As originally conceived, the internet supported anonymity. Your PC sent a page request to the server, the server returned the requested page, and the interaction was over. The only thing the server got was your IP Address (without which it couldn’t send you that page). Today, your surfing is anything but anonymous. Each browser request comes with a ton of info about you and your PC. Trackers gather more data using cookies and fingerprinting techniques. Targeted ads are the most innocent result of this tracking; other effects are less benign, up to and including identity theft.
It’s nearly impossible to maintain total anonymity and still connect to the internet, but there are things you can do to limit your exposure, from connecting through a VPN to hiring a service that deletes your data from legitimate data aggregators. We’ve collected products and services that take many different approaches to privacy protection. Check out our reviews, then choose one or even more to defend your privacy.
Our Experts Have Tested 124 Products in the Security Category This Year
The Email Nightmare, Part 1
Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it. Read someone else's mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming.
Encrypting your email is one obvious way to protect the privacy of your messages. It's a significant and effective technique, one that merits its own, separate roundup, The Best Email Encryption. See that article for a deeper dive into these snoop-fighters. Here's a brief summary.
Preveil, Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography. All but Preveil use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private. To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key. Simple!
Using Preveil is even simpler, though. A high-tech system involving what the company calls wrapped keys means you never deal with a key, public or private. It does also mean you can't connect with users of other PGP-based services, but few consumers know how to set that up.
This public key technology also lets me send you a message that's digitally signed, guaranteeing it came from me, with no tampering. I simply encrypt the message with my private key. The fact that you can decrypt it using my public key means it's totally legit. ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself. With any of these, you can exchange secure messages with anybody who provides a public key.
Of course, not everyone has embraced public key cryptography for their email. With Tutanota, StartMail, and ProtonMail, you can send encrypted messages to non-users, though you don't get the same level of open-source security. The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app.
Virtru offers email encryption for free, but only if you use Gmail, and only in Chrome. Like Preveil, it handles key management internally, though it doesn't use public-key cryptography. You send an encrypted message, and the recipient clicks a button to read it—without either of you entering a password. SecureMyEmail is likewise free if you use it to protect a single Gmail, Yahoo, or Microsoft account. ProtonMail offers a free tier, but with some limitations.
Given that these tools have their own roundup, we've removed them from this article's product lineup.
The Email Nightmare, Part 2
With the contents of your email conversations encrypted, no hacker can sniff out just what you're saying. However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service. That might not sound problematic, but your email address is typically your user ID for many sites. A hacker who finds your email and guesses your weak password now owns the account. And, of course, having your email address floating promiscuously around the web just invites spam.
But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA. The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox. Most such products let you reply in such a way that your replies seem to come from the DEA. Bulc Club is an exception, in that it doesn't permit replies. If you're done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it.
Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management. ManyMe is unusual in a couple of ways. Like Bulc Club, it's free, which is uncommon. And unlike most such services it doesn't make you register a new FlyBy email (as it calls them) before using it. Say someone at a cocktail party asks for your email. You can make up a FlyBy address on the spot, without giving your actual email away. SimpleLogin also lets you make up DEAs on the fly.
Abine Blur takes the concept of masking your actual identity online to the next level. Besides masking your email address, it offers masked credit card numbers, different for each transaction. You load the masked card with exactly the amount of the transaction, so a sleazy merchant can't overcharge you or use the card again. It even lets you chat on the phone without giving your actual number.
It's worth noting that Private-Mail and StartMail also offer a modicum of DEA management. StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less. Private-Mail offers five alternate email identities, without full DEA management. Tutanota's email aliases are even more limited.
Throw the Trackers Off the Scent
As they say, if you're not paying, then you are the product. You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits. Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie. Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for.
Some years ago, the Internet's Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser. This DNT system never became a standard, but all the top browsers adopted it anyway. It had no effect because websites were and are free to ignore the header.
In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers. You'll find this feature as a bonus in many security suites and some privacy-specific products. Abine Blur and IDX Privacy offer active DNT. Unlike most such implementations, Midnight deters tracker requests in any internet-aware application.
The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser. This ranges from your IP address and browser version down to minutiae like the fonts installed on your system. There's so much information that trackers can create a fingerprint that's almost sure to identify you, and only you.
So, what can you do? Make a liar out of your browser, that's what. Avast AntiTrack mixes up the data sent from your browser so it's different for each website. Important info still reaches the site, but not in a consistent way that could be fingerprinted. Norton AntiTrack does something similar, and, like Avast AntiTrack, it also thwarts traditional trackers.
Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters. Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy. In addition to other privacy components, IDX Privacy includes VPN protection.
Nope, Passwords Aren't Going Anywhere
Passwords are terrible, but we don't yet have a universal replacement. For security, you must use a different non-guessable strong password for every secure site. The only way anybody can accomplish that feat is by relying on a password manager. Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts.
