Lock Down Your Mac
Apple markets itself as a privacy-focused company. And compared to Google or Microsoft, it is. But let’s be clear: Apple is still collecting a lot of your data.
If you want the most private computer setup, your best option is to switch to Linux. Not everyone is ready to take that step though, and many might prefer to keep their existing computer instead.
If you want to keep your current device but make it more private, what are your options?
Windows is basically a privacy disaster. Privacy expert Michael Bazzell says in his book Extreme Privacy:
“I do not believe any modern Microsoft Windows system is capable of providing a secure or private environment for our daily computing needs. Windows is extremely vulnerable to malicious software and their telemetry of user actions is worse than Apple's. I do not own a Windows computer and I encourage you to avoid them for any sensitive tasks.”
If you want to keep your Mac without handing over your digital life to Apple, there are ways to lock it down and make it more private.
In this article, I’ll walk you through how to set up a Mac for better privacy—from purchasing the computer to tweaking your system settings, installing tools, and blocking unwanted data flows.
We’ll be following the setup laid out by Michael Bazzell in Extreme Privacy, with some added tips from my own experience.
We also made a video tutorial that you can follow along:
You don’t need to do everything. Each chapter is modular. But if you follow the full guide, you’ll end up with a Mac that doesn’t require an Apple ID, doesn’t leak constant data, and gives you control over your digital environment.
Buying Your Mac
Choose a Model That Still Gets Security Updates
Apple eventually drops support for older devices. A privacy-hardened system isn’t useful if it doesn’t receive security updates.
Two helpful sites:
Pay with Cash in a Physical Store
If you buy a Mac with a credit card, the serial number is forever linked to your identity.
Cash keeps you anonymous. You might get strange looks, but it’s completely within your rights. Be polite. Be firm. They’ll grumble. That’s fine.
Fresh Install of macOS
If it’s a refurbished Mac—or even brand new—it’s worth doing a clean install.
Update macOS
System Settings > General > Software Update
Install updates, reboot, and reach the welcome screen.
Erase All Content
System Settings > General > Transfer or Reset > Erase All Content and Settings
Enter your password, confirm warnings
Your Mac will restart and erase itself
This restores factory defaults: user data and settings are gone, but the OS remains installed.
Optional: Wipe the Disk Completely (Advanced)
If you want a truly clean install, you’ll need to manually erase the entire internal disk. Only do this if you're comfortable in recovery mode.
Modern Macs split the system into two parts—a sealed system volume and a data volume—tied together with something called firmlinks. If you don’t erase both correctly, you can end up with phantom volumes that clog your disk and break things silently.
Steps:
Enter Recovery Mode:
Apple Silicon: Hold power > click “Options”
Intel: Hold Command + R on boot
Open Disk Utility
Click View > Show All Devices
Select the top-level physical disk (e.g., “Apple SSD”)
Click Erase
Name: Macintosh HD
Format: APFS
Scheme: GUID Partition Map
⚠️ Warning: Skip “Show All Devices” or erase the wrong item and you could brick your Mac. Only do this if you understand what you’re doing.
Once erased, return to the recovery menu and choose Reinstall macOS.
First Boot Setup
macOS wants to immediately link your device to iCloud and Apple services. Stay offline as long as possible.
Setup tips:
Region: Choose your location
Accessibility: Skip
Wi-Fi: Click “Other Network Options” > “My computer does not connect to the internet”
Data & Privacy: Continue
Migration Assistant: Skip (we’re starting fresh!)
Apple ID: Choose “Set up later”
Terms: Agree
Computer Name: Use a generic name like Laptop or Computer
Password: Strong and memorable. No hint. Write it down somewhere safe.
Location Services: Off
Time Zone: Set manually
Analytics: Off
Screen Time: Skip
Siri: Skip
Touch ID: Optional
Display Mode: Your choice
Harden System Settings
Wi-Fi & Bluetooth
System Settings > Wi-Fi: Turn off
Disable “Ask to join networks” and “Ask to join hotspots”
System Settings > Bluetooth: Turn off
Firewall (Built-In)
System Settings > Network > Firewall: Turn on
Disable “Automatically allow built-in software…”
Disable “Automatically allow downloaded signed software…”
Enable Stealth Mode
Remove any pre-approved entries
Notifications
System Settings > Notifications
Show Previews: Never
Turn off for Lock Screen, Sleep, and Mirroring
Manually disable for each app
Sound Settings
System Settings > Sound
Alert Volume: Minimum
Disable sound effects and interface feedback
AirDrop & Sharing
System Settings > General > AirDrop & Handoff: Turn everything off
System Settings > General > Sharing: Disable all toggles
Siri & Apple Intelligence
System Settings > Siri & Dictation: Disable all
Disable Apple Intelligence and per-app Siri access
Switch Time Server
Your Mac pings Apple to sync the time—leaking your IP every time it does.
Switch to a decentralized time server instead.
How:
System Settings > General > Date & Time
Click “Set…” > Enter password
Enter:
pool.ntp.orgClick Done
Spotlight & Gatekeeper
Spotlight
System Settings > Spotlight: Turn off “Help Apple improve search”
Gatekeeper
Gatekeeper prevents you from opening non-Apple-approved apps and sends app data to Apple.
If you’re a confident user, disable it:
Terminal:
sudo spctl --master-disableSystem Settings > Privacy & Security: Allow apps from anywhere
FileVault & Lockdown Mode
FileVault
Encrypt your entire disk:
System Settings > Privacy & Security > FileVault: Turn on
Choose “Create a recovery key and do not use iCloud”
Write down your recovery key. Store it OFF your computer.
Lockdown Mode (Optional)
Restricts features like USB accessories, AirDrop, and others. Useful for high-risk users.
Customize Appearance & Finder
Desktop & Dock
Disable “Show Suggested and Recent Apps”
Disable “Recent apps in Stage Manager”
Wallpaper
Use a solid color instead of version-specific defaults to reduce your system’s fingerprint.
Lock Screen
Screensaver: Never
Require password: Immediately
Sleep timer: Your preference (e.g. 1 hour)
Finder Preferences
Show all file extensions
Hide Recents and Tags
Set default folder to Documents
View hidden files:
Shift + Command + .
Block Outbound Connections
macOS and many apps connect to servers without asking. You’ll want to monitor and block them.
Use Little Snitch (or LuLu)
Download from: obdev.at/products/littlesnitch
Optionally install via USB to stay offline
We have a full setup tutorial on YouTube
Michael Bazzell provides a preset configuration in his book
Browser
Install a privacy-respecting browser like Brave or Mullvad.
Compare options at privacytests.org
VPN
Use trusted providers like Mullvad or ProtonVPN.
Be careful which VPN you download -- they’re often scamware and data collection tools.
Watch this video for more
Optional: Use Homebrew
Instead of the App Store, install software via Homebrew.
We’ll cover this more in a future guide.
Final Takeaways
If you followed this guide, you now have:
A Mac with no Apple ID
No iCloud tether
Full disk encryption (FileVault)
A silent firewall
Blocked outbound connections
A private browser and VPN setup
You’ve taken serious steps to reclaim your digital autonomy. Well done.
In an upcoming guide, we’ll explore how to take the next step: switching to Linux.
Thanks again to Michael Bazzell for his work.
Find his book Extreme Privacy at: inteltechniques.com/book7.html
Yours in privacy,
Naomi
Consider supporting our nonprofit and helping us create free educational content that teaches people how to reclaim control over their digital lives. Visit LudlowInstitute.org/donate to set up a monthly, tax-deductible donation.