Welcome to PART3 of My Extreme Privacy Journey. If you'd like to catch up on the previous posts, you can find them in PART 1 and PART 2. In this section, we'll focus on securing iOS mobile devices, following the expert guidance from Michael Bazzell's book, Extreme Privacy: What it takes to disappear.
Let's dive in and explore how to improve your iPhone's security and privacy.
1️⃣ Prepare Your Device
In this section, we will be configuring an iOS device for more privacy and security. Although a custom, un-Googled Android device with GrapheneOS is highly recommended, some users may prefer to stay on iOS devices.
While it's impossible to fully replicate a GrapheneOS device on an iPhone, many of the overall strategies can be applied to an iOS device for daily use. If you're interested in switching to GrapheneOS, refer back to PART2.
When configuring an iOS device, it's crucial to do so outside of your home to avoid associating the device with your residence. Most iPhones have location services, Wi-Fi, Bluetooth, and cellular connectivity enabled by default, which can compromise the account security.
To minimize digital trails, consider purchasing an iPhone with cash in-person at an Apple store and decline Apple's activation and setup services.
To get started, you'll need either a brand
new iPhone (the preferred option) or a factory reset device. To factory reset your device:-
Open
Settings -
Tap
General -
Select
Transfer or Reset -
Tap
Erase
Please ensure you've secured all important files before erasing the device.
2️⃣ Configure Basic iOS Settings
Now we will set up our
new or reset iOS device, following these steps:- Turn on your device and swipe up if necessary.
- Select your language and region, then tap
Set Up Manually. - Tap
Continueon Written and Spoken Languages - Connect to a nearby Wi-Fi network by selecting it and tapping
Next. - Set up Touch ID or Face ID if desired for biometric authentication.
- Create a strong passcode: Tap
Passcode Optionsand chooseCustom Numeric Code> Enter a strong passcode and tapNext> Confirm your passcode and tapNext. - Choose not to transfer data and apps: Tap
Don't Transfer Apps & Data. - Skip Apple ID setup: Tap
Forgot password or don't have an Apple ID, thenSet Up laterin Settings. - Choose
Don't Useand agree to the terms of service - Tap
Continueto proceed. - Disable iMessage and Facetime: Choose
Not Now. - Disable
Location Services - Screen Time: Choose
Setup Later in Settings. - Opt out of iPhone Analytics: Tap
Don't Share - Select desired appearance and zoom.
- Delay Siri setup: Choose
Setup Later in Settings. - Tap
Get Startedor swipe up to exit the menu. - Open
Settingsagain - Tap
Finish Setting Up Your Phone. - Tap
Finish Setting Up. - Tap
Cancelto clear the warning icon. - Navigate back to the home screen
- Navigate back to the home screen.
Next, we will navigate to the
Settings menu and adjust the following configurations. Note that some options may disable features you use, so apply the settings that best fit your needs:- Settings > Bluetooth: Off (If not used)
- Settings > Notifications > Scheduled Summary: Off
- Settings > Notifications > Show previews: Never
- Settings > Notifications > Screen Sharing: Notifications Off
- Settings > Notifications > Siri Suggestions: Disable all
- Settings > Notifications: Disable notifications on sensitive apps
- Settings > Notifications: If desired, disable all Government Alerts
- Settings > General > AirDrop: Receiving Off
- Settings > General > AirPlay & Handoff: Disable all
- Settings > General > Picture in Picture: Disabled
- Settings > General > iPhone Storage > Recently Deleted Album: Enable
- Settings > Siri & Search: Disable all
- Settings > Siri & Search > (each app): Disable all
- Settings > Privacy > Location services: Disable all
- Settings > Privacy > Tracking: Disable all
- Settings > Privacy > Nearby Interactions: Disable all
- Settings > Privacy > Research Sensor & Usage Data: Disable all
- Settings > Privacy > Motion & Fitness: Disable all
- Settings > Privacy > Analytics & Improvements: Disable all
- Settings > Privacy > Advertising > Personalized Ads: Disabled
- Settings > App Store > Video Autoplay: Off
- Settings > App Store > In-App Ratings & Reviews: Disabled
- Settings > Apps > Photos > Enhanced Visual Search: Disabled
