pull down to refresh

Welcome to PART3 of My Extreme Privacy Journey. If you'd like to catch up on the previous posts, you can find them in PART 1 and PART 2. In this section, we'll focus on securing iOS mobile devices, following the expert guidance from Michael Bazzell's book, Extreme Privacy: What it takes to disappear.
Let's dive in and explore how to improve your iPhone's security and privacy.

1️⃣ Prepare Your Device

In this section, we will be configuring an iOS device for more privacy and security. Although a custom, un-Googled Android device with GrapheneOS is highly recommended, some users may prefer to stay on iOS devices.
While it's impossible to fully replicate a GrapheneOS device on an iPhone, many of the overall strategies can be applied to an iOS device for daily use. If you're interested in switching to GrapheneOS, refer back to PART2.
When configuring an iOS device, it's crucial to do so outside of your home to avoid associating the device with your residence. Most iPhones have location services, Wi-Fi, Bluetooth, and cellular connectivity enabled by default, which can compromise the account security.
To minimize digital trails, consider purchasing an iPhone with cash in-person at an Apple store and decline Apple's activation and setup services.
To get started, you'll need either a brand new iPhone (the preferred option) or a factory reset device. To factory reset your device:
  1. Open Settings
  2. Tap General
  3. Select Transfer or Reset
  4. Tap Erase
Please ensure you've secured all important files before erasing the device.

