How to liberate your laptop: The definitive guide

In 1789, William Blake wrote his seminal poem, Songs of Innocence and of Experience.

Among the themes of this culturally significant piece was a denouncement of the alleged hypocrisy and repression of church and religion. It was about the “yearning of youth for freedom in love” and the “right of children to be treated as individuals with their own desires”.

Fast forward a couple of centuries.

In September 2014, Apple inserted a U2 album debut called Songs of Innocence into the music library of millions of (the predominantly young) Apple users around the world. Rolling Stones magazine called it “a triumph of dynamic, focused, renaissance” and “11 tracks of straightforward rupture.”

Not everyone saw it that way.

“It’s kind of scary knowing that Apple can just add media to your phone like this without your consent, especially since you can’t truly get rid of it. [. . .] Apple needs to realize that our devices aren’t theirs to play with any more. We’re not leasing them, we bought them. If Apple wants to give us something, ask us first, don’t just shove it in and expect everyone to love it.”

Apple Gazette

Within days, Apple had to apologize and quickly roll out an update, allowing users to delete the album (and its cover art) from their music libraries. So much for the “renaissance”.

Fast forward 6 years.

In March 2020, Apple inserted contact trac1ng into billions of smartphones around the world. Did mainstream press write breathless articles about how “scary” that move was?

“This kind of surveillance will be a key component in restoring society to normalcy,” wrote Engadget. Did the masses freak out? Did Apple apologize and roll the change back?

No.

To this day, every time you open the Settings app on your iPhone you are confronted by an ominous “Exposure notifications” label.

That was the initial shock for me, and the first of many.

Loss of innocence

On that day I realized I was in the wrong crowd.

It also dawned on me that all those products I’d bought were not really mine. Apple could unilaterally make my personal devices do things I didn’t understand or consent to.

Yeah sure, contact tracing is “private” and “opt in” . . . until, one day, it isn’t. In March this year, I wrote.

Apple’s mandate ends with mass adoption. Once Apple normalizes a technology—biometric login, health records, digital IDs, and so on—it then becomes possible for governments and authorities to introduce and mandate their own “enhanced” version.

Up until that fateful day, I was your average fan boy. I would lap up everything with a fruit logo on it, and I sang its praises to anyone who’d listen. But in the space of a few days all those Apple gadgets had become a liability.

I immediately sold my new 16-inch MacBook Pro, iPhone 11 Pro, AirPods, and Apple Watch. However, I had to keep my old MacBook Pro and iPhone SE until I could figure out alternatives.

As I was about to learn, escaping Apple is not easy.

The Apple ID handcuffs

Pretty much all my software was tied to my Apple ID. If I were to delete it, I’d instantly lose everything: Final Cut Pro ($299.99), Logic Pro ($199.99), Motion (49.99$), Compressor ($49.99), and dozens of paid 3^rd party apps. None of that software really belonged to me. I didn’t have a software license key; all I had was Apple’s permission.

Fuck that.

I deleted everything. I removed all my files from iCloud and moved them to Tresorit. I de-registered from Apple Music, logged out of Apple ID, and emailed Apple Support to have them delete my account once and for all – a process that took weeks. In the meantime, I closed down Gmail, Facebook, Instagram, Whatsapp, LinkedIn, AirBnB, YouTube, Amazon and every other big tech account under my name. None of that was easy—they don’t make it easy—but that’s a story for another day.

When I finished removing “Apple” from my MacBook I ran a check with my firewall (Little Snitch) and noticed that my laptop was still phoning-in to Apple’s servers. I reverted to manual clock settings and disabled automatic updates but that didn’t change much. I instructed Little Snitch to block all Apple domains, to no avail. According to my NextDNS logs, my computer was still connecting to Apple servers. I blocked those servers in NextDNS only to see new ones pop up after a few days.

Apple is hellbent on tracking every last thing we do on our devices and there is not much we can do about it. Privacy, my ass.

I then searched for alternative methods of getting software.

As it stands, you can still download apps directly to your MacBook (without the App Store) but MacOS is making it harder with each new version. Many popular 3^rd party apps no longer offer direct downloads (other than trial versions). For example, Things and iA Writer—two of the best productivity apps out there—are only available via the App Store.

With some effort you can still make it work; the stock apps are good enough and several 3^rd party vendors offer direct downloads. But the writing is on the wall:

The days of installing software without Apple’s permission are numbered.

