Questions regarding MacOS on Apple Silicon

Hello, I had a few questions regarding MacOS and setting it up on an Apple Silicon MacBook.

  1. Does using MacOS without an Apple ID really make a difference (privacy-wise) compared to using one? I am aware I would be missing out on Activation Lock, Find My, and the App Store if I don’t use an Apple ID.

  2. Assuming I login with my Apple ID, the only iCloud service I use is Hide My Email. Would turning on Advanced data protection on the MacBook be useful in this case or not?

  3. What features or conveniences would I be missing out on when running a non admin account for daily tasks? From what I have noticed, I can’t delete or install applications without being prompted for the admin username and password. As well as this, changing administrator settings also prompts me. I am fine with this happening. Is there anything else I haven’t experienced yet?

  4. Is downloading Rosetta not recommended? Does it increase the attack surface? I want to download the tutanota native application but it says I need to download Rosetta.

  5. Brave has three versions of their application. One for intel, one for Arm and a universal dmg. Are there any differences between the ARM and Universal versions in general? Is the ARM one just optimised for Apple silicon?

  6. If I decide to download Lulu or little snitch. Does anyone have a complete list of apple domains and connections that should be blocked that do not affect usability, or should I not bother with these applications?

  7. When it comes to deleting applications, I know the simplest way is to drag and drop into the trash but I do not like it when files are left behind by the now deleted applications. Is there a simple way to ensure these leftover files are deleted as the application is deleted?

Thanks in advance!

Here are some thoughts:

  1. I am sure you could make a case for using macOS with a local account not tied to an Apple ID. I don’t bother with this. I try to manage my privacy settings on my Apple account and devices as best I can. For me, it’s not worth the hassle of not having access to the App Store, etc.
  2. Advanced Data Protection is essential, IMO. Without it, Apple can decrypt/access any of your data on iCloud (which also opens your data up to social engineering “recovery” attacks). Advanced Data Protection prevents that. I don’t see a downside to it unless you’re worried that you’ll forget your recovery key.
  3. A lot of software installation requires an admin account, but even when running an admin account, you still have to authenticate for these sorts of activities. By default, macOS seems to behave a lot like modern Linux distributions with sudo for certain activities.
  4. I have heard that Rosetta may use marginal extra resources if it’s installed, but I don’t see any particular reason to not install it…unless you simply don’t require any x86 software (which may be the case). You don’t have to install it right away. The OS will prompt you if you ever try to run x86 code and you can decide then if it’s worth it. I did not notice any performance or battery hit after installing it, though I didn’t do any scientific measurement.
  5. Yes, use either the universal DMG or the ARM version. Either is fine AFAIK, and both are “optimized” for Apple Silicon.
  6. I used Little Snitch for a while, but found that it was more trouble than it was worth for me. I do like some of the objective-see tools, though. What’s Your Sign makes verifying signatures on files (e.g., installers) super convenient. I also like a lot of the other security-related apps there, though I don’t use Lulu either.
  7. There’s no “simple” way to do this. There are some Mac uninstaller helper programs that look for library locations and stuff like that (e.g. Sensei has a feature that attempts to do this). I do use Sensei, but sometimes I’m lazy and just delete from the Application folder. I haven’t run into any problems caused by cruft left in library folders.

Maybe something changed with newer macOS releases but this has always been the case even if youre on an admin account.

That has always been a biggie for me. Unfortunately its no different in macOS, Windows or most Limux distros. Theres virtually always leftovers. There used to be plenty of apps on mac to clean some of that stuff up but with storage space nowadays being plentiful they seem to have not been ported to apple silicon or made compatible with newer macOS releases


This is the beauty of having flatpak, 95% of the time there’ll be no leftover after uninstall


Note you have to select the option to delete the app’s data when you uninstall it in GNOME Software, or run flatpak uninstall --delete-data. But, everything is stored in ~/var/app, so it doesn’t really matter if you don’t any way. No data is left just hanging around.

@Unperson depends on what you want to achieve.
my setup
offline startup:
no apple-id [adv. only if you know what you’r doing = no gatekeeper/syspolicyd]
little snitch
mullvad vpn

mullvad browser + tor + tor browser
utm for openbsd + asahi etc

I’ve seen some recommendations against using brew. Might look into this.

I wouldn’t trust Hide My E-mail. No free alternatives though. and Skiff free-tier options are pseudo anonymous.

Lulu doesn’t, but I can send you my list if you want. Little Snitch might have some presets. Extreme Privacy MacOS guide has a LS list, by the way.

ADP is essential if you use iCloud. I’d ditch iCloud all together.

Brew is generally good. I assume you may see recommendations against it because there are “unofficial” packages on there that could be tampered with vs. what you’d get straight from the source. Maybe there are some other issues…I don’t know.

One of the things that annoys me about Brew is that it can’t properly install LibreWolf on Apple Silicon machines (which isn’t really its fault, but sucks nonetheless). You can get around this by using an app called MacUpdater to update LibreWolf semi-automatically and installing LibreWolf through the dmg on the LibreWolf website. I like MacUpdater a lot, generally speaking, though there could also be privacy concerns with them gathering info on all installed programs on your PC.

Addy offers 10 free anonymous email (just like simplelogin), and unlimited pseudononymous email

Difference is that addy has limited bandwidth unlike simplelogin