>

How do I keep my Mac and my data private and for myself alone to see?

Keep your nose out of my Mac!
At System Preferences => Security & Privacy at 'General' you can find useful options that help to make your Mac secure in case you leave it alone for a short while.



- Check 'Require password 'immediately' after sleep or screen saver begins'** Now your Mac can't be accessed when it's asleep or the sceen saver's on.
- Check 'Disable automatic login'. Now your Mac can't be accessed by turning it off and on.



** NOTE: You can configure Sleep and Screen Saver in System Preferences => Energy Saver and Desktop and Screen Saver.
More details in the Preferences chapter.


Spotlight: is it allowed to find everything?

Spotlight is your Mac's local search engine. It searches your whole user folder for documents. Maybe you don't like that.
Go to System Preferences => Spotlight and then to 'Privacy'. Now you can tell Spotlight which folders it isn't allowed to search in.




Privacy in Safari
Do you visit websites you don't want anyone to know about? Turn on Private mode in Safari. You can find it in the Safari menu:






You are not anonymous on the internet...

Delete your surfing history fast
Like to surf to websites you don't want your house mates to know about?
You can choose Delete history at the History menu. This option immediately removes all the information about previous websites you have visited.

Surfing without a trace
Choose 'New private window' instead of 'New window' at the File menu. Safari will leave no trace of your internet session.

You are not anonymous on the internet



Cookies
A lot of websites leave a little piece of data on your computer called a 'cookie'. This is a little file which makes them recognize you if you ever visit that website again.
Go to the Safari Preferences at 'Privacy' and take a peek at your cookies.



Klik on the 'Info...' button to see which website left something in your cookie jar:



Turning off cookies
Choose at Block cookies => 'forever'.
However: many websites loose their appetite in case you don't want to have their cookies. Some websites even won't let you in...




Privacy in Safari: do you want websites to locate you?
By the help of your Wi-fi location or GPS location a website can know exactly where you are. This can be useful when you want to find the next KFC or Mac. In case you don't want this, choose 'Refuse without asking' at Location. MacMiep has no idea how succesfull this turns out to be.



Privacy in Safari: do I want to be followed from website to website?

Many websites contain software that can track you. A company can determine what kind of websites you like and what you are interested in. And then show you advertisements specified to your interests. For example Google and Facebook find this very interesting. It's their main business plan: get to know as much as you can.
In Safari Preferences, you can check 'Ask websites not to follow me'.
As this is only 'asking', MacMiep has no idea how succesful this is...

Google Chrome
The following of users brings you automatically at the 'free' browser Google Chrome. It's an excellent browser, fast, stable and for free. But really for free?
Nope. Google gets paid by you using Chrome and giving them information about you. Like this, they can profile you and show you advertisements that might be more to your liking. Everything you do in Chrome will be safed in a huge database and analyzed. Their goal is to get better advertisements and make more money.

iCloud
Long story short: Apple is an American based company. So the Patriot Act applies to them and their customer data:





Other cloud services
Many other companies offer you Cloud facilities, sometimes even for free. Before you start using their services, beware to inform yourself where their company is based, where their servers are located and what their terms of use are.

Adobe en Microsoft
Working 'in the Cloud' is 'in' due to all the mobile devices we have. Software makers join the 'hype' of using a Cloud service. They add cloud services to their latest upgrades or even comply their new customers to use Cloud based software and a monthly license.
convenient? Maybe. MacMiep has her doubts. What when there's a power problem, the internet is down, the GPS satellites are down because of a huge sun storm... what then if you don't have your important data stored locally?

Conclusion about privacy
If you really value your privacy, don't use a Cloud service and don't use online backup services. Is it completely necessary for you to use them, make sure to find a cloud service with better privacy rules. This probably means a European (not British or Chinese) service with no offices or servers in the United States.
You also shouldn't use Google services and Facebook (that includes WhatsApp).

"Well, I've got nothing to hide"
Are you sure?
You might consider to watch these movies: Das Leben der Anderen en Enemy of the State...

TIP
Anonymous internet

Imagine you going on a trip to China or any other country that has internet censorship. Then you can use Tor. Tor is a secure network that makes send data unreadable for third parties. Tor is also available for Mac: Tor project https://www.torproject.org . But: do consider that many Tor exit nodes may be in the hands of several secret services...

Working with a VPN: a Virtual Private Network
You can also choose to use a VPN. This means that your computer connects to a VPN server with a secure connection, and that server will be your identity on the internet. Your real IP-adress stays hidden for the outside world. Most VPN services are to paid for.


