"Privacy" isn't one product. It's a stack — a small number of services that each cover a different attack surface, and together cover most of what you'd reasonably worry about.
In 2026 the stack has stabilized around four layers. A VPN handles network traffic. A password manager handles credentials. A data broker removal service handles personal records. And — the newest layer, the one that didn't really exist as a category two years ago — a face removal service handles your photos in facial recognition databases.
None of them substitute for each other. They cover four different things. We'll go through each, what it actually does, what it doesn't, and how to think about the whole picture.
Why a Stack at All
The reason privacy is a stack and not a product is that the threat surfaces aren't related to each other. Your network traffic gets exposed differently than your passwords get exposed differently than your home address gets exposed differently than your face gets exposed.
A VPN doesn't help if your password got reused on a breached site. A password manager doesn't help if a data broker is selling your address. Data broker removal doesn't help if your face is in PimEyes or Precheck.ai. Each layer fixes a category of problem the other layers can't reach.
That's also why "all-in-one privacy bundles" tend to disappoint. They usually do one thing well and a few things badly. A focused stack of four specialists outperforms a generalist bundle in 2026.
Layer 1 — VPN
A VPN encrypts your internet traffic in transit and routes it through a server controlled by the VPN provider. The site you're connecting to sees the VPN's IP address, not yours. Your ISP sees encrypted traffic to the VPN, not what's inside it.
What it actually covers
- Hides your IP address from the sites you visit
- Encrypts traffic on untrusted networks (coffee shops, hotels, conferences)
- Lets you reach geo-blocked content
- Stops your ISP from logging which sites you visit
What it doesn't cover
- Anything already public about you (it's a transport-layer fix, not a data-layer fix)
- Cookies, browser fingerprints, or accounts you're logged into
- Tracking by sites you've already given your real identity to
Recommended in 2026: Mullvad, Proton VPN, IVPN. Pay in cash or anonymous payment if you can. Avoid free VPNs — the business model is selling the data the VPN was supposed to protect.
Typical cost: $3–$10/month.
Layer 2 — Password Manager
A password manager generates and stores a unique strong password for every account you have, behind a single master password (or passkey + biometrics). The big gain isn't convenience — it's that a breach of one site can't cascade to the others.
What it actually covers
- Eliminates password reuse, the single most common cause of account takeover
- Generates passwords no human would invent
- Pairs naturally with 2FA (most managers store TOTP codes too)
- Notifies you when a saved site appears in a known breach
What it doesn't cover
- Phishing — if you type the password into the wrong site, the manager will dutifully fill it
- Compromise of the device the manager is unlocked on
- Accounts you set up before you started using one (still reused passwords floating around)
- Anything outside the credential category — it doesn't touch your face, your address, or your traffic
Recommended in 2026: 1Password, Bitwarden, Proton Pass. All three are mature, audited, and offer family plans.
Typical cost: Free–$5/month for personal use.
Layer 3 — Data Broker Removal
Data brokers are companies whose entire business is aggregating your personal information from public records, online activity, and purchased datasets, then reselling it. People-search sites — Whitepages, Spokeo, BeenVerified, Radaris and dozens of others — are the consumer-facing layer of this.
Data broker removal services file opt-out requests on your behalf, track which removals stick, and re-file when brokers re-list you. None of them get every broker, and the lists evolve, but a good service keeps the surface meaningfully smaller than it would be otherwise.
What it actually covers
- Names, addresses, phone numbers, email addresses, relatives, employment history
- Property records, neighborhood info, court records that brokers aggregate
- "Search by name" attacks — making it harder for a stranger to type your name and pull a dossier
What it doesn't cover
- Photos of you. Brokers traffic in records, not images.
- Facial recognition databases (PimEyes, Precheck.ai, FaceCheck.ID, Lenso.ai)
- Social media (you control those settings yourself)
- Government records and court documents in their original form
Recommended in 2026: Incogni, DeleteMe, Optery, Privacy Bee, PrivacyHawk. We have a full comparison if you want the differences.
Typical cost: $8–$15/month.
Layer 4 — Face Removal
This is the layer that didn't really exist two years ago and is still missing from most "complete privacy" recommendations.
Face-search engines — PimEyes, Precheck.ai, FaceCheck.ID, Lenso.ai, and a growing list of others — let anyone with $20–$30/month upload a photo and get back every public web page where that face appears. They scrape the open web continuously and index by face, not by name. They don't care which service hosts the photo. They don't care whether you uploaded it.
None of the other three layers reach this. A VPN doesn't hide what's already public. A password manager doesn't apply. Data broker services don't traffic in photos and don't have removal flows for face-search engines.
Face removal is its own category, with its own removal flows, its own monthly cadence (because the engines re-index continuously), and its own threat model.
