Tools
A curated directory of 11 tools we use, evaluate, and recommend across the AI security landscape — with our take on each.
Virtual Private Networks
Mullvad
Anonymous-account Swedish VPN. No email required at signup — accounts are random 16-digit numbers. Pays cash, Monero, or card.
Our take
The benchmark for privacy-respecting VPNs. The flat €5 price (no "3-year discount" pressure) and the anonymous account scheme set them apart. Audits in 2020, 2021, 2022 confirmed no-logs claims.
Proton VPN
Swiss-based VPN from the Proton team (also Mail/Drive/Pass). Free tier is genuinely usable. All clients open-source and independently audited.
Our take
Best free tier in the space and the only major provider where the same vendor handles VPN + encrypted mail + password manager with consistent threat model. Pair with Proton Mail for the cleanest single-vendor privacy stack.
IVPN
Gibraltar-based no-logs VPN. Account IDs only, no email. Clients open-source. Multi-hop, AntiTracker DNS, port forwarding on Pro.
Our take
The under-the-radar choice. Smaller server network than NordVPN, but its anonymous accounts, audited no-logs policy, and clean apps put it in the same tier as Mullvad.
Password Managers
Bitwarden
Open-source password manager. Free tier covers unlimited passwords, devices, and TOTP storage. Self-hosting via Vaultwarden is well-supported.
Our take
The default recommendation. Open-source clients, regular third-party audits, and a free tier that beats most paid competitors on features. Self-host with Vaultwarden if you want to remove vendor dependency entirely.
1Password
Polished password manager with strong family-sharing, secrets-management for engineers, and Secret Key (a per-account extra factor beyond the master password).
Our take
Best UX in the category and the only major manager with the Secret Key model — meaningful protection against server-side breach. Closed-source clients are the main tradeoff for privacy-focused users.
KeePassXC
Offline, open-source password manager storing credentials in a local encrypted file. Syncing is your responsibility — use Nextcloud, Syncthing, or any cloud drive.
Our take
The maximum-privacy option. Nothing leaves your devices unless you choose to sync. The flip side is real friction: no built-in mobile sync, you assemble that yourself. Best for technical users who want full control.
Encrypted Email
Proton Mail
Swiss end-to-end-encrypted email provider. Web app, mobile apps, and Bridge for desktop clients. Onion site for Tor users.
Our take
The default for encrypted mail. Real Tor onion service, no SMS-required signup, and the company keeps shipping privacy adjacents (Drive, Pass, VPN). Note: metadata (sender/recipient/subject) is still visible to Proton; only message bodies are E2EE.
Tutanota
German E2EE mail provider. Encrypts subject lines and bodies (Proton doesn't encrypt subjects). Custom mail protocol — no IMAP/SMTP support.
Our take
Encrypts more metadata than Proton (notably subjects), but the lack of IMAP/SMTP rules it out for power users who depend on desktop clients. Best when you don't need to bridge to anything else.
SimpleLogin
Email-alias service. Generates burner addresses that forward to your real inbox. Useful for signing up without exposing your primary address.
Our take
Best-in-class alias provider, and now owned by Proton so it ties into that ecosystem cleanly. Free tier limits aliases but not features. Run-of-the-mill [email protected] aliases are fine; custom-domain aliases need paid.
Browsers & Hardening
Mullvad Browser
Tor Browser without the Tor network — same fingerprinting-resistance settings, runs over your direct connection or your VPN.
Our take
Built jointly by Mullvad and the Tor Project. The right default for people who want Tor-style anti-fingerprinting on the open internet. Use it for VPN-protected browsing where Tor is overkill.
Brave
Chromium fork with aggressive built-in tracker blocking, fingerprinting protection, and a Tor-routing private window mode.
Our take
Best mainstream-Chromium privacy browser. Sane defaults, no extension needed. The crypto/ads modules can all be disabled in settings — turn off Brave Rewards and the crypto wallet on first run.