New Privacy Features in macOS Sequoia

At a Glance

Apple’s recently released macOS Sequoia operating system brings several new features, including features designed to protect your privacy and security while using your Mac.

Apple has added a Passwords app to protect your login information, has made it easier to share only sections of your Mac desktop, and ensures that using new Apple Intelligence features doesn’t expose your personal information to third-parties. In this article, I’ll cover these features and others that will protect your privacy while using Apple’s new Mac operating system.

Passwords App

While macOS has long had the ability to store passwords for use in Safari, the new macOS Sequoia Passwords app offers features that previously required the use of a third-party password manager, such as 1Password or NordPass.

The Passwords app is built on the foundation of Apple’s venerable keychain and can securely store passwords, passkeys for passwordless logins, WiFi passwords, and other sensitive information. All of the information stored in the Passwords app can be accessed across your Mac, iPhone, iPad, and Windows PC through iCloud.

The Passwords app is also compatible with Google Chrome, Safari, and other browsers, thanks to the app’s browser extensions. This offers quick and easy autofilling of forms in browsers and supported applications.

Most third-party apps have an export feature, allowing you to create a file that can be imported into the Passwords app. The Passwords app can import credentials that were exported in the .csv format. The process is relatively painless and takes only a minute or so to export and import the information. Imported passwords do not replace the passwords you already have stored in the app, and you’ll have a chance to review any issue that occurs when importing. Be sure to delete the file after you import it to prevent anyone from having access to your passwords.

The app uses end-to-end encryption to protect the user data stored in the iCloud Keychain, meaning not even Apple can decrypt this data. Two-factor authentication support offers added security.

The Password app also provides alerts for compromised passwords, allowing users to quickly update their login credentials in case they are exposed in a data breach, have been reused, or if they are insecure. The app can create secure passwords, allowing you to keep your accounts secure.

While the macOS Sequoia Passwords app doesn’t offer all of the features of third-party apps, it is a good option for users who don’t already have a password manager installed on their devices.

It should be noted that while most password manager apps will allow you to set a unique password to unlock your passwords, the macOS Sequoia Passwords app uses your macOS password to unlock. This means that if someone is able to obtain your macOS login password they’ll also be able to view all of your passwords, so keep that in mind.

Ability to Share Selected Parts of Your Mac Desktop (macOS Sequoia 15.2)

Until now, when you mirrored your Mac’s display to an Apple TV via AirPlay, you were forced to share your entire desktop. macOS Sequoia 15.2 changes that. (At the time of this article, macOS Sequoia 15.2 is being beta tested, although it is scheduled for a December release to the public.)

You’ll now find options to share your entire screen, specify a window or app to share, or share your extended display when you have multiple displays connected to your Mac. This prevents viewers from being able to see your entire Mac desktop.

You’ll also see a menu allowing you to share an entire screen or a window or application to be displayed when connecting to a television via HDMI.

Rotating WiFi Addresses

Rotating WiFi addresses is an important privacy protection. Your Mac’s WiFi connection uses a unique MAC address that networks use to differentiate it from all of the other devices on the network.

Generally, MAC addresses do not change, unless you have a Mac running macOS Sequoia, which uses rotating MAC addresses by default whenever it connects to a network.

Rotating MAC addresses are especially useful when connected to public networks, like a WiFi hotspot at your favorite coffee shop.

This feature can be turned off for some instances, such as when you’re connected to your home or office router. However, some work networks may need to whitelist your MAC address to allow it to connect to the network. Or, if MAC filtering is enabled by your ISP, that could cause issues if you have rotating MAC addresses enabled and the addresses are swapped too often for your ISP’s liking.

It’s easy to toggle MAC rotation on or off. Simply do the following:

1. Open System Settings. Click the Apple logo in the upper-left-hand corner of your Mac’s desktop and then click on “System Settings…” in the pull-down menu that appears.
2. Click on “Wi-Fi.”
3. Click on the three-dot circle next to your network’s name in the “Known Networks” list. You can also click the “Details…” button next to the name of the network you are currently connected to.
4. Click on “Network Settings…” in the pop-up menu that appears.
5. In the “Private Wi-Fi address” section, click to change “Rotating” to “Fixed,” or click “Fixed” and change it to “Rotating.”
6. This will go into effect for that network only, the rest of the networks listed will keep their setting.
7. Do this for every network you wish to change.