What it actually covers
- Filing removal requests with PimEyes, Precheck.ai, FaceCheck.ID, Lenso.ai, and the other public face-search engines that accept them
- Monthly re-filing because removed faces get re-indexed when new public photos appear
- The "search by photo" attack — a stranger snaps a picture and finds your name in seconds
- Reducing the photo supply that powers reverse-image lookups
What it doesn't cover
- Government and law-enforcement databases (those need legal process, not opt-outs)
- Photos other people have on their own devices
- Surveillance camera footage in private retention
- Anything outside the public face-search-engine category
And — same honesty as everything else here — no face removal service erases your face from the entire internet. What we do is finite and specific: file removal requests, monthly, across the engines that take them. The pattern is real and the engines do honor the requests.
Recommended in 2026: Face Privacy is the dedicated service for this. There aren't many alternatives yet because the category is new.
Typical cost: $9.99/month.
What Each Layer Doesn't Cover (Side-by-Side)
This is the part that tells you why you actually need all four.
| Threat | VPN | Password Mgr | Broker Removal | Face Removal |
|---|---|---|---|---|
| ISP logging your traffic | Yes | No | No | No |
| Account takeover via reused password | No | Yes | No | No |
| Stranger types your name, finds your address | No | No | Yes | No |
| Stranger uploads your photo, finds your name | No | No | No | Yes |
| Public Wi-Fi packet sniffing | Yes | No | No | No |
| Phishing | No | No* | No | No |
| Cookies / browser fingerprinting | No | No | No | No |
* Password managers help indirectly with phishing (they refuse to autofill on the wrong domain) but won't stop you if you type the password manually into the lookalike site.
The bottom row is the one to notice. Cookies and browser fingerprinting fall outside the four-layer stack — they need browser-level fixes (hardened browser like Brave or LibreWolf, container tabs, Firefox containers, blocking third-party cookies). Worth doing, but it's a separate layer in itself.
What Order to Add Them
If you don't have the whole stack yet, this is roughly the order that gives you the most coverage per dollar at each step.
- Password manager first. Account takeover is the most common digital harm, and the fix is cheap or free. Do this even if you do nothing else.
- Data broker removal second. The most-exposed attack surface for most adults is "stranger searches your name." This shrinks it materially within 60–90 days.
- Face removal third. If you have any public-facing role, any reason to worry about doxxing, or you've ever appeared in news/conference/professional contexts — this is the layer you're missing. Cost is comparable to data broker removal.
- VPN last. A VPN matters most when you're on untrusted networks or doing things you'd rather your ISP not log. For most people in 2026 it's still worthwhile but not as urgent as the first three.
If you're a journalist, activist, executive, clinician, domestic-violence survivor, or someone with a real threat model — invert the order, do all four immediately, and add a hardened browser plus 2FA on every account.
Total Cost in 2026
The full four-layer stack — done with the recommended services — runs about $25–$40/month, depending on which providers you pick and whether you use family plans.
| Layer | Typical Cost | Why It's Worth It |
|---|---|---|
| Password manager | $0–$5/mo | Stops the most common digital harm there is |
| VPN | $3–$10/mo | Encrypts your traffic, hides your IP |
| Data broker removal | $8–$15/mo | Shrinks "search by name" attack surface |
| Face removal | $9.99/mo | Shrinks "search by photo" attack surface |
| Total | $25–$40/mo | Covers four different threat surfaces |
For comparison: the average identity theft loss in 2024 was around $1,343 per victim, and a single doxxing cleanup typically costs hundreds of dollars and weeks of work. The stack pays for itself the first time it stops one of those.
The 2026 Stack, Visualized
VPN — Network layer
Mullvad, Proton VPN, IVPN. Encrypts your traffic, hides your IP from sites and ISPs.
Password manager — Credential layer
1Password, Bitwarden, Proton Pass. Unique strong password for every account, plus 2FA storage.
Data broker removal — Records layer
Incogni, DeleteMe, Optery, Privacy Bee, PrivacyHawk. Removes your name, address, phone, email from people-search sites.
Face removal — Image layer
Face Privacy. Files removal requests with PimEyes, Precheck.ai, FaceCheck.ID, Lenso.ai, and the rest of the public face-search engines. The newest layer in the stack — and the one most people are still missing.
Each layer is its own product because each layer covers a different attack surface. None substitutes for any other. In 2026 the four together are roughly the floor for "I've done the basics."
The Honest Closing Note
We sell layer 4. We're obviously biased about how important it is. So here's what we'd tell a friend who asked which one to add first if they could only add one:
It depends on your threat model. If you've never used a password manager, do that first — the math says so. If you've already done the first three and you're a public-facing professional, an executive, a journalist, an activist, or anyone with a doxxing concern, the missing layer is the face one. That's the gap nothing else in the stack reaches.
We also strongly recommend pairing face removal with a data broker removal service rather than thinking of it as a replacement. They cover different surfaces. Together they cover most of what a stranger could realistically use to find or harm you online.
Add the missing layer to your stack.
FacePrivacy is $9.99/month and covers the face layer no other privacy service touches. We file removal requests across PimEyes, Precheck.ai, FaceCheck.ID, Lenso.ai, and every other public face-search engine that accepts them — every month, on your behalf.
Start your face removal →Use code STACK at checkout for 15% off your first month.