Creating a 'dirty' a locked APFS volume next to another (main APSFS volume) that can't be seen locations and is not accessible.

I think I've found a solution; If you create a separate APFS volume running OS, you should encrypt it and turn on filevault. When you unmount the volume, it won't be shown in locations. Then just make sure that volume's password is not stored in your keychain. When you try to mount it you can only do so by entering the password. Furthermore in recovery mode (command r) make sure you have your firmware password on and have top security on your volumes. Also install an app locker and use it for your keychains, terminal, etc - and again: do not store that password in your keychain. Off course in your system settings only allows mac os software to download. Then create an admin and user account and make sure your user account doesn't have admin permissions and work from the user account.

What do you think? Good idea?

If anyone knows how to bypass this system please let me know :)

It's not my spycraft btw... I'm the victim here. I just don't want my machine to be compromised AGAIN.

A 'dirty' machine is kind of a hassle. Is there no other way around it?

And If I get a 'dirty' machine. Then it should never ever connect to my home network right? Or I will be compromised again?

All tips are welcome.

Yes, that may be an option.

Maybe this dumb question but I'm little rusty here.

Is it still possible to boot from a usb stick using an  APFS volume? And if I boot up from a usb stick or external hdd

will all my folders and keychain of the main volume still be accessible in locations?

Because that's the part I'm worried about.

I just want to be able too pee and not have to bring my mac to the toilet with me :)

I'm dealing with someone I know and love but who's a complete freak and willing to go to great lengths

to access ALL my private data and my network and who has the skillset to do that.

The problem is that I have a mac I need to work on in an environment with someone who will go to great lengths to obtain my personal data. You could possible describe this person as a sociopath or a personal data addict and I am (one) of this persons targets. That specific person is in charge of the wifi network too.

However this is someone I love, so I will not go to to the police or any stuff like that. And yes, you may describe me as a freak too for not doing that - but it's my choice, please respect that. However I want this to stop and protect myself at all cost from this person accessing my data. What are my best options?

Thanks you so much for your kind advice. However, I have already done all these things and WPA2 is not sufficient. Only WPA3 is.

The person in question is very adement and equipped to get in by any means possible so I guess

a second 'dirty device' is my best option.

But thank you so much for taking the time to answer me.

Have a nice day / evening.

Sorry Grant, didn't read your last message. yes that may be helpful. Thanks!!!

However I've already wiped all my drives now and purchased a new modem / router.

But for future reference this is super welcome. THANKS :)

This is very helpful Grant, thanks!