If Apple doesn’t like an app—on the basis of “misinformation”, “hate speech”, “public health”, and so on—users will have to “suck it up” and live without it. From Telegram in 2018, to Parler in 2021, and Damus in 2023, the list of removals is rapidly growing. Last year, Apple admitted they had removed almost 2.8 million apps “as part of the App Store Improvements process”. That’s 2.8 million apps I am not allowed to use on a computer I supposedly own

Enough already.

I don’t want any politically-correct fucktard to decide what I can and cannot do on my computer.

Linux was the only way forward.

Over the following months I installed several Linux flavors in virtual machines (using Oracle VirtualBox).

Eventually I gravitated towards Manjaro, a beginner-friendly fork of Arch Linux. The appeal of Arch Linux forks is that they are lightweight (especially if you choose the XFCE desktop environment).

I then tried installing Manjaro as the primary OS on my MacBook but those efforts ended in frustration. Modern MacBooks come with T2 security chips and System Integrity Protections that prevent you from installing non-Apple operating systems. And even if you bypass all that, you may still run into driver compatibility issues. In my case the track-pad didn’t work.

It was time to sell my MacBook and get another computer.

But what computer?

Sure, I can walk into any local shop and pay for a generic laptop with cash.

The problem with generic PCs, however, is that they come with locked and undocumented firmware (Intel ME or AMD PSP). This firmware has privileged access to all hardware. In other words, there is a system-wide backdoor in almost every modern computer out there.

Specialized laptops like Purism, StarLabs, and System76 ship with an open-source replacement to this firmware that disables manufacturer backdoors. They also offer privacy and security upgrades like mechanical kill-switches for cameras, microphones, and wireless; and they come pre-installed with Linux.

On the flip side, however, those laptops are only available online. Some vendors accept Bitcoin but you still need to organize a shipping address, pay customs charges, and wait for delivery. Another challenge is their supply-chain constraints. Those niche vendors consistently ran out of stock over the last few years, leading to several months of wait times.

The biggest drawback with specialized laptops, however, is that they are just that: special. In other words, they stand out.

The more security and privacy measures you take, the smaller your anonymity set becomes – online and offline. Case in point: specialized laptops have a more unique online signature compared to off-the-shelf, run-of-the-mill computers. Purism, for example, runs PureOS, an operating system that is more unique than Windows, MacOS, and popular Linux flavors.

My approach is different:

Instead of relying on high-tech privacy tools (which involve 3^rd party trust), I prefer low-tech measures:

• Sure, you can get a specialized laptop with camera and microphone kill-switches. But isn’t it more effective (and trustless) to cover the camera and microphone with tape?

• Sure, you can use Qubes OS to separate your workloads from each other, but isn’t it more effective (and trustless) to run your workloads on separate machines?

Getting Started

So I bought a second-hand Lenovo ThinkPad, considered by many as the gold standard for Linux. It’s professional-grade and comes with a solid keyboard.

The installation took less than 30 minutes.

When I was up and running I reviewed my NextDNS logs and there was zero traffic, except from an occasional ping to Manjaro.org verifying network connectivity and checking for package updates. And, of course, you can disable it. That’s the beauty of Linux; if you don’t like something you are free to change it.

When I finished installing Manjaro I turned my attention to software, starting with cloud storage.

The more I looked into cloud storage, the more conflicted I became.

In the beginning I thought all I had to do was move my files to a cloud provider that is not Apple or Google. There are plenty of end-to-end encrypted apps to choose from. Or are there?

As it turns out, the business model of most cloud storage apps has very little to do with storage. Why? Because they don’t have any datacenters. All they have is a massive Amazon AWS bill.

Sure, they E2E-encrypt everything which (probably) means nobody else can open your files. But that doesn’t change much – your files end up on the same datacenters.

So, is cloud storage a safe bet? Let’s see:

• Apple experienced several outages in recent years. So did Amazon and Microsoft. During this time, users were unable to access their files.

• Further downstream, you rely on internet service providers and the power grid, both of which have proven to be anything but solid.

Do I want to align my fate with big tech and big telco? My answer was a resounding no.

So I decided to take ownership of my data.

I downloaded all my files and closed down my cloud storage accounts. I then used VeraCrypt to encrypt everything, moved all my data to USB sticks, and stored them separately from my laptop.

“But how do you sync your data across your devices?”

I don’t.

The only place I ever access my personal files is my laptop.

