Nine Personal Security Tools Team Kanary Uses Every Day

Running a privacy company since 2020 means we live and breathe this stuff, and have for a while. Our philosophy is that privacy is not about hiding, but about preparation and control. Being on the internet can feel like a high speed race, so here's the equivalent of finding the right helmet. No fluff, no affiliate links, just the tools that earned their spot after years of testing.

Total individual monthly budget: $15-40/month (depending on which tools you choose)

Note: This stack reflects what works for us in November 2025. Your needs might be different based on your threat model and technical comfort level. And as companies change ownership, the security of these services might evolve. Join our Discord to chat with our team for the latest:

1. VPN: Mullvad

Cost: $5/month (wait for deals or find codes online)

Coverage: 80% of our internet traffic

Coming in as the most popular request, our VPN of choice: Mullvad. From account set up to zero-log-retention policy, they set the gold standard for privacy. They generate a random account number instead of requiring personal details for set up. No name, email, or tracking. The performance is solid and the team is responsive. IP addresses can still be leaked if you’re using a VPN, but if you’re concerned about someone leaking your location by tracking your IP address, a VPN is a helpful layer of security. Just make sure you’re not using a VPN that is known for selling user data.

In second place is iCloud Private Relay. It’s available with an iCloud+ subscription so it’s built right in to your Apple devices. The only issues we’ve had with it are spotty coverage and connectivity going on and off. Because it works mostly behind the scenes, it’s easier to lose track of whether it’s on or not. That’s one reason to not rely solely on this and explore other VPNs for your devices.

Finally is Proton VPN’s paid tier. We use Proton across our team and reliably connect across regions on their premium tiers ($10/month). You get this included in their secure email, calendar, and drive bundle. The only issues we’ve had with proton relate to email deliverability and calendar functionality. So we tend to use their bundle less than Mullvad.

Bonus: VPNs let you watch region-locked content. You can watch HBO in Canada or BBC from the US.

2. Password Manager: Built-In Manager or 1Password

Cost: Free (Built-In Apple/Google/Windows) or $3-5/month (1Password)

Coverage: 90% in Apple Passwords, 8% in 1Password, 2% memorized using keyword randomization

Every account should get a unique, randomized password. When one company gets breached, your other accounts stay safe. Apple's free Passwords app handles 90% of my accounts. The remaining 10% are either in 1Password for shared work accounts or complex random passwords I've memorized using the dice word strategy.

Note: Passwords are being replaced by passkeys tied to your device and should always been backed up with 2FA. Keep reading :)

3. Authenticator Apps: Google Authenticator

Cost: Free (If a b2b app tries to upsell you to add 2FA to your account, publicly shame them)

Coverage: 85% of our accounts support 2FA with an authenticator app, for the other 15% we use sms or another form of multi-factor, even if sms isn't ideal

Google Authenticator, Microsoft Authenticator, or Authy all work well, but Google’s has an impressive 4.9 star rating on the app store. When a site offers 2FA, choose the app option. SMS can be hijacked through SIM swapping, which happens to people more often than you'd think. Especially those who have been in breaches where your phone number tied to your cell phone plan, credit report, crypto account, or bank account has been breached.

Apple users: iOS can generate 2FA codes in Settings > Passwords > Codes, but we still prefer a dedicated app for flexibility.

Note: If you get a new device, you need to make sure you’re transferring your auth app. You can use your password manager to store one time access codes in case you lose your phone.

4. Passkeys: The Future Is Here

Cost: Free

Coverage: 15% of accounts (growing monthly)

If a site supports passkeys, they’re beneficial for most people. If you are a high profile target however, whether that’s attending protests or publishing journalism, there may be cases where you prefer to rely on strong passwords, security key hardware like Yubico, or non-device or non-biometric authentication.

No passwords to steal. No codes to intercept. Your device becomes the key. Apple, Google, and Microsoft all support them now. GitHub, Google, and dozens of other sites already accept them. Currently using passkeys on about 15% of our accounts, but this grows every month as more sites add support.

This is where authentication is heading. Worth adopting now.

5. Burner Emails: HideMyEmail

Cost: $0.99/month

Coverage: 74 email aliases active

With burner emails, every signup gets a unique email address that forwards to your real inbox. Company sells your email? Block that specific address. Data breach? Only that throwaway address is compromised. We use the built in service that Apple provides, they make it very convenient to generate new emails, then store them in your Password manager.

We have on average 74 active aliases. Our real email addresses are known by maybe 10 services. That's 95% of companies that never see our actual emails.

Other services with loyal fan bases include Burner and Firefox Relay. We've had some issues with deliverability using Firefox relay, and seen @icloud email domains significantly outperform any others. But both are maintained by dedicated teams and worth a try.

Note: It does make it a bit awkward when checking out at a mom & pop store since generated emails are a random mix of words instead of a cute email you personalized in the 90's. But a small delay is worth it to protect yourself from spam or more targeted malicious activity.

6. Phone Numbers: Google Voice

Cost: Free (Google Voice) or $5-10/month (Burner)

Coverage: 80% of services get the fake number

Spam is a big reason members come to Kanary. And while scrubbing your data helps, the best way to combat this is to stop sharing out your primary phone number in the first place.

Get a Google Voice number or use a service like Burner (see above). Give this number to stores, restaurants, and anyone who doesn't really need your real number. After 10 years of locking down our privacy, memorizing this secondary number has been hugely important, especially as founders. Working with a new recruiter who might become spammy? Give them your Google voice number. Signing a client invoice that may get leaked? Give them your Google voice number. Dealing with an irrationally disgruntled customer, give them your Google voice number. Only about 20% of services have my real number - banks, family, close friends, or services who have cracked down hard on VOIP numbers.