This feature is also available in iOS 18.

Forced Signing of Applications

In previous versions of macOS, users could right-click or Control-click an app icon to override the built-in Gatekeeper protection when opening software that isn’t signed correctly or notarized.

With the release of macOS Sequoia, users will no longer be able to do so. Instead, they’ll need to go to: “System Settings” -> “Privacy & Security” to review the provided security information for software before allowing it to run.

While the “Open Anyway” option has always been available in the system’s Privacy & Security settings, the right-click offered a quick shortcut to the settings.

Apple Intelligence Privacy Protections

One of the biggest worries about using Artificial Intelligence systems is the risk to users’ privacy. Apple’s latest version of macOS, Sequoia, has several Artificial Intelligence features that are known as Apple Intelligence.

One of the biggest differences between AI systems like OpenAI’s ChatGPT or Microsoft’s Copilot is Apple’s focus on its AI system protecting its users’ privacy.

Apple has long been an industry leader when it comes to on-device processing. Apple prioritizes on-device processing, as processes run faster when not using an external server, and user data stays safely on the device, providing enhanced privacy protection.

As you might expect, Apple Intelligence relies heavily on the privacy-protecting “on-device” approach when it comes to processing requests. Apple has designed its AI system to run only on the device whenever possible. No data is sent to the cloud, instead remaining on your device, which encrypts its storage.

Unfortunately from a privacy standpoint, there will be times when Apple Intelligence won’t be able to process your request solely on your device, meaning it will need to contact external servers to process the request.

When that happens, Apple keeps your requests private with Private Cloud Compute, which is designed to provide as much security for requests that travel off-device as it does for on-device processing.

Private Cloud Compute

From the beginning, Apple’s Private Cloud Compute (PCC) is built on five core requirements:

1. Stateless computation on personal user data: This means that data cannot be used for anything but the purpose it was sent for.
2. Enforceable guarantees: Apple offers enforceable security and privacy guarantees. That means it must be possible to constrain and analyze all of the components that contribute to the security and privacy of the overall Private Cloud Compute system.
3. No privileged runtime access: This means that Apple has not built in a privileged interface for itself to allow its employees to bypass Private Cloud Compute security, even in case of an outage or other incident.
4. Non-targetability: This means that no user can be individually targeted by an attacker without needing to attempt to breach the entire PCC system.
5. Verifiable transparency: Apple allows third-party security researchers to analyze and verify the claims of its PPC system.

The full Private Cloud Compute article makes for interesting reading.

Private Cloud Compute Nodes

As mentioned above, Apple Intelligence processes as many requests as it can on your device. For more involved requests, more powerful cloud computing is required. Apple’s PCC servers make use of Apple’s Apple Silicon chips to provide powerful request processing. As the servers are built in-house, Apple controls the build of the servers, helping to ensure against outside attacks.

Private Cloud Compute is made more secure by its use of custom-built server hardware – which includes the same hardware security technology used in the iPhone, such as Secure Boot and the Secure Enclave. Plus, it uses a new operating system that is security-hardened and uses features of both iOS and macOS, specially designed to support Large Language Model (LLM) inference workloads while presenting a much-reduced attack surface.

Apple has also opened up its Private Cloud Compute to review by researchers, and is offering up to $1 million to anyone who finds a security hole in the secure cloud platform. Apple said the aim is “to learn more about PCC and perform their own independent verification of our claims.”

In Closing

As we’ve seen, Apple has added several new features to protect your privacy and security. In addition to shoring up privacy protections in the venerable operating system, Apple has added several new features to keep you secure, both online and off.

While Apple Intelligence is in its early stages, users can feel secure in knowing that Apple Intelligence, while offering several of the same features as other Artificial Intelligence engines, protects your privacy by not sharing any more information than is needed to complete your requests.

macOS Sequoia Privacy FAQs