2️⃣ Configure Basic iOS Settings

Now we will set up our new or reset iOS device, following these steps:
  • Turn on your device and swipe up if necessary.
  • Select your language and region, then tap Set Up Manually.
  • Tap Continue on Written and Spoken Languages
  • Connect to a nearby Wi-Fi network by selecting it and tapping Next.
  • Set up Touch ID or Face ID if desired for biometric authentication.
  • Create a strong passcode: Tap Passcode Options and choose Custom Numeric Code > Enter a strong passcode and tap Next > Confirm your passcode and tap Next.
  • Choose not to transfer data and apps: Tap Don't Transfer Apps & Data.
  • Skip Apple ID setup: Tap Forgot password or don't have an Apple ID, then Set Up later in Settings.
  • Choose Don't Use and agree to the terms of service
  • Tap Continue to proceed.
  • Disable iMessage and Facetime: Choose Not Now.
  • Disable Location Services
  • Screen Time: Choose Setup Later in Settings .
  • Opt out of iPhone Analytics: Tap Don't Share
  • Select desired appearance and zoom.
  • Delay Siri setup: Choose Setup Later in Settings.
  • Tap Get Started or swipe up to exit the menu.
  • Open Settings again
  • Tap Finish Setting Up Your Phone.
  • Tap Finish Setting Up.
  • Tap Cancel to clear the warning icon.
  • Navigate back to the home screen
  • Navigate back to the home screen.
Next, we will navigate to the Settings menu and adjust the following configurations. Note that some options may disable features you use, so apply the settings that best fit your needs:
  • Settings > Bluetooth: Off (If not used)
  • Settings > Notifications > Scheduled Summary: Off
  • Settings > Notifications > Show previews: Never
  • Settings > Notifications > Screen Sharing: Notifications Off
  • Settings > Notifications > Siri Suggestions: Disable all
  • Settings > Notifications: Disable notifications on sensitive apps
  • Settings > Notifications: If desired, disable all Government Alerts
  • Settings > General > AirDrop: Receiving Off
  • Settings > General > AirPlay & Handoff: Disable all
  • Settings > General > Picture in Picture: Disabled
  • Settings > General > iPhone Storage > Recently Deleted Album: Enable
  • Settings > Siri & Search: Disable all
  • Settings > Siri & Search > (each app): Disable all
  • Settings > Privacy > Location services: Disable all
  • Settings > Privacy > Tracking: Disable all
  • Settings > Privacy > Nearby Interactions: Disable all
  • Settings > Privacy > Research Sensor & Usage Data: Disable all
  • Settings > Privacy > Motion & Fitness: Disable all
  • Settings > Privacy > Analytics & Improvements: Disable all
  • Settings > Privacy > Advertising > Personalized Ads: Disabled
  • Settings > App Store > Video Autoplay: Off
  • Settings > App Store > In-App Ratings & Reviews: Disabled
  • Settings > Apps > Photos > Enhanced Visual Search: Disabled
  • Settings > Apps > Safari > Siri & Search: Disable All
  • Settings > Apps > Safari > Search Engine: DuckDuckGo
  • Settings > Apps > Safari > Search Engine Suggestions: Disabled
  • Settings > Apps > Safari > Safari Suggestions: Disabled
  • Settings > Apps > Safari > Quick Website Search: Disabled
  • Settings > Apps > Safari > Preload Top Hit: Disabled
  • Settings > Apps > Safari > AutoFill: Disable All
  • Settings > Apps > Safari > Prevent Cross-Site Tracking: Enabled
  • Settings > Apps > Safari > Fraudulent Website Warning: Disabled
  • Settings > Apps > Safari > Highlights: Disabled
  • Settings > Apps > Safari > Privacy Preserving Ad...: Disabled
  • Settings > Apps > Safari > Check for Apple Pay: Disabled
  • Settings > Apps > Safari > Camera: Deny
  • Settings > Apps > Safari > Microphone: Deny
  • Settings > Apps > Safari > Location: Deny
  • Settings > Apps > Maps > Share ETA: Disabled
  • Settings > Apps > Maps > Air Quality Index: Disabled
  • Settings > Apps > Maps > Weather Conditions: Disabled
  • Settings > Apps > Maps > Ratings and Photos: Disabled (If Present)
  • Settings > Apps > Maps > Show Ratings and Photos Suggestion: Disabled (If Present)
  • Settings > Apps > Maps > Follow Up by Email: Disabled (If Present)
  • Settings > Apps > Shortcuts > iCloud Sync: Disabled
  • Settings > Apps > Shortcuts > Private Sharing: Disabled
  • Settings > Apps > Music > Show Apple Music: Disabled
  • Settings > Camera > Scan QR Codes: Disabled
Remove any unwanted stock apps by long-pressing an icon and selecting Remove App followed by Delete App. You can also customize your home screen by changing the wallpaper, removing unwanted widgets, and rearranging apps. To further personalize your iPhone, create new app shortcuts as needed.
At this point, your iPhone has several custom configurations, but you haven't connected an Apple ID yet, which means you can't download apps. To maintain some level of anonymity, consider creating a new Apple ID annually to at least disrupt Apple's data collection. When setting up a new device, it's a good practice to create a new Apple ID and pair it with a prepaid cellular account. The following steps outline how to do this, although the process may vary slightly on your device.
  • Open the App Store.
  • Tap Continue
  • Tap Turn Off Personalized Ads. (If present)
  • Tap the person logo next to Today.
  • Tap Create New Apple ID
  • Enter the desired email address for this device.
  • Enter and verify a secure password.
  • Tap to agree to all terms and tap Next.
  • Enter your desired alias name and DOB.
  • Disable Apple Updates and tap Next.
  • Change payment method to None.
  • Enter an alias Street, City, State, and Zip and tap Next.
  • Enter the number which is (or will be) assigned to this device and tap Next.
  • Verify the incoming SMS code and tap Verify.
  • Verify the incoming email code and tap Verify.
  • Tap Continue when complete
Ideally, you already have an active cellular plan or an activated physical SIM card (or eSIM) in your new iPhone. Bazzell recommends using a prepaid provider like Mint Mobile (in US), which was was discussed in previous sections.
In the past, Bazzell recommended keeping your cellular number private from Apple. However, since Apple collects unique identifiers like your serial number and telephone number associated with the SIM card (or eSIM), it's no longer necessary to hide your prepaid number, as Apple knows your number at all times.
When creating an Apple ID, it's essential to avoid signing in through the standard Apple ID menu, as this logs you into iCloud without an option to disable synchronization. Instead, we need to create the Apple ID from the App Store, which activates the minimal services necessary to download and install applications.
To verify this, follow these steps:
  • Open the Settings app and tap your account name.
  • Confirm iCloud displays Off.
If iCloud is enabled without your consent, you can correct this by navigating to Settings, clicking on your Apple ID account, and choosing the Sign out option. Then, return to the App Store, log in to your new account, and confirm the iCloud setting displays Off. If you see a warning next to Start Using iCloud, tap Start Using iCloud and then Not Now to remove the annoyance. Let's continue to disable a few more unwanted features.

Disabling Unwanted Features

  • Open the App Store app.
  • Tap the person logo in the upper-right corner.
  • Tap your account name.
  • Disable Personalized Recommendations and tap Done.
  • Tap the person logo again and disable Personalized Recommendations.
  • If available, tap Clear App Usage Data, confirm, and tap Done.
Next, navigate to the Settings app:
  • Open the Settings app.
  • Tap General and then Software Update.
  • Tap Automatic Updates and disable all options.
  • Return to the main Settings menu and tap App Store.
  • Disable Apps Downloads, App Updates, and In-App Content (if available).
To avoid large app updates while on a cellular connection, Bazzell also recommends making the following changes:
  • Open the App Store and tap the person logo in the upper-right.
  • Swipe down from the top to refresh.
  • Apply any pending updates.
  • Open the Settings application.
  • Tap General then Software Update.
  • Apply any pending updates.
This steps should be applied once a week, preferably on WiFi.
Additionally, to further restrict cellular data access, navigate to Settings > Cellular and disable access to any undesired apps, such as Find My, Contacts, etc. This menu can be used as a firewall to restrict any application from accessing the internet when using only cellular data.