Email security
Use SSH to send or get your email (more in chapter Internet):



NOTE: SSL means your email will be send over a secure connection that is not readable by third parties. NSA excluded...


Privacy at customs
Do you travel to the United States? Homeland security is allowed to read and copy the data on your computer or mobile devices. Don't want this? You might use the Tips below, but realize that this automatically makes you suspicious... You might be asked to give them your password or refused entrance...


TIP
Encrypting your data with FileVault
In case your Mac gets stolen, it's hard disk will be readable when taken out.
This can also be the case in Target Mode and in case a hacker uses a USB stick filled with special scripts to hack your Mac.
You could choose to encrypt your hard disk data with FileVault.
Go to System Preferences=> Security & Privacy=> FileVault.



All users have to agree to this:








WARNING
Are you sure you want to use FileVault?!
In case you loose the main password to the Mac, you'll not be able to read your data ever again!!
So in case you're not into developing cold fusion: better keep away from FileVault!

TIP
Secure data with the help of a password protected disk image.
It's possible to make a virtual hard disk: a so-called disk image (.dmg). This is a way to securily store data.

A secury USB stick
This secure disk image can be copied to a USB stick. Then you have a secured USB stick.
The security key is coded in AES. The American Government uses AES-128 for documents with the 'Secret' label. AES is included in the ISO/IEC 18033-3 standard More about AES encryption.

Use Disk Utilty to make a secure disk image
You can find Disk Utility in the Utilities folder, or use Spotlight to find the program:



Making a secure Disk Image
Open Disk Utility and choose 'New Image'.



Give a name and size and choose at Encryption AES-128 of AES-256:



Choose Create and type a password:

Disk Utility will show you the strength of your password.

Important: UNCHECK 'Remember password in my keychain'!

=>



Drag and drop

Now you can drag and drop all your secret data onto this virtual disk. Copy the disk to an USB stick or any other disk and you'll have a data protected disk.
From now on, every time you open the disk image you have to enter the password:

Without password, no access

TIP
Extra secure security for your Mac
There is a way to completely close your Mac for others. This security option goes deeper than the Mac OS operating system. It's a way to lock your whole Mac computer. This way you won't be able to boot from other sources than your own hard disk. No USB booting, DVD booting, or Target Mode booting or any kind of booting possible without the correct password. Without password, your Mac won't work at all.

Firmware password
This called the Firmware Password. The password is stored on a chip on the Mac's motherboard. So your Mac is hardware secured.
The consequence of forgetting the password is a Mac that can't be used at all.
Lost your password? Bye bye Mac!

Installing firmware password on your Mac

Boot from Recovery partition of USB recovery disk* by pressing the R key when you power on your Mac.
Choose 'Firmware Password Utility' at the 'Utilities' menu.

*As explained in the Problemen chapter.

Without a password your Mac won't do anything.

NOTE: But in case someone removes your hard drive, it still can be hacked. Use FileVault to be completely sure.


Encrypt your Time Machine backup

At default, a Time Machine backup won't be encrypted. So in case you secure your Mac by encryption and/or password protection, you should also encrypt Time Machine.
Go to the Time Machine preferences. Check 'Encrypt backups' to secure your data and prevent others from reading it.



Securely erase a hard drive
Erasing a hard drive doesn't mean that all data is gone. A simple 'erase' will only remove the data index. The data itself will still be readable with special recovery software.
Disk utility gives you the opportunity to security options that erase the hard drive thouroughly. A good idea when you sell your Mac!



Security Options...
To make sure that no readable data stays behind, you have the Security Options. The most secure one is approved by the American Ministry of Defense... so what else would you want?!



NOTE: erasing a hard drive in the Most Secure setting can take a very long time.
NOTE: there are specialized companies who are able to rescue data from hard disks who are severly destroyed by fire, water or violence. A German firm recovered data from hard drives that were found at the collapsed World Trade Center!
NOTE: In case you want to be absolutely sure about destroying data on a hard drive: destroy the hard drive physically. This means axe, drilling machine or schredder.



SSD disks
Pay attention when securely erasing a SSD hard drive. All blocks on that hard drive will be written with data. An SSD disk will get slower in case more blocks are filled with data. Therefor, the Mac can become slower after erasing an SSD. However: give the Mac time to 'trim' the SSD itself, preferable a night. MacOS will trim the data blocks and the Mac will get it's speed again.


Disclaimer: MacMiep is independent. This means she writes what she wants, based on 25+ years of Mac-experience. She doesn't get paid for stories (positive or negative) on this website.