explaingit

drduh/macos-security-and-privacy-guide

22,389Audience · generalComplexity · 1/5Setup · easy

TLDR

A community-written guide covering practical steps to improve the security and privacy of a Mac, from basic settings like disk encryption and firewall setup to advanced configurations for encrypted DNS, Tor, VPNs, and system monitoring.

Mindmap

mindmap
  root((macos-security-guide))
    Disk and Storage
      FileVault encryption
      Secure erase
    Network Security
      Firewall setup
      Encrypted DNS
      VPN and Tor
    Privacy
      Browser hardening
      Tracker blocking
      Password managers
    System Monitoring
      Unusual activity detection
      SSH hardening
    Audience
      Power users
      Privacy-conscious Mac users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Follow step-by-step instructions to enable FileVault disk encryption and set up a firewall on your Mac

USE CASE 2

Configure encrypted DNS and browser settings to block trackers on macOS

USE CASE 3

Set up Tor or a VPN on your Mac following recommended security best practices

USE CASE 4

Learn threat modeling to figure out which security steps matter most for your specific situation

Getting it running

Difficulty · easy Time to first run · 30min

No software to install, this is a text guide. Apple silicon Mac recommended as the minimum hardware baseline.

In plain English

This is a community-written guide for improving the security and privacy of a Mac running macOS, particularly on Apple silicon hardware. It walks through a wide range of practical steps, from basic settings that anyone can change to more advanced configurations for power users who want enterprise-level protection. The guide covers topics including disk encryption with FileVault, setting up a firewall, configuring DNS to block trackers and use encrypted DNS, securing your web browser, using Tor and VPNs, protecting against malware, managing passwords, securing SSH connections, and setting up system monitoring to detect unusual activity. It starts with the concept of "threat modeling", figuring out what you specifically need to protect and who you are protecting it from, so you can prioritize which steps matter most for your situation. You would use this guide if you are a Mac user who wants to meaningfully improve their security and privacy beyond the default settings. It is aimed at power users and people with some technical comfort, but many sections are straightforward enough for motivated beginners. The guide itself is a text document (no code to run), updated by the community over time. It recommends Apple silicon Macs as the minimum hardware baseline due to security vulnerabilities in older Intel-based models.

Copy-paste prompts

Prompt 1
I have a Mac on Apple silicon. Based on the drduh macOS security guide, what are the 5 most impactful security settings I should change right now?
Prompt 2
Walk me through setting up encrypted DNS on macOS following the drduh security guide, what tools do I need and what are the exact steps?
Prompt 3
I want to configure a Mac firewall. What does the drduh macOS security and privacy guide recommend, and how do I do it step by step?
Prompt 4
What is threat modeling and how do I use it to decide which steps in the drduh macOS security guide apply to my situation?
Prompt 5
How do I harden SSH on macOS according to the drduh security and privacy guide?
Open on GitHub → Explain another repo

← drduh on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.