Moving from Fedora: macOS Security, Privacy Hardening, and Dev Tool Recommendations

Hello everyone,

I’m currently on Fedora, and I’m considering moving to a MacBook Air or Pro because, based on various posts I’ve read, macOS is a much more secure operating system than Fedora (with a bit more privacy trade-off, though there are always ways to minimize telemetry as much as possible).

I’d like to know whether, on a MacBook, applying the recommendations listed here: https://www.privacyguides.org/en/os/macos-overview/ would still allow me to do coding (Python, SQL, etc.), use Excel, and so on. If yes, which software would you recommend?

I’ve also heard a lot about Fedora SecureBlue, but on closer inspection—and based on various comments—this OS seems better suited to experienced users. Another drawback: compatibility. When I switched to Fedora, my microphone stopped working; I’m having exactly the same issue as the one described in this thread, even though Fedora appears to have issued a fix in their recent updates: https://discussion.fedoraproject.org/t/microphone-array-not-detected-in-linux/159421 although my microphone’s still not detected.

There’s also a lack of compatibility with Microsoft applications. There is, of course, the web version that lets me use Excel, for example, but it doesn’t always work and it can’t open spreadsheets with a lot of data. Switching to LibreOffice isn’t possible either for compatibility reasons (I regularly transfer professional projects to my personal PC, and we use Excel at work).

I also get the impression that, in most cases, official applications are more easily available on macOS than on Linux.

I wanted to add these details in case someone recommends prioritizing SecureBlue over macOS—even if SecureBlue provides more security than stock Fedora and far more privacy than macOS!

Thanks!

Yes, you can still do those things (depending on the settings of the tool(s)) And you can find the recommendations on another page

macOS is a perfectly fine OS to use if you couple it with the right tools and apps and settings for all that you need. Linux is not always enough for all things especially if you rely on Adobe and MSFT products and when you need maximum compatibility.

1 Like

The discussion around Linux security is a lot more complicated than Mac simply being better by every metric. It is true that Mac implements better security features and that might matter for some situations. On the contrary, there are some cases where Linux would actually be the safer option.

It won’t result in a meaningful difference for most people and unless they have a reason to, they probably shouldn’t worry too much about it. If you’re unsure of which would be better for you or if you should even be worrying about this at all, feel free to elaborate on your threat model.

Michael Bazzel takes some very extreme measures (much more than what Privacy Guides covers) to protect his privacy and was still surprised by what data Apple managed to collect on him. That podcast episode is from 2019 and you’d need to find an archive of it to listen to it, but Apple users of today are free to request all of their data and see what’s being collected on them.

He had to dig deep to find some of the concerning data collection, so simply skimming the data archive won’t give you a good understanding of everything they’ve got on you. GNU documents numerous issues with Apple’s operating systems including invasions of privacy. While Mac is going to be preferable to Windows or ChromeOS, saying it’s only a bit of a privacy trade-off compared to Fedora Workstation is a massive understatement. Ultimately you’re the only one who can decide whether that matters to you more than the convenience you expect to get from switching to Mac.

I’d just stick with Fedora Workstation if you decide to stay on Linux, it’s still recommended by Privacy Guides as the easiest option and it should be safe enough for the vast majority of people. Again, feel free to elaborate on your threat model if you believe that might not be the case.

If you haven’t already, I’d try asking the Fedora community yourself about your issue. But if no one is able to help, I’d recommend trying Ubuntu instead. Ubuntu has a much larger support community and some things can work better out of the box, so I’d recommend switching to it and asking their community for help (if needed) as a last resort.

More importantly though, something a lot of people don’t think about when switching to Linux is whether their device was made to work with it. While Linux does its best, unfortunately manufacturers who refuse to support Linux will be more prone to issues. If you don’t hold macOS to the standard of being able to work on your laptop which doesn’t support it, you shouldn’t hold Linux to a different standard.