Additional Modifications

Consider the following additional modifications to further enhance your iPhone's privacy:
  • Disable iMessage: Settings > Messages > iMessage: Disabled
  • Disable sharing of name and photo: Settings > Messages > Share Name and Photo: Off
  • Disable Shared with You: Settings > Messages > Shared with You: Off
  • Disable showing contact photos: Settings > Messages > Show Contact Photos: Disabled
  • Disable Notify Me: Settings > Messages > Notify Me: Disabled
  • Disable Facetime: Settings > Facetime > Facetime: Disabled
Regarding location services, some researches claimed that Apple re-enabled certain services with the release of iOS 17. If you have completely disabled location services, you are not affected. However, to prepare for situations where you might need to enable location services (e.g. using maps), consider the following modifications:
  • Go to Settings > Privacy & Security > Location Services
  • Temporarily enable Location Services: Enabled
  • App Clips: Disabled
  • Set Camera to: Never
  • Set Siri & Dictation: Never
  • Disable various System Services:
  • System Services > Apple Pay: Disabled
  • System Services > Find My Phone: Disabled
  • System Services > Home Kit: Disabled
  • System Services > Share My Location: Disabled
  • System Services > Suggestions & Search: Disabled
  • System Services > System Customization: Disabled
  • System Services > Significant Locations: Disabled
  • System Services > iPhone Analytics: Disabled
  • System Services > Improve Maps: Disabled
  • Finally, disable Location Services again: Disabled
These modifications are not necessary when location services are completely disabled, but they will provide additional protection if you need to enable location services in the future.

Purchasing Apps

When purchasing apps, use a prepaid iTunes gift card obtained with cash to avoid providing Apple with your credit or debit card information. This is a good practice to minimize the amount of personal data shared with Apple.

Device Selection

For device selection, the iPhone SE is a good option, as it has a fingerprint sensor instead of facial recognition. However, the security of Touch ID is a personal decision and depends on individual circumstances.

Disabling iCloud Services

Disabling iCloud services is crucial to prevent accidental exposure of sensitive information such as emails, contacts, calendars, and notes. This can be done by following the steps previously explained.
It's essential to be cautious when using cloud storage services, as they can pose significant risks to data security. Without strict end-to-end encryption, data can be vulnerable to breaches and exposure.

Biometric Authentication

Regarding biometric authentication, there are several threats to consider:
  • Forced Print: Physical duress could be used to force someone to unlock a device with their fingerprint.
  • Legal Demands: Courts may rule that providing a passcode is not required, but a fingerprint may be.
  • Apple Face ID: Although Apple does not store images, someone under physical threat could be forced to look into the phone to unlock it.

Backups

For backing up sensitive information such as personal photos and videos, a manual transfer via USB cable is recommended.
To transfer music and other data to and from an iOS device without using Apple's iTunes or Music app, consider using a premium application like iMazing. It allows to transfer music, photos, contacts, documents, and backups to or from any iOS device without complications from Apple.
If iCloud storage is necessary, take the following precautions:
  • Disable web-based iCloud access to prevent unauthorized access via a web browser.
  • Use a more secure 2FA method, such as a YubiKey.
  • Enable Advanced Data Protection for iCloud to encrypt your backups, photos, notes, and other data. However, note that this does not provide true encryption for Apple email, calendars, or contacts.
Regular backups of your data to an external device are essential to maintain control over your personal data and reduce the risk of hacking.
To do this, follow these steps:
  • Open Finder on your macOS computer and connect your iPhone via USB.
  • Click the phone option in the left menu and enable the Encrypt local backup option.
  • Enter a secure password and click the Back Up Now button (if the backup hasn't already started).
This will create a backup of your iPhone's operating system configuration and Apple data. Note that this method doesn't back up all apps and their settings, or any media such as music.
If you don't have an Apple computer, you can use iTunes installed on a Windows machine. For extreme privacy, you can set up a Windows virtual machine on a Linux host, disable all internet access to the Windows VM, install iTunes, and connect your iPhone to the iTunes installation.
Having a backup of your iPhone settings can be a huge benefit if you need to replicate your configuration onto a second device. This is especially important for people who don't use iCloud and may need to recover their settings in case of a disaster.

