Mac

you should run an insecure app in a vm, ideally but sandbox-exec is nice as well - eg to run zoom – https://gist.github.com/cielavenir/02f322e322a2a3555dbf2b38f2fedd59

echo “127.0.0.1 ocsp.apple.com” | sudo tee -a /etc/hosts

https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos

https://github.com/sunknudsen/privacy-guides/tree/master/how-to-disable-cups-printer-job-history-on-macos

https://github.com/sunknudsen/privacy-guides/tree/master/how-to-setup-system-wide-mullvad-dns-over-https-on-ios-and-macos

Driver

https://gofetch.fail/, fix

My daily driver Config

https://support.apple.com/en-us/HT201222 on mullvad browser autostart

VPN

“Our macOS app installs a Network Extension, which is a fully sandboxed process with no kernel-level access to your system.” - Obscura

“AFAIK all traffic is now adequately routed thru the network extensions meaning, firewalls should be able now be comprehensive”

[]

Securitybrahh

My Current Setup

Priorities:

  1. Freedom
  2. Security
  3. Usability
  4. Reasonable Privacy
  5. not LARP
  6. Robustness aka redundancy

Strictly following that order.

if you are not secure, thinking about privacy is a waste. For eg. if you switch off all comms from windows to microsoft, or mac to apple – You won’t get any security updates hence lol. The correct approach is to switch on that specific comms when there is a critical update. For apple, just have this page on mullvad browser home and start it up at boot.

[]

Android

Android

GrapheneOS

sim lock?

bluetooth, camera, NFC, location – default off

Use contact and storage scopes

battery saver at 20%

https://www.anonstrategies.com/p/boxes

Shelter – device admin?? – is this the best work profile manager, ¿

Keep notifs to the minimum, disable apps when not in active use.

FLOSS apps via obtainium

Add apkmirror tracking for Google Play apps to know updates

Seperate Google Play Store profile for apps, install through that, need to then install apk in main profile (apkmirror) – so the signature is verified, no issues.

[]