Note: There’s an alternative to this if your VOIP number, like Google Voice, increasingly gets blocked. It’s to get a dedicated phone from Target. All in, it’s about $50 up front and $25/mo for a basic Cricket Wireless plan. Just note, customer service on Cricket is lacking and wifi/data coverage can be spotty.

7. Digital Wallets: PayPal, Apple Pay, Google Pay, Cash App, Pay Stripe’s Link

Cost: Free

Coverage: 40% of online purchases

We don't love PayPal, and believe their litany of confirmed and suspected breaches are almost unforgivable, but digital wallets are useful as a buffer between your credit card and untrusted online vendors.

A newer service from Stripe called Link, is gaining steam. If you allow one vendor who uses Stripe to save your info with Link, it will auto-populate with other vendors using Stripe. Less an actively managed service for you as an individual, and more an convenience for merchants offered by Stripe.

Privacy credit cards like privacy.com have their viral moments, but overall can be difficult to manage. Your phone likely has a built in wallet now that helps you keep your information private from vendors. Apple Pay or Google Pay are both solid options.

Note: Crypto is often positioned as a private way to transact. This is not true. Crypto is sort of anonymous but not private at all because your wallet ID is likely on a public blockchain. Wired exposes these Myths.

8. Data Scrubbing: Kanary

Cost: $9.99/month (with additional support available for executives)

Coverage: top data broker sites, social media, and search engines

Everyone on our team uses Kanary. Both because we’re always looking for ways to improve it, and because it actually works.

When theknot.com accidentally leaked our founder’s wedding registry online, Kanary found it and removed it. That’s the kind of hyper personal exposure our system is trained for. Yes, data brokers and people search sites are bad. But you should expect a data scrubbing tool to go where your data is, not just check sites you’re likely not exposed on like alabamacriminalrecords[dot]com.

We’ve seen our digital footprints shrink from 150+ exposures to under 5. That's a 93% reduction in publicly available personal information.

And that’s with spending less than 10 minutes per month checking on Kanary’s reports and assisting with escalations. Personal exposures can require personal intervention. This is where the new copilot app makes any action you need to take, fast and clear. In head to head comparisons, Kanary demonstrates faster and more transparent removals across the top priority risks than any other options available.

9. Search Engine Suppression: Google's Free Privacy Tools

Cost: Free

Coverage: 5 active Google Alerts, monthly suppression requests

Google does a great job building privacy tools, but a terrible job marketing them. Most people don't know the following exist:

1. Google Alerts: Monitor your name, address, and phone number across indexed Google results. We have 5 alerts running constantly to help us keep on top of PR, breaches, and other mentions.

2. Remove Outdated Content tool: Force Google to drop old cached pages once personal information has been removed.

3. Results About You: Request suppression of personal info from search results, even if the underlying result hasn’t been removed. In our experience, this tool is seriously hit-or-miss. If you’re struggling to get a result suppressed, consider working with Kanary to help escalate.

Bonus: Physical Security

We're honored you've read this far! To reward you, we're including our recommendations for physical and home address security. This is a huge cause for concern among our high profile clients. After a series of targeted attacks against public officials in 2024 and 2025, we understand how top of mind this is, despite our expertise being in the digital-realm, and provide our recommendations below.

Mail Forwarding Services

Cost: $10-30/month

Coverage: 100% of non-essential mail

We avoid using our home address for online shopping or subscriptions. Everything except government documents and banking goes to a forwarding service like:

• Anytime Mailbox: Virtual mailbox with mail scanning ($10-30/month)

• Earth Class Mail: Opens and digitizes your mail ($20-90/month)

• USPS PO Box: Basic but effective ($4-20/month)

Note: Most states no longer allow PO Boxes to be used on government documents like licenses. If you’re concerned about you’re address being in a government database, look into address services in your area for maritime employees, traveling health professionals, or others who don’t have permanent addresses. We’ve used these services around the Seattle area with success.

Attorneys Specializing in Trusts For Home Address Privacy

Cost: $2,000-5,000 one-time

Public record laws in the US allow the public to look up property ownership records. Our team and our members have worked with attorneys to purchase property in ways that protect your name and family from showing up in these public records. The most common way to do this is through a trust. We are not lawyers, so we recommend you do your own research to find an experience lawyer in your area who you can meet with to discuss their services. If something feels fishy or off, ask us about our experiences in our Discord.

Disclaimer! When you set up a trust, a corporation will be listed as the owner of the property instead of your personal name. If set up properly, you should not be associated. It will minimize your name showing up in data brokers or on real estate transaction reports covered by local journalists. But, leaks do happen. Be extra careful about financing documents or legal documents that list addresses related to the business or trustees. TLDR: Don’t list your home address as contact for trustees.

What's Missing?

This stack doesn’t include recommendations for security cameras, professional event security, fraud, or infrastructure attacks like ransomware. But it dramatically reduces your personal attack surface that might be out there for anyone online to exploit. The goal is to make yourself difficult to target so that the lazy attacker moves onto someone who didn't take the time to lock down their online presence.

Start With One

Implementing this stack all at once can be overwhelming. Our recommendation is to pick one based on your budget, then set a weekly or monthly reminder to move to the next one.

Free start: Google Voice number + authenticator app

Best value ($5): Mullvad VPN

Biggest convenience win ($0.99): Hide My Email

Easiest to set up (Free or $9.99): Kanary

Build your stack over time. And if you need an extra nudge, download Kanary for free on iOS or Android to have help getting started.