- Settings > Apps > Safari > Siri & Search: Disable All
- Settings > Apps > Safari > Search Engine: DuckDuckGo
- Settings > Apps > Safari > Search Engine Suggestions: Disabled
- Settings > Apps > Safari > Safari Suggestions: Disabled
- Settings > Apps > Safari > Quick Website Search: Disabled
- Settings > Apps > Safari > Preload Top Hit: Disabled
- Settings > Apps > Safari > AutoFill: Disable All
- Settings > Apps > Safari > Prevent Cross-Site Tracking: Enabled
- Settings > Apps > Safari > Fraudulent Website Warning: Disabled
- Settings > Apps > Safari > Highlights: Disabled
- Settings > Apps > Safari > Privacy Preserving Ad...: Disabled
- Settings > Apps > Safari > Check for Apple Pay: Disabled
- Settings > Apps > Safari > Camera: Deny
- Settings > Apps > Safari > Microphone: Deny
- Settings > Apps > Safari > Location: Deny
- Settings > Apps > Maps > Share ETA: Disabled
- Settings > Apps > Maps > Air Quality Index: Disabled
- Settings > Apps > Maps > Weather Conditions: Disabled
- Settings > Apps > Maps > Ratings and Photos: Disabled (If Present)
- Settings > Apps > Maps > Show Ratings and Photos Suggestion: Disabled (If Present)
- Settings > Apps > Maps > Follow Up by Email: Disabled (If Present)
- Settings > Apps > Shortcuts > iCloud Sync: Disabled
- Settings > Apps > Shortcuts > Private Sharing: Disabled
- Settings > Apps > Music > Show Apple Music: Disabled
- Settings > Camera > Scan QR Codes: Disabled
Remove any unwanted stock apps by long-pressing an icon and selecting
Remove App followed by Delete App. You can also customize your home screen by changing the wallpaper, removing unwanted widgets, and rearranging apps. To further personalize your iPhone, create new app shortcuts as needed.At this point, your iPhone has several custom configurations, but you haven't connected an Apple ID yet, which means you can't download apps. To maintain some level of anonymity, consider creating a new Apple ID annually to at least disrupt Apple's data collection. When setting up a new device, it's a good practice to create a new Apple ID and pair it with a prepaid cellular account. The following steps outline how to do this, although the process may vary slightly on your device.
- Open the App Store.
- Tap
Continue - Tap
Turn Off Personalized Ads. (If present) - Tap the person logo next to
Today. - Tap
Create New Apple ID - Enter the desired email address for this device.
- Enter and verify a secure password.
- Tap to agree to all terms and tap
Next. - Enter your desired alias name and DOB.
- Disable
Apple Updatesand tapNext. - Change payment method to
None. - Enter an alias Street, City, State, and Zip and tap
Next. - Enter the number which is (or will be) assigned to this device and tap
Next. - Verify the incoming SMS code and tap
Verify. - Verify the incoming email code and tap
Verify. - Tap
Continuewhen complete
Ideally, you already have an active cellular plan or an activated physical SIM card (or eSIM) in your new iPhone. Bazzell recommends using a prepaid provider like Mint Mobile (in US), which was was discussed in previous sections.
In the past, Bazzell recommended keeping your cellular number private from Apple. However, since Apple collects unique identifiers like your serial number and telephone number associated with the SIM card (or eSIM), it's no longer necessary to hide your prepaid number, as Apple knows your number at all times.
When creating an Apple ID, it's essential to avoid signing in through the standard Apple ID menu, as this logs you into iCloud without an option to disable synchronization. Instead, we need to create the Apple ID from the App Store, which activates the minimal services necessary to download and install applications.
To verify this, follow these steps:
- Open the Settings app and tap your account name.
- Confirm
iClouddisplaysOff.
If iCloud is enabled without your consent, you can correct this by navigating to
Settings, clicking on your Apple ID account, and choosing the Sign out option. Then, return to the App Store, log in to your new account, and confirm the iCloud setting displays Off. If you see a warning next to Start Using iCloud, tap Start Using iCloud and then Not Now to remove the annoyance. Let's continue to disable a few more unwanted features.Disabling Unwanted Features
- Open the App Store app.