Safari Configuration

For most users who prefer iOS, using the default Safari web browser is recommended. Safari is considered secure and private by default, and with the previous settings applied, you're even further protected. Since Safari blocks cross-site cookies, there's little reason to add Firefox to your iPhone unless you have a specific need for a separate browser.
To maintain your iPhone's security and privacy, it's a good idea to clear your Safari history and website data regularly. To do this:
  • Navigate to Settings > Safari > Clear History and Website Data.
  • Select All history, enable Close All Tabs, and tap Clear History.

iOS System Tweaks

Additionally, here are some iOS system tweaks that can improve your overall user experience, but don't have an impact on privacy or security:
  • Settings > Notifications > List
  • Settings > Sounds & Haptics > Keyboard Feedback > Sound > Disabled
  • Settings > Sounds & Haptics > Keyboard Feedback > Haptic > Enabled
  • Settings > Sounds & Haptics > Lock Sound > Disabled
  • Settings > General > Background App Refresh > Apple Store > Disabled
  • Settings > General > Background App Refresh > Music > Disabled
  • Settings > General > Background App Refresh > Notes > Disabled
  • Settings > General > Background App Refresh > Numbers > Disabled
  • Settings > General > Background App Refresh > Pages > Disabled
  • Settings > General > Background App Refresh > Shortcuts > Disabled
  • Settings > General > Background App Refresh > Siri > Disabled
  • Settings > General > Background App Refresh > Voice Memos > Disabled
  • Settings > General > Keyboard > Auto-Correction > Disabled
  • Settings > General > Keyboard > Memoji Stickers > Disabled
  • Settings > Battery > Battery Percentage > Enabled
  • Settings > Passwords > Password Options > Autofill Passwords > Disabled

3️⃣ iOS versus GrapheneOS Summary

As we conclude this section on iOS device configuration, it's essential to weigh the pros and cons of using an iOS device versus a GrapheneOS device. While iOS devices are generally secure, Apple's control over user accounts, privacy considerations and the requirement for an active online account to access full device functionality can be limiting.
In contrast, GrapheneOS devices offer a more private and secure experience, this is particularly important for individuals who value extreme privacy and want to minimize their online footprint.
If you do choose to use an iOS device, it's crucial to take steps to protect your privacy. This includes modifying your settings, disabling iCloud, creating an anonymous Apple ID, and using a prepaid account. By taking these precautions, you can at least minimize your privacy risk from iOS.
However, if you're looking for a more seamless and private experience, a GrapheneOS device may be the better choice.
By following the recommendations outlined in the book, you can take the first step towards achieving better privacy and security, regardless of which device you choose. Remember, every layer of privacy you apply to your digital life is beneficial, and it's never too late to start making changes.
I hope this section of the book has been helpful in configuring your iOS device. In the next post, we will continue our Extreme Privacy Journey and learn about Mobile Device Strategies to further enhance your digital security.
👋
This post needs some serious appreciation!
reply
The best, simple and quick guide for iShit users is this:
especially for those users that are bitcoiners. For a fiat maxi, maybe an ishit still have some use with some banking apps.
reply
100 sats \ 2 replies \ @Skipper 8 Jan
"My extreme privacy journey"
Proceeds to use a closed source spyware OS controlled by a bigtech company known for spying on its users
ngmi
reply
121 sats \ 1 reply \ @Skipper 8 Jan
PART 4 of his EXTREME PRIVACY journey will be him going through his Google account page and turning on all the 'privacy' settings. that will stop all the Google spying, for sure!
PART 5 is him using Surfshark VPN on top of a Windows spyware OS and installing random scripts to disable the AI Recall feature.
PART 6 is him creating a Twitter account without KYC
🤣😂
reply
LOL you make my day with this comment
reply
That is a wonderful write up, thank you! If I may, I'd suggest that after downloading all of the apps you need on your phone, you repeat this step because each app defaults to enabled when you first download it: Settings > Siri & Search > (each app): Disable all
One other comment/question. I like using VoIP apps (google voice, mysudo) in order to have numbers I can give people who I don't want having my 'real' phone number. Additionally, they are great when I travel internationally and need to make a call to a number in the USA.
I know you recommend grapheneOS over iOS and I generally agree, but have you found any acceptable VoIP apps for graphene? Google voice of course requires google play services on graphene and mysudo simply doesn't work (or at least you need a second phone to subscribe).
Also, do you have any thoughts on VoIP or phone number privacy in general? I know Michael Bazzell talks a fair amount about maintaining privacy of your SIM card number in his guides.
reply
Hi, thank you! Unfortunately, I couldn't replicate the setup from the book as it's more US-specific. The book actually recommends VoIP.ms, which they configure for GrapheneOS, but I don't have firsthand experience with them, but they might be worth looking into.
reply