You may have other reasons to switch to Mac and that’s fine, but if you’re willing to buy a new laptop, this shouldn’t be one of them. If you cannot get Linux to run on your current laptop and are willing to buy another, consider buying one which officially supports Linux. For example, Framework is a popular repairable laptop which officially supports Fedora, but doesn’t come with it pre-installed. I believe there are even some Dell and Lenovo laptops which officially support either Ubuntu or Fedora. There are various other manufacturers who officially support one Linux distribution or another.

If neither LibreOffice, ONLYOFFICE, or Microsoft 365 Web work for you and you need 100% compatibility with others using Microsoft Office, you may need to switch to Windows or Mac. But if you still want to try to make Linux work, you can look into WinApps or dual booting Windows.

Most applications are cross-platform, but there are some (like certain apps from Microsoft or Apple) which will only work on Windows or macOS. Similar to the issue of hardware, if you want to switch to Linux you need to be willing to try to switch to software which was made to run on it. (Not saying you haven’t tried, I’m just reiterating that the blame lays with the app developers who are trapping you in a restrictive and privacy-invasive ecosystem.)

2 Likes

As a current MacOS user (And also use AlmaLinux with a OpenSCAP profile), I tend to use DrDuhs Guide which has been probably mentioned before but I’ll just mention it again since it’s extensive and might answer a lot of questions that might not get fully answered. macOS-Security-and-Privacy-Guide/README.md at master · drduh/macOS-Security-and-Privacy-Guide · GitHub

Wow — thanks for such a precise, well-sourced reply! There’s a ton of useful info in there with varied resources and I see you took your time to answer, much appreciated.

Threat model / priorities

  • Avoid leakage of sensitive data (work, banking), especially in case of loss or theft.

  • I power the laptop off whenever I travel so data at rest stays encrypted and very hard to exploit for an opportunistic thief.

  • Not a high-value/targeted individual; I want strong defaults with minimal tinkering.

  • Also consider a skilled adversary: a technically experienced person with physical access attempting to recover my professional data from a lost/stolen device. Mitigations I care about: strong full-disk encryption, secure boot/firmware protections, strong passcode, and minimizing attack surface.

Why macOS is still appealing to me

  • I need native Microsoft apps, especially Microsoft Excel, Word/PowerPoint… Also all dev apps (Visual Studio, etc.).

  • Some gaming on the side; I’m unsure about real-world macOS performance and game availability on Apple Silicon, so any first-hand reports are welcome.

  • Longevity & reliability: many testimonials of Macs running smoothly after 4–5+ years. The hardware/firmware/support story is reassuring.

Where Fedora fits / where I hesitate

  • Fedora can fit my model too—my drive is LUKS-encrypted and my practices are sane—but I’m still less confident than I would be on macOS, especially after reading the SecureBlue creator’s comments on their forum.

  • Compatibility issues persist on my current machine (e.g., built-in mic not detected). I appreciate the Ubuntu suggestion, but I’m not interested in Ubuntu (security posture doesn’t appeal to me, even if the community is great).

So here are my questions:

  1. If I harden macOS following PrivacyGuides or the other ones that were mentionned to me (why PG’s being lighter on these recommendations btw?), are there steps that tend to break development workflows (Python/SQL, Docker, IDEs)?

    • Any “don’t do this if you code on MacOS” hardening tips you’ve learned the hard way?
  2. For the gaming piece on Apple Silicon: what’s realistic today (genres/titles, perf expectations)?

Given my needs (native Microsoft apps—especially Excel—light gaming, reliable hardware, low maintenance), does choosing macOS sound reasonable to you right now?

Thank you!

Thanks for the pointer — this guide seems very thorough. Do you know why Privacy Guides doesn’t recommend those additional hardening steps by default? Is it mainly usability/maintenance trade-offs, or are certain items considered out of scope or too likely to break common workflows? And what about gaming?

1 Like

Thank you!

Gaming in MacOS is not very usual, so I think you’ll have more titles to play in Linux/Wine than on Mac.

Even on games like Minecraft? Not talking about availability, but performances (and if that’s okay with a MacBook Air)

Before switching to Apple you should first take a look at SecureBlue: https://secureblue.dev/
They implemented many hardening techniques and disabled insecure things.
So you could stay in the Open Source area and have great security at the same time.

