy and it requires OSXFuse in order to work.
VeraCrypt is confirmed working on macOS Big Sur even though some users mentioned it showing error. Make sure you are downloading it from its official source because there have been attempts to spread malware through ‘signed’ fake VeraCypt apps.
Although not particularly known for being a privacy app, CleanMyMac X has a set of tools that help. Beside trash bin, temporary files, and other system junk, CleanMyMac X helps cleaning browsing browser history, cache, cookies, autofill values, logs, recently opened files, and traces of online and offline activity. There’s a file shredder feature that can help you delete your files securely without leaving a trace and making then unrecoverable.