My Online Security Setup
In the modern age, it takes a real strategy to protect yourself from invasive mega-corporations who want to track you, bad actors on the malware front and in your face non-stop advertising. Whatever tools you choose have to balance with usability because we all have work we have to get done.
Next DNS
The classic uBlock Origin ad blocker was deprecated by Google Chrome in favor of a less powerful Light version. With the ever-increasing need for security ,Mac users have the option of downloading the NextDNS configuration app from the Mac App Store and setting up a free account with the enhanced DNS server. If you aren't into acronyms, DNS stands for dynamic name service and it is what translates IP addresses into the URLs we use to name websites. You can use a special DNS service to block malware, ads, trackers and other unwanted traffic from ever reaching your computer by using one.
NextDNS is free for up to 300,000 queries a month, and you can use the same account on multiple computers, mobile devices and your router. It works on Macs and PCs, iPhones and Android devices - on anything that allows you to enter your network settings. If you have a large household and require a paid account, it is just $1.99 a month.
Technically speaking, you don't even have to use the app. NextDNS can automatically generate a profile for you to use on your Mac and mobile devices and if you have the right kind of router, you can set it up without having to make ANY modifications to your computer.
NextDNS Features
- Ads and Trackers - currently blocking 119,372 addresses
- Block domains known to distribute malware, launch phishing attacks and host command-and-control servers using a blend of the most reputable threat intelligence feeds -- all updated in real-time.
- Block malware and phishing domains using Google Safe Browsing -- a technology that examines billions of URLs per day looking for unsafe websites. Unlike the version embedded in some browsers, this does not associate your public IP address to threats and does not allow bypassing the block.
- Prevent the unauthorized use of your devices to mine cryptocurrency.
- Block domains that impersonate other domains by abusing the large character set made available with the arrival of Internationalized Domain Names (IDNs) -- e.g. replacing the Latin letter "e" with the Cyrillic letter "е".
- Block domains registered by malicious actors that target users who incorrectly type a website address into their browser -- e.g. gooogle.com instead of google.com.
- Block Parked Domains
- Block any Top Level Domain
- Block Newly Registered Websites
- Block CSAM
- Optional Parental controls for YouTube, Safe Search, Time-based rules, specific apps, websites and games
Nord VPN
My next level of protection starts with my VPN choice, Nord. I run Nord on all my devices, Macs, iPhones, iPads and Apple TV. I don't have a compatible router, but it can be installed on ones that are. Nord has many security features including a malicious URL blocker, web tracker blocker, ad blocker, URL trimmer and a DNS filter to block ads and malicious domains before they reach my device.
Little Snitch Firewall
Little Snitch from Objective Development is truly the most configurable consumer oriented firewall for the Mac platform. The Little Snitch Network Monitor shows you where your Mac connects to on the Internet. You decide what you want to allow or deny. If an app has no need to access the Internet, you can cut off its access. It's easy to use and configure and as a bonus, you can download and install preconfigured block lists from several sources to make your computer safe.
Other firewall options are Lulu from Objective-See and Lockdown Privacy Desktop, which is what I install on my Mom's Mac because it is set it and for get it.
Block-Block for Realtime Protection
BlockBlock monitors common persistence locations and alerts whenever a persistent component is added. It alerts you whenever something is installed and you can decide whether to allow that or block it. It's a free product. You can get more features in the paid version of MalwareBytes or use their free scanner that must be run manually.
uBlock Origin Lite for Browser-Based Protection
There are many factors that go into making a selection of what browser to use. I use Vivaldi's built-in ad and tracker blocking along with uBlock Origin Lite multi-spectrum content blocker plugin to block ads, trackers, malicious URLs and more. Among the most security conscious Mac users who don't need to use a Chromium browser, it is generally accepted that Firefox with uBlock Origin provides the best experience.
These products all work together to provide as safe an environment as I feel I can craft on my Mac. If you have ideas for improvement, please contact me.
Testing
You can use these three sites to check the effectiveness of your security setup.
AdBlock Tester: test your AdBlock extensions
eXtreme Test - Can You Block It ?
Enjoyed it? Please upvote 👇