Whenever I need to interact with officialdom (banks, governments, travel, online shopping, and so on) I reach for my old iPhone. I only ever use that phone for things that are associated with my identity (you can read more about it here). Bottom line is this: laptop and phone have nothing in common, so there is nothing to sync.

Password Management

In 2021 I transitioned from 1Password to Bitwarden. If you need your passwords to synchronize across devices, you cannot go wrong with Bitwarden. They are FOSS, their paid plan is $10 / year, and they accept cryptocurrencies including Bitcoin Lightning.

In 2023 I transitioned to KeyPassXC.

KeyPassXC goes out of its way to keep your passwords offline. And that’s exactly what I want (because I no longer synchronize, right?). KeyPassXC needs no accounts, no payments, and no internet connection. The user is in full control. And if I ever need to access my passwords on another device, all I need is a single database file, which I backup—together with everything else—on my USB sticks.

A quick word on 2FA. The best security practice is to store 2FA on a separate database from your passwords. But as KeyPassXC points out, storing 2FA and passwords in a single place is still superior to not using 2FA at all.

Virtual Private Network (VPN)

Even though I don’t associate my ID with anything I do on my laptop, I still need a VPN because internet providers know who their users are. Same applies to co-working spaces and communal WiFi networks.

If you are still on the fence, please read my earlier article and get yourself a good VPN.

My preferred choice is iVPN because they accept cryptocurrencies and they don’t require emails or accounts. Are they 100% trustworthy? I don’t know; but I don’t need to know. I don’t trust any software—open source or otherwise—because I don’t know its creators and obviously haven’t verified every last line of code.

Everything circles back to keeping things separate.

The eagle-eyed among you might wonder if I use the same VPN account across my laptop and phone. The answer, of course, is no. Those devices have absolutely nothing in common – that’s the whole point.

Internet Browsers

In keeping with my keeping-things-separate thesis, I use different browsers for different tasks:

• Brave (and Firefox) for generic browsing.

• ungoogled-chromium as a dedicated Google Maps browser.

• LibreWolf for all websites that require accounts: Twitter, Protonmail, Substack, and so on. Each website runs in its own dedicated container and when the browser is closed all non-container cookies are automatically deleted.

• I have another browser reserved for all those Turnstile browser tests. According to CloudFlare, Turnstile is “collaborating with 3^rd parties” to help validate a device. I don’t like the sound of that so I keep those websites separate.

• I also use a separate browser for captive network WiFi prompts.

If I could only use two browsers I’d go with Librewolf and ungoogled-chromium because they are security- and privacy-hardened out of the box. No need to deactivate Google Safe Browsing, Firefox’s data collection, Brave’s daily usage ping, and so on.

The more browser extensions you have, the more distinct your browser fingerprint gets, and the easier can websites track you. I only use NoScript and uBlock Origin.

Remember, there is no such thing as online privacy.

Everything else

• Task management: Everdo

• YouTube viewer: FreeTube

• RSS reader: Fluent Reader

• Podcasts: gPodder

• MS Office replacement: LibreOffice

• Encryption: VeraCrypt

• Communications: Signal, Telegram

• InDesign replacement: Scribus

• Photoshop replacement: Gimp

• PDF utility: PDF Arranger

• eBook reader: CoolReader

• Mind mapping: Minder

Do I miss my MacBook?

Hardly.

My Linux laptop is as fast, secure, and usable as it was on day 1. And I don’t remember it ever crashing. My MacBook used to crash as a matter of course. Not Linux. And considering how fast Manjaro runs, I won’t be needing a new laptop for another decade.

I don’t miss Apple either.

Please understand, you never really own an Apple product. Think of Apple as a lifestyle company with billions of subscribers:

• Apple wants you to pay for your MacBook with interest-free Apple Card Monthly Installments.

• They want monthly payments for a new iPhone every year. They are transitioning to a subscription model for everything, including hardware.

• And let’s not forget about Apple Music, Arcade, iCloud+, TV+, Fitness+, News+, and tv+.

Apple bears the hallmarks of a religious cult. They use the App Store to banish wrongthink, they extract tithe payments for perpetual novelty, they isolate their followers behind AirPods and Vision Pro headsets, and position themselves as the ultimate authority.

Breaking free is not easy, but it is worthwhile.

Sure, I don’t have Facetime and iMessage, no Liquid Retina XDR Displays, no TouchID, and no six-speaker sound systems.

But life is better outside that world.

Try it.

If you enjoy my work, feel free to send me some sats or buy me a coffee. If you want to make a regular Bitcoin donation, click here.