- Tap the person logo in the upper-right corner.
- Tap your account name.
- Disable
Personalized Recommendationsand tapDone. - Tap the person logo again and disable
Personalized Recommendations. - If available, tap
Clear App Usage Data, confirm, and tapDone.
Next, navigate to the Settings app:
- Open the Settings app.
- Tap
Generaland thenSoftware Update. - Tap
Automatic Updatesand disable all options. - Return to the main Settings menu and tap
App Store. - Disable
AppsDownloads,App Updates, andIn-App Content(if available).
To avoid large app updates while on a cellular connection, Bazzell also recommends making the following changes:
- Open the App Store and tap the person logo in the upper-right.
- Swipe down from the top to refresh.
- Apply any pending updates.
- Open the Settings application.
- Tap
GeneralthenSoftware Update. - Apply any pending updates.
This steps should be applied once a week, preferably on WiFi.
Additionally, to further restrict cellular data access, navigate to
Settings > Cellular and disable access to any undesired apps, such as Find My, Contacts, etc. This menu can be used as a firewall to restrict any application from accessing the internet when using only cellular data.Additional Modifications
Consider the following additional modifications to further enhance your iPhone's privacy:
- Disable iMessage: Settings > Messages > iMessage: Disabled
- Disable sharing of name and photo: Settings > Messages > Share Name and Photo: Off
- Disable Shared with You: Settings > Messages > Shared with You: Off
- Disable showing contact photos: Settings > Messages > Show Contact Photos: Disabled
- Disable Notify Me: Settings > Messages > Notify Me: Disabled
- Disable Facetime: Settings > Facetime > Facetime: Disabled
Regarding location services, some researches claimed that Apple re-enabled certain services with the release of iOS 17. If you have completely disabled location services, you are not affected. However, to prepare for situations where you might need to enable location services (e.g. using maps), consider the following modifications:
- Go to Settings > Privacy & Security > Location Services
- Temporarily enable Location Services: Enabled
- App Clips: Disabled
- Set Camera to: Never
- Set Siri & Dictation: Never
- Disable various System Services:
- System Services > Apple Pay: Disabled
- System Services > Find My Phone: Disabled
- System Services > Home Kit: Disabled
- System Services > Share My Location: Disabled
- System Services > Suggestions & Search: Disabled
- System Services > System Customization: Disabled
- System Services > Significant Locations: Disabled
- System Services > iPhone Analytics: Disabled
- System Services > Improve Maps: Disabled
- Finally, disable Location Services again: Disabled
These modifications are not necessary when location services are completely disabled, but they will provide additional protection if you need to enable location services in the future.
Purchasing Apps
When purchasing apps, use a prepaid iTunes gift card obtained with cash to avoid providing Apple with your credit or debit card information. This is a good practice to minimize the amount of personal data shared with Apple.
Device Selection
For device selection, the iPhone SE is a good option, as it has a fingerprint sensor instead of facial recognition. However, the security of Touch ID is a personal decision and depends on individual circumstances.
Disabling iCloud Services
Disabling iCloud services is crucial to prevent accidental exposure of sensitive information such as emails, contacts, calendars, and notes. This can be done by following the steps previously explained.
It's essential to be cautious when using cloud storage services, as they can pose significant risks to data security. Without strict end-to-end encryption, data can be vulnerable to breaches and exposure.
Biometric Authentication
Regarding biometric authentication, there are several threats to consider:
- Forced Print: Physical duress could be used to force someone to unlock a device with their fingerprint.
- Legal Demands: Courts may rule that providing a passcode is not required, but a fingerprint may be.
- Apple Face ID: Although Apple does not store images, someone under physical threat could be forced to look into the phone to unlock it.
Backups
For backing up sensitive information such as personal photos and videos, a manual transfer via USB cable is recommended.
To transfer music and other data to and from an iOS device without using Apple's iTunes or Music app, consider using a premium application like iMazing. It allows to transfer music, photos, contacts, documents, and backups to or from any iOS device without complications from Apple.