In a perfect world, you already have an effective password manager in place, and you've taken the opportunity to fix any weak or duplicate passwords. On the chance you aren't already equipped, some privacy products have taken to including password management as a bonus feature. Abine Blur, for one, offers a complete, if basic, password manager. It even rates your passwords, giving extra credit for those logins that also use a masked email address. You may prefer separate installation of a top-notch free password manager.
IDX Privacy doesn't help you manage passwords in general, but it does offer a tool to identify passwords you shouldn't be using. Enter a password in its Password Detective tool to check if that password has been compromised. Spoiler: if it's a simple password it almost certainly has. Don't worry; IDX Privacy transmits a hash of the password for its database check, not the password itself.
Public Exposure
The first sign that your privacy is in danger may be the appearance of your private data on the dark web. Hackers who breach online data troves are quick to put what they've found on the market. The free Safe Me mobile app scans the dark web and reports any exposures of your email address, along with breached passwords and other personal data. As you work through the report, updating compromised passwords, you raise your privacy score. Configuring your device's security properly also raises the score, as does working through dozens of short security awareness courses.
Where Safe Me specifically seeks data associated with your email address, IDX Privacy collects a variety of other personal information that it then seeks on the dark web. For each exposure, it offers advice on just what you can do to minimize bad effects on your security and privacy.
Bitdefender Digital Identity Protection also scans the seamy side of the web for your private information, but it goes deeper with its searching than IDX Privacy. It uses connections between found data to come up with data that might relate to you. As you review these possible exposures and either verify or discard them, it fine-tunes its dark web search.
Many Other Modes
Just as your private data can be exposed in many ways, software companies find a variety of ways to protect it. One unusual service comes from Abine DeleteMe. Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data. It searches dozens of websites that legally aggregate public information. Wherever it finds you, it sends an opt-out request to remove your data. This process can't be fully automated, so DeleteMe is relatively expensive.
If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe—if you've encrypted it. We've covered numerous products solely devoted to encrypting files, folders, or whole drives. Some privacy products broaden their protection by including encryption.
SafePic, a free iOS app from Norton Labs, aims to protect sensitive data found in images, things like pictures of receipts, passports, or other sensitive documents. It gathers up such images, puts them into encrypted storage, and replaces them with a blurred placeholder that only you can un-blur.
Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files. You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others. ProtonMail's ProtonDrive also lets you share encrypted files, though officially this feature is still in beta.
With Preveil, storing essential files in your encrypted cloud is a snap. You just treat that cloud like any other folder. Sharing with other Preveil users is also easy.
Virtru doesn't offer cloud storage, but it gives you unusual control over your messages and attachments. You can set messages to expire, disable secure forwarding, and add a watermark to some kinds of attachments. You can also convert attachments into a protected form that only the recipient can view, just like a Virtru message.
In addition to all its identity and privacy protection features, IDX Privacy promises recovery if identity theft happens to you, including remuneration for associated costs. We've determined that we just can't test identity theft remediation, but it's nice to know that if a thief slips past the protective layers, you'll have help with recovery.
One unusual feature in Bitdefender Digital Identity Protection is detection of social media impersonators. This tool doesn't ask for your social logins or require you to install a special app. Rather, it scours dozens of social media sites looking for profiles that are either yours or pretending to be you. Once you claim your actual accounts, any that remain must be impersonators.
Protect the Protectors
When you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness. If you use an easily guessed password, or if a stranger shoulder-surfs your login, you could lose control of your privacy protection. That's where multi-factor authentication comes in.
The concept is simple. With multi-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint). Quite a few of the privacy tools examined here offer a multi-factor option, specifically Abine Blur, Bitdefender Digital Identity Protection, Burner Mail, IDX Privacy, Private-Mail, SimpleLogin, StartMail, and Tutanota.
All these products work with Google Authenticator or another Time-based One-Time Password generator. To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program. Enter the code generated by the app and you're done. Now, your password alone doesn't grant access to the privacy program. A password thief won't be able to enter the code from your authenticator app, and hence won't get in. SimpleLogin and Tutanota also support using a Yubikey or other U2F (Universal 2nd Factor) authentication key.
Preveil also provides a degree of multifactor authentication by the very nature of its encryption. Connecting to your encrypted mail is easy and automatic if you have access to both the email account and to a trusted device. An evildoer who cracks your email account still won't gain access to your encrypted mail and files. And if you lose a trusted device, you can cancel your trust.
As for Virtru, it doesn't require a password and doesn't offer multifactor authentication. You prove your identity by logging into your Gmail account. That being the case, you'd do well to protect that Gmail account using multi-factor authentication.
These aren't the only programs for protecting your privacy, and this isn't an exhaustive list of privacy-cloaking techniques. However, all these programs do their best to keep you safe from advertisers, spies, and creeps online.
