Pros & Cons

- Hides your actual email address behind temporary addresses
- Manages masked phone numbers and credit cards
- Fully integrates password management
- Offers personal data removal
- Identity theft remediation with a million-dollar guarantee
- VPN for mobile installations
- Lacks high-end password management features
- No VPN support for PCs, and no configuration beyond server selection
- Relatively expensive

Cloaked Specs

Forwards to Multiple Addresses
Multi-Factor Authentication
Online Mailbox
Reply From Alias

All Specs

It's nearly impossible to use the internet without risking your online privacy. Want to buy a rare Pokémon card? You just gave the merchant your email address, credit card number, and perhaps even your phone number. If that merchant goes rogue or gets breached, your private data is gone. Unless, that is, you use a temporary email service like Cloaked. With Cloaked, you never reveal your actual email address, and you can shop without sharing your credit card or phone number. Cloaked goes beyond the basics, with shielded texts, password management, personal data removal, a simple VPN, and even a degree of identity theft protection. That said, Editors’ Choice winner IronVest offers a similar feature set for less than half the price.

How Much Does Cloaked Cost?

There’s a wide range of prices for temporary email services, though most fall between $30 and $60. SimpleLogin costs $30 per year, for example, and Burner Mail is a penny less. IronVest is just under $40, Private-Mail is just under $50, and StartMail is just under $60.

Aside from these, there’s another price point—free. Bulc Club and ManyMe don’t cost a penny. Yes, ManyMe offers a paid tier with advanced features, but you get all the basics for free.

Pricing for Cloaked has bounced around quite a bit. At the time of my initial review, it cost $180 per year, more than three times the price of the priciest competitor. It’s currently $95.99 per year ($9.99 per month if paid monthly). You can also choose a Couples license (you plus one other) for $139.99 per year or a Family license (you plus three others) for $239.99.

Cloaked goes well beyond providing temporary emails and includes a fully integrated password manager, the ability to hide your actual phone number, and identity theft protection. Cloaked offers an insurance policy against identity theft, with a guaranteed limit of up to $3 million. You can consult with experts and get help filing claims, but there’s no detailed monitoring as you get with dedicated identity theft remediation services. Some of these identity services cost significantly more than Cloaked. For example, Avast One Platinum costs $299.99 per year, and IDX Complete runs $355.52. Note, though, that both include a full range of identity and privacy monitoring, along with security suite protection for your devices. Avast, notably, protects six identities and 30 devices out of the box.

Bitdefender Ultimate Security Plus, ESET Home Security Ultimate, and IDShield all cost around $180 and include protection for five, five, and three devices, respectively. The fee for Norton 360 With LifeLock starts at $149.99 per year, and includes a security suite, VPN protection for five devices, and identity theft protection. There are two higher tiers of identity protection, and Norton can protect an individual, a couple, or a family. That’s a total of nine possibilities, topping out at over $800 per year for family protection at Norton’s highest level.

Getting Started With Cloaked

Cloaked no longer offers a 14-day free trial, so you’ll have to sign up with a credit card. You do have a 30-day money-back guarantee if the app doesn’t turn out to be what you wanted.

After the simple signup process, Cloaked prompts you to enter personal data such as your full name, birthdate, and snail-mail address. Entering your SSN is optional, but if you skip it, Cloaked points out that you’re missing out on some protection. When you enter your SSN, Cloaked monitors for abