Secure Platforms
Improve your privacy and security with a solid foundation.
Windows
No. Treat it like a game console but turn it off when you're not using it. Only use it for gaming. No banking, no conversations, no shopping.
Mac
macOS can be locked down pretty far but it removes most of what makes a Mac a Mac, the invasive and connected ecosystem. It's still an option though for Mac buyers with hardware that is not fully supported in Linux yet.
Extreme Privacy goes into it much better with step by step instructions but the gist is:
- After wiping the machine, do not sign in to iCloud.
- Install a software firewall (Lulu or Little Snitch) before connecting it to the network for the first time. Bring the installer on a thumb drive.
- Turn off all invasive system features, including connectivity and syncing related features.
- Be sure to encrypt the disk with FileVault.
Linux
The best desktop platform for privacy is a good Linux distro.
Good
Linux Mint or Pop OS.
Qubes OS is very useful but it is elaborate excess for someone needing to just leave invasive operating systems like Windows and stock macOS.
Avoid
Installation and operation has gotten easier, but if you're new to Linux you don't need to use Arch for basic privacy. The same goes for Fedora.
Kali Linux and Parrot OS are predominantly for professional work. They are not a daily driver for someone focused on privacy (even the one labeled as a daily driver).
iOS
Leave the iPhone ecosystem as soon as you can. Smartphones in general are a privacy nightmare. iPhones reach back to Apple regularly for a number of reasons. They even do it when you're connected to a VPN, sending that traffic outside of the VPN and informing Apple about where you are despite the VPN.
The operating system is closed source, has not been audited by third parties, and regularly sees outrageous security flaws. One example that's top of mind was the ability to remotely execute code by sending a text message or facetiming, even if the recipient doesn't pick up or interact with the message.
In recent years Apple has made great progress protecting the contents of locked phones. They even automatically reboot after 72 hours of being locked to reset them to Before First Unlock mode in case they are stolen.
Regardless, forensic software companies are able to unlock a number of iPhones even when reset to the Before First Unlock state. Being a popular platform also means they're a high priority for those forensics companies.
Rooting an iPhone does not improve the situation. While it may give you greater access over the processes running on the phone and allow you to wreak havoc among them in the search for more privacy, jailbreaking also fundamentally breaks the security of the phone since it depends on a software exploit to accomplish.
Stock Android phones
The versions of android shipped from mainstream vendors have the same kind of privacy concerns that iPhones do:
- system services that report back to the manufacturer, around VPN connections
- system services that report back to Google for functionality related to the Play Store, around VPN connections
- shown to be unlockable with forensic software and popular enough research is always high priority for cracking the newest phones
- likely unpatched vulnerabilities that remain to aid intelligence community backdoors
As mentioned above for iPhones, jailbreaking the stock operating system of an android phone would compromise the security and create a larger problem.
Degoogled Android phones
GrapheneOS, CalyxOS, LineageOS... they're the descendents of the "custom android ROM" fad seen years ago where customers often wanted to upgrade their software sooner than the absentee hardware manufacturers would bother.
Nowadays the main focus is getting Google's ecosystem off of the phone or at least sandboxing it to gain more control over when it runs and with what information.
Another important emphasis is charging port security. USB data blocker cables are nice but you don't always have control over what cable someone will use to charge your phone.
Good
GrapheneOS is the standard that phone cracking companies like Cellebrite measure themselves against in sales literature.
Ok, with caveats
LineageOS is an ok degoogled android choice but it would not sandbox apps or Google Play the way that Graphene would. Reasonable degoogled choice if you will only use f-droid store or you need to run android on non-Pixel hardware.
Avoid
CalyxOS would normally be an excellent alternative to Graphene but they are on hiatus and not keeping up with upstream Android security fixes as of mid-late 2025.
Avoid any phone sold by a security influencer youtuber. The reviews for phones like that reveal they're often old hardware, freely available software with very small changes, and builds that aren't keeping up to date with upstream security patches. Ironic.
What About Flip phones
Flip phones, brick phones, candy bar phones, you remember them.
A few things are working against those classic phones.
First, most of them aged out when phone companies shut down their support for 2G and 3G networks. You can no longer walk around with a working 20 year old Motorola StarTAC.
A second concern is that many "dumb phones" are running a fork of Android operating system anyway. You bought that TCL flip phone? If it's running KaiOS, that's a smartphone in a way. Folks buying them for a digital detox are often unpleasantly surprised to find they even have a YouTube app preinstalled.
Perfectly acceptable with the data plan turned off and only accepting calls and text messages though. That's an option you have.
Either that or buy a Jitterbug Flip2. Despite their website text that says paying a minimum of $15 a month for their plan is the only option, Lively clarified in the Best Buy comments that Jitterbug Flip2 is unlocked nationwide and works with carriers that are willing to accept it. That's a $20 roll of the dice to see if your MVNO will work with it.