Abine Blur Premium
Your subscription to Abine Blur Premium brings a veritable smorgasbord of privacy-enhancing features and services. Its masked emails feature automates the process of using a different disposable email address for every transaction. If one of those masked emails starts getting spam, you can just delete it, and you know which merchant sold you out.
What's the use in masking your email when you're giving the merchant something even more sensitive—your credit card number? Blur masks card numbers, too, and each masked card only has enough value to pay the particular transaction. No shady merchant can charge you extra, or fake another transaction on your card.
You can have all the masked emails you want, but masked cards require a small payment, because Abine expends resources processing the payment. Masked phone numbers are still more limited; you get just one. But when you use that masked phone number, you can be sure your contact won't benefit by selling it to robocallers or text spammers.
It's a small step from tracking your disposable email addresses to tracking your logins for all those websites. Blur includes a complete, if basic, password manager. Most password managers praise you for using a different password at each website; Blur gives you extra credit if you also use a masked email address for each.
Blur securely syncs your password and payment data across all your PCs, Macs, and mobile devices. Its browser extensions offer full access to program features and include an active Do Not Track component that foils advertisers and other trackers. On top of all that, Blur spells out how it handles your data in clear, simple detail. It's a cornucopia of privacy protection.
Abine Blur Premium Review
IDX Privacy pulls together a diverse collection of tools for protecting your online privacy. For starters, it scans the dark web for your personal information, reporting any breaches via email and notification within the app. Once you've worked through its initial findings, it keeps scanning in the background in case of a new breach. In a similar fashion, the Password Detective component looks for exposures any password you enter, without actually causing an exposure itself. And it does its best to remove your personal from legitimate data aggregation websites.
IDX Privacy also offers secure search through the well-regarded DuckDuckGo service. Its simple VPN protects your online communications, while also hiding your real-world IP address. It can block online trackers, and its unusual Social Media Sentry keeps watch for any social media activity that might indicate you've been hacked.
On top of all that, IDX Privacy offers an identity theft remediation guarantee, including a million-dollar insurance policy to cover lost funds and expenses of identity theft recovery. Of course, we couldn't test this guarantee.
IDX Privacy Review
Advertisers really care what you do online. The better they can profile you, the more they can target ads. A nice juicy personal profile is also a commodity they can sell. With the proliferation of active Do Not Track systems, some trackers have switched to a technique called browser fingerprinting. And Avast AntiTrack stands square in their way, ensuring that your browser does its job without painting a target on your back.
Every time you visit a website, your browser sends a ton of information. It has to send your IP address, to receive the requested pages. But it also sends the browser version, OS details, even the fonts installed on your PC. Nominally, this information helps the website fine-tune your browsing experience. But there's so much data spewing from the browser that trackers can easily create a unique fingerprint, and thereby recognize you when you visit a different site.
AntiTrack doesn't suppress the info coming from your browser, as that could cause problems with some sites. It just mixes things up a little, presenting a slightly different fingerprint to each website. It does cost $49.95 per year, but that's fine for some tracking-sensitive souls.
Avast AntiTrack Review
Abine DeleteMe
Some DEA services require you to create a new, pristine email account to receive the mail from your disposable addresses, while others feed directly into your existing inbox. The latter approach is more convenient, but it comes with a problem. Your email address, along with other personal information, is already scattered across the interwebs. Completely wiping that information from the web is impossible, but Abine DeleteMe does everything that is possible to minimize your exposure.
DeleteMe scans websites for dozens of information aggregating websites. These sites legally collect public information and make it easy to find. They also legally must remove your info if you so request. DeleteMe automates the opt-out process as much as possible. However, automation isn't possible in some cases, so Abine retains a staff of human operators to handle those. Every six months, you get a report of what DeleteMe found, and what was removed.
Unlike automated opt-out algorithms, those human operators must be paid. That's why DeleteMe costs more than most privacy services, $129 per year. You can often find discounts, or deals to add a family member.
Abine DeleteMe Review
One way to protect the privacy of your email address is to keep it secret. How can you do that and still communicate? With SimpleLogin, you use an email alias rather than your real address. You can receive receipts, verify purchases, and even hold secure conversations, all without revealing your actual email address. And SimpleLogin is flexible. You can have it generate a random email alias on command. You can create a custom alias if you prefer. You can even make up an email alias without coming near a computer. Other Disposable Email Address (DEA) services offer some of these options; SimpleLogin gives you all of them.
In addition, you can protect your SimpleLogin account using two-factor authentication. It supports the common Google Authenticator style, like many similar products. But it goes a step further and lets you use a Yubikey or other security key for authentication. It's the most feature-complete DEA service we've seen.