If iCloud storage is necessary, take the following precautions:
- Disable web-based iCloud access to prevent unauthorized access via a web browser.
- Use a more secure 2FA method, such as a YubiKey.
- Enable
Advanced Data Protection for iCloudto encrypt your backups, photos, notes, and other data. However, note that this does not provide true encryption for Apple email, calendars, or contacts.
Regular backups of your data to an external device are essential to maintain control over your personal data and reduce the risk of hacking.
To do this, follow these steps:
- Open Finder on your macOS computer and connect your iPhone via USB.
- Click the phone option in the left menu and enable the
Encrypt local backupoption. - Enter a secure password and click the
Back Up Nowbutton (if the backup hasn't already started).
This will create a backup of your iPhone's operating system configuration and Apple data. Note that this method doesn't back up all apps and their settings, or any media such as music.
If you don't have an Apple computer, you can use iTunes installed on a Windows machine. For extreme privacy, you can set up a Windows virtual machine on a Linux host, disable all internet access to the Windows VM, install iTunes, and connect your iPhone to the iTunes installation.
Having a backup of your iPhone settings can be a huge benefit if you need to replicate your configuration onto a second device. This is especially important for people who don't use iCloud and may need to recover their settings in case of a disaster.
Safari Configuration
For most users who prefer iOS, using the default Safari web browser is recommended. Safari is considered secure and private by default, and with the previous settings applied, you're even further protected. Since Safari blocks cross-site cookies, there's little reason to add Firefox to your iPhone unless you have a specific need for a separate browser.
To maintain your iPhone's security and privacy, it's a good idea to clear your Safari history and website data regularly. To do this:
- Navigate to
Settings>Safari>Clear History and Website Data. - Select
All history, enableClose All Tabs, and tapClear History.
iOS System Tweaks
Additionally, here are some iOS system tweaks that can improve your overall user experience, but don't have an impact on privacy or security:
- Settings > Notifications > List
- Settings > Sounds & Haptics > Keyboard Feedback > Sound > Disabled
- Settings > Sounds & Haptics > Keyboard Feedback > Haptic > Enabled
- Settings > Sounds & Haptics > Lock Sound > Disabled
- Settings > General > Background App Refresh > Apple Store > Disabled
- Settings > General > Background App Refresh > Music > Disabled
- Settings > General > Background App Refresh > Notes > Disabled
- Settings > General > Background App Refresh > Numbers > Disabled
- Settings > General > Background App Refresh > Pages > Disabled
- Settings > General > Background App Refresh > Shortcuts > Disabled
- Settings > General > Background App Refresh > Siri > Disabled
- Settings > General > Background App Refresh > Voice Memos > Disabled
- Settings > General > Keyboard > Auto-Correction > Disabled
- Settings > General > Keyboard > Memoji Stickers > Disabled
- Settings > Battery > Battery Percentage > Enabled
- Settings > Passwords > Password Options > Autofill Passwords > Disabled
3️⃣ iOS versus GrapheneOS Summary
As we conclude this section on iOS device configuration, it's essential to weigh the pros and cons of using an iOS device versus a GrapheneOS device. While iOS devices are generally secure, Apple's control over user accounts, privacy considerations and the requirement for an active online account to access full device functionality can be limiting.
In contrast, GrapheneOS devices offer a more private and secure experience, this is particularly important for individuals who value extreme privacy and want to minimize their online footprint.
If you do choose to use an iOS device, it's crucial to take steps to protect your privacy. This includes modifying your settings, disabling iCloud, creating an anonymous Apple ID, and using a prepaid account. By taking these precautions, you can at least minimize your privacy risk from iOS.
However, if you're looking for a more seamless and private experience, a GrapheneOS device may be the better choice.
By following the recommendations outlined in the book, you can take the first step towards achieving better privacy and security, regardless of which device you choose. Remember, every layer of privacy you apply to your digital life is beneficial, and it's never too late to start making changes.
I hope this section of the book has been helpful in configuring your iOS device. In the next post, we will continue our
Extreme Privacy Journey and learn about Mobile Device Strategies to further enhance your digital security.👋