I think MC is available for Mac, but do you own research, like for example availability of mods or other things that you usually install/use on your gameplay.

No I don’t use mods I play vanilla, what worried me was performances

Then you may want to turn on Find My. You don’t have to turn on Location Services to use Find My, but you can.

It’s true that Microsoft 365 have dedicated native apps on macOS. However, that doesn’t mean that it has all the features of Microsoft 365 on Windows.

There are many games that runs natively on macOS, including Minecraft. For Windows-only games, you can check out Crossover (paid) or Heroic Games Launcher (free). You can check out YouTube channels like Andrew Tsai or MrMacRight for more information.

Privacy Guides aims to provide information for regular people who may not familiar with terminals. Also, I don’t very familiar with the programing landscape, but I’m pretty sure that most development apps for macOS is not sandboxed, which goes against Privacy Guides’s recommendation.

(post deleted by author)

No problem.

As someone who made the opposite move (MacOS → Windows /Linux), here are my two cents:

  1. MacOS is secure, but only if you don’t download unverified apps. You can still install malware the same way as an Arch user can obtain malware from the AUR or a Windows user from a random website. Even if this happens, MacOS supports verified boot, meaning that a simple reset can prevent most forms of malware from persisting beyond a single session
  2. My main gripe with MacOS would be ARM though. It’s a great daily driver for school or professional work, but horrible if you need to run specific VMs or run a Linux Distro like Tails or Whonix. Yes, UTM and Parallels does work but you are pretty much locked into ARM versions of OSes unless you are willing to take the performance hit of running an x86 VM.
  3. So in short, Linux wins for anonymity and privacy, but loses out on MacOS for security and professional apps

Regarding your threat model, Fedora Workstation sounds like it’d be fine so long as you’re using full-disk encryption with a strong password and keep the laptop powered off when not in use.

As far as I can tell, a lot of devs are fine with (or even prefer) Linux except for when they need to develop for a certain proprietary platform like iOS or macOS which gets tricky on Windows as well. Microsoft Office compatibility is a genuine limitation Microsoft places on non-Windows/Mac users. If neither WinApps nor dual booting Linux with Windows works out for you, you’ll have to switch over to the dark side.

I don’t have personal experience but I do know that people generally don’t recommend it. While the hardware is capable in theory, it sounds like game developers don’t often develop for Apple Silicon Macs. Maybe my knowledge is out of date. For what it’s worth, Linux has great compatibility with Windows games through Proton which is integrated into Steam and can be used for non-Steam games.

Apple is definitely a premium brand, but their repairability seems to me to be some of the worst in the industry. Framework (which officially supports Fedora) is as repairable as a laptop can be and I’ve heard mostly good things about the experience. If that’s not your thing, I’ve heard Dell has a pretty good track record being a more premium brand and they should have some options which officially support Linux. You could ask on a Linux forum or subreddit for better tailored hardware recommendations, they’d be more in the know than I am.

Where there any comments in particular that made you concerned that Linux wouldn’t be suitable for your threat model?

For what it’s worth, Ubuntu’s security (particularly their latest versions) seems mostly comparable to Fedora. The main downside I’ve seen is that Snap forcibly collects some telemetry which is a downside for privacy, but it is still leagues ahead of macOS in that regard and I’d suggest you reconsider it for that reason if Fedora’s community isn’t cutting it for you.

If you’re willing to spend some time on the issue, I’d give WinApps a try to get Microsoft Excel working on Fedora. The mic issue is a matter of asking more active support communities and if that fails, buying a Fedora/Linux supported laptop assuming Excel on WinApps works out for you. Otherwise, I’d give in and get a Mac as a final resort if I were unable or unwilling to get Excel working on Linux.

1 Like

Mac more secure than a Linux distro against what? Certainly not against Apple’s malware.

And if you care about gaming at all, Linux is a far, far superior platform these days, nearly on par with Windows when it comes to game compatibility. The main exception is competitive online games requiring kernel-level anticheats, which you should refuse out of principle, as they are also a form of malware. Check ProtonDB to see if your games run on Proton.