SimpleLogin Review
The first thing you do after installing Bitdefender Digital Identity Protection is fill in forms with your personal, financial, and medical information. The product combs the dark web for breaches where any of your information appeared, but it goes deeper than most similar scans. It also turns up exposures that might be your personal information. As you verify or discard these, it refines the search.
The app also seeks your personal data on legitimate data aggregator sites, though it doesn't attempt automated opt-out the way some competing products do.
The last thing you want is some hacker impersonating you on your favorite social media site, trolling your friends and trying to install malware. Bitdefender Digital Identity Protection doesn't ask for access to your profiles. Rather, it scans dozens of social sites for profiles that seem connected with you. Once you claim your actual profiles, any remaining ones may be impersonators.
Bitdefender Digital Identity Protection Review
As the name suggests, Bulc Club exists to help you deal with the deluge of bulk mail and other unwanted mail that infests most email inboxes. This free service lets you communicate with online merchants and other organizations without giving away your true email address. You simply create an email forwarder (this product's name for a Disposable Email Address, or DEA) and pass that to the merchant. Mail sent to the forwarder winds up in your inbox. If you start to get spam, you simply deep-six the forwarder.
Unlike most other DEA services, Bulc Club doesn't let you respond to mail received from forwarders. On the plus side, it flags and removes spam messages that pass through the system. Since it's free, you can give it a try and see if it suits you.
Bulc Club Review
Burner Mail
In the movies, spies use burner phones to communicate, destroying the phones after an operation. Burner Mail applies the same concept to email. Its browser extension (for Chrome or Firefox) detects pages that prompt for an email address and offers to swap in a burner address instead. Messages still reach your regular email inbox, and your replies seem to come from the burner address. If one of those addresses starts getting spam…burn it!
Burner Mail gives you more flexibility than some competitors. As noted, it doesn't require you to create a new email address to receive your messages. You can even change the recipient for a particular burner, or assign more than one recipient.
Burner Mail sticks to the task of providing and managing burner addresses and for $29.99 per year, it does that one job well.
Burner Mail Review
ManyMe
In one sense, you get most free webmail services by paying with your privacy. It only makes sense that if you want to preserve your privacy, you'll have to shell out cash. Not with ManyMe. At present, the DEA service is entirely free, with plans to make money on a feature-enhanced paid edition.
As noted, ManyMe differs from many competitors in that it doesn't require you to register DEAs (which it calls FlyBy addresses) before using them. Start with your account name, append a period and any phrase, and you've got a FlyBy, something like [email protected].
The service does have a few limitations. In testing, we found that its security precautions prevented communication with certain email systems, including PCMag's own. Your main account email address can never be changed after the initial signup. And it doesn't offer two-factor authentication. Still, you can't beat the price!
ManyMe Review
You may not think your internet wanderings are of interest to anybody, but advertisers and other trackers follow your path closely. They use the gathered data to target ads, or sell “you” to others. Some trackers may even have identity theft in mind. Norton AntiTrack heads off these tracking attempts, both traditional cookie-based systems and modern browser fingerprint analysis.
Once you've installed its browser extensions in Chrome, Edge, and Firefox, you're golden. You can bring up the app to view statistics, if you like. For each page you visit, AntiTrack reports how many trackers it blocked, and lets you view full details. Unlike most active Do Not Track systems, it has the ability to feed false information to traditional trackers without totally blocking their activities. Note, though, that it doesn't include any bonus privacy-protection features the way some competitors do.
Norton AntiTrack Review
Safe Me
Safe Me is a free mobile app that takes a threefold approach to improving the privacy and security of your Android or iOS smartphone. It searches for private data exposed on the dark web, directs you to correct any security configuration problems, and walks you through dozens of security awareness courses.
A prominent Safe Me Score represents your progress toward better security. As you work through the dark web exposure incidents, changing compromised passwords and marking the problem as remediated, your score inches upward. Taking the product's security configuration advice also boosts that score.
Each of the over two dozen security awareness courses consists of a short video (around three minutes) followed by a set of quiz questions, usually four or five. If you miss no more than one answer, you pass. And each passed course ratchets up your score. Any smartphone user can benefit from running through this app's activities.
Safe Me Review
Need to submit a receipt for travel expenses? Just snap a photo with your phone and send it along. Want to share your passport details with your partner? Again, a pic is handy. But if you let those pictures remain on your phone, they represent a potential loss of private information. SafePic, an iOS app from Norton Labs, aims to protect those sensitive images from prying eyes, while keeping them available for you, the authorized owner.
SafePic analyzes all the photos on your phone and flags those that seem to contain sensitive data. It places the found photos in encrypted storage, replacing them with a blurred version. By authenticating with a system like Face ID or Touch ID, you can temporarily un-blur the image for viewing. Best of all, it's free.
SafePic Review
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba