I predominantly use Apple products, and when transitioning to a new device within the Apple ecosystem, such as a fresh new MacBook, I find myself in the routine task of reinstalling all the essential software and tools crucial for my projects and day to day.
This article serves as a general to-do list for my own reference during the setup of a new laptop. Moreover, it can be a valuable source of inspiration for fellow individuals aiming to establish a privacy-conscious developer environment, encompassing the essential and often indispensable tools.
macOS Privacy & Security Settings#
Update all devices to the latest version.
Change Privacy & Security Advanced settings on Mac.
Turn on FileVault to encrypt your data.
Configure firmware password.
A nice feature is also Secure Keyboard Entry for the Terminal.
Review the GitHub repository drduh/macOS-Security-and-Privacy-Guide.
Install Objective-See’s Tools#
Follow the instructions to install LuLu firewall and BlockBlock monitor.
Install Warp.dev#
Install Warp terminal. Disable telemetry.
Xcode & Command Line Tools#
xcode-select --install
Homebrew (brew)#
First start by installing Homebrew. Go to brew.sh.
Opt out of analytics:
brew analytics off
Install cURL#
brew install curl
Use cURL from Homebrew instead of system:
echo 'export PATH="/opt/homebrew/opt/curl/bin:$PATH"' >> ~/.zshrc
For HTTP/3 support, review experimental HTTP3 (and QUIC), preferably
quiche.
Force Homebrew to use the brewed version of cURL instead of the system version:
export HOMEBREW_FORCE_BREWED_CURL=1
Reload zsh:
source ~/.zshrc
Install Visual Studio Code (VS Code)#
brew install --cask visual-studio-code
Alternatively, install it manually from the website.
Install Wireshark#
brew install --cask wireshark
brew install --cask wireshark-chmodbpf
Install git#
brew install git
Install Python#
brew install python@3.13
In case of a complete Python cleanup, use something like this script.
When developing with Python, use virtual environments.
Install npm#
brew install node
Update npm:
npm install -g npm@latest
Update Node.js:
sudo n stable
Install SilentKnight#
Fully automatic checks of firmware and security systems:
https://formulae.brew.sh/cask/silentknight
Reference: SilentKnight, Skint, silnite, LockRattler, SystHist & Scrub
How zsh should look like#
$ nano ~/.zshrc
export PATH="/opt/homebrew/bin:/opt/homebrew/opt/curl/bin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:$PATH"
#export PATH="/usr/sbin:/sbin:/usr/bin:/bin:/opt/homebrew/bin:/usr/local/bin:/Us$
#export PATH="/opt/homebrew/opt/curl/bin:$PATH"
Update Everything#
Updating brew, npm, nvm and their packages:
brew update && brew upgrade && brew autoremove && brew cleanup && brew doctor && npm install -g npm@latest && npm update -g && nvm install --lts --latest-npm && nvm alias default $(nvm version --lts) && npm cache clean
Private Browser#
Install and use Brave or Firefox – or other privacy-friendly browsers, whichever you feel safer with.
Review browser configurations.
Additionally, install and configure uBlock Origin or uBlock Origin Lite Add-Ons on Firefox, or Brave Shields on Brave.
Use the Startpage or DuckDuckGo or Ecosia Search Engines.
Additionally, I’d bookmark the following sites…
DNS:
- https://toolbox.googleapps.com/apps/dig/
- https://one.one.one.one/purge-cache/
- https://one.one.one.one/help/
- https://help.teams.cloudflare.com/
URL Scan:
- https://urlscan.io/
- https://radar.cloudflare.com/scan
- https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner
- https://securityheaders.com/
- https://www.virustotal.com/gui/home/upload
- https://host.io/
- https://urlhaus.abuse.ch/browse/
IP Scan:
- https://ipinfo.io/
- https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test
- https://www.abuseipdb.com/
- https://search.censys.io/
Images:
- https://www.labnol.org/reverse
- https://sightengine.com/detect-ai-generated-images
- https://fotoforensics.com/
- https://contentcredentials.org/verify
- https://wasitai.com/
- https://jimpl.com/
- https://aiimagedetector.org/
AI Text Detector:
Malware Analysis:
Web Performance:
- https://pagespeed.web.dev/
- https://www.webpagetest.org/
- https://www.debugbear.com/test/website-speed
- https://gtmetrix.com/
- https://tools.pingdom.com/
Encrypted DNS#
Follow the guide on connect to 1.1.1.1 using DoH clients.
Alternatively, configure DoH on your browser.
E-Mail, Calendar, Drive, VPN, Password Manager#
Sign up, configure and use the entire Proton suite of products. Check out my invitation to join Proton and get 1 month of premium features for free.
Some alternatives are:
- Configure and use the FREE Cloudflare Zero Trust plan, using the WARP VPN client and Gateway filtering to protect oneself from threats on the Internet.
- Configure and use the FREE NextDNS plan, which also has an encrypted DNS option.
More…#
I also enabled Hot Corners Shortcuts to immediately lockdown my laptop. Very practical when I need to just look away for a minute.
Read more on A Journey into Digital Privacy & CyberSec.
More information and examples on my GitHub Repository.
Another very cool resource is macos_hardening, where you can manually check the policies.
Disclaimer#
Educational purposes only.
This blog post is independent and not affiliated with, endorsed by, or necessarily reflective of the opinions of any entities mentioned.