Operating System

Anything, but please avoid ChromeOS, there is no way to achieve privacy within this operating system.

MacOS

• Apple ID: You can bypass the prompt to sign in to Apple ID, but it prevents you from using AppStore, iTunes, and iCloud,… It is NOT required to download & install system update, and install apps from outside the AppStore.

• FileVault: This step is to apply full-disk encryption to your MacBook. You can keep the recovery key on iCloud, or let device display 24-digit which you will copy it, store on encrypted container.

• AntiVirus: I personally don’t use AntiVirus, but I’m not against it.

• HomeBrew: You can install homebrew follow instructions on their website. After that, enter this commands: brew analytics off

• AntiMalware: I recommend you to use KnockKnock to scan your MacBook for malware.

After install, allow their permissions and “Start Scan”. If you see anything process that you don’t want it to run, just move it to Trash or rename it.

• Firewall: I recommend you to use LuLu

The built-in firewall of MacOS only block incomming connections, it’s good, but it will not conver all cases.

Each time your applications which make an outgoing connections, it will prompt you like this image.

You will manually choose if it should connect to network. For example: You install a calculator and LuLu prompt you to allow outgoing connections? That’s weird.

• Camera & Microphone: I recommend you to use OverSight

This app is simple, each time an app use your camera or microphone, it will prompt you like this image.

You can have options to allow or block it. Which I think pretty useful for online meeting too.

• Verify the structure of the system files: You can use Onyx

Windows

• Windows Defender: I recommend you to use Windows Defender which is pre-installed on Windows.

• Please don’t use CCleaner, you can use BleachBit instead.

• Disable Telemetry: You can disable telemetry by using O&O ShutUp10

• Uninstall software: Using Bulk Crap Uninstaller.

Password

You can check if you’re vulnerable to password leakage by using HaveIBeenPwned.

I recommend you to use for online is 1Password, Bitwarden, and if you prefer offline, you can use KeePassXC. I strongly discourage you to use LastPass.

You only need to remember one password, which is your master password. And all other passwords should be generated by using built-in password generator, which is strong and unique.

For reading & Source code:

• SP 800-63B
• keepassxreboot/keepassxc
• bitwarden/server

Two-Factor Authentication

For the best case, you should use hardware token, such as Yubikey, Nitrokey,…

If it is not possible, you can use software token, such as built-in password manager, Ente Auth, Aegis Authenticator.

You shouldn’t use SMS, Google Authenticator, Authy,…

This is an extra-step to protect your account from being hacked if your password is compromised.

A modern authentication is Passkeys, which is a combination of password and fingerprint.

Browser

By default, MacOS has Safari, and Windows has Edge. But seriously, you shouldn’t use them.

I recommend you to use Firefox, and follow my instruction from How I Configure Firefox.

Forks of Firefox: LibreWolf, Mullvad Browser

Another option is Brave. But it comes with a lot of cryptocurrency-things, so you have to modified it a lot.

Forks of Chrome: ungoogled-chromium

Extensions

• uMatrix
• uBlock Origin (less features than uMatrix but easy to use)
• Filter lists:
  • You need to read each filter list carefully, and you should know what it does.
  • Recommended: DandelionSprout/LegitimateURLShortener
• Decentraleyes

DNS

I will recommend you some DNS servers:

• Cloudflare
• Mullvad
• AdGuard

Email

Please avoid using Gmail.

Some name of providers:

• Disroot
• Autistici
• Cork.li
• ProtonMail
• Tuta

I have a big question mark on ProtonMail, and Tuta, because those don’t allow you to use your own email client, which is potientially inject a JavaScript to steal your credentials.

For existing emails, you can use Mailvelope or set a forwarding email.

For masking emails, I currenly use SimpleLogin, or you can choose AnonAddy

Communication

Just use Signal, Telegram is considered as a popular one, but I’m not sure if it is really safe.

File sharing

You can use Nextcloud or Send, another instance of Send is SkySend.

Note taking

You can use Standard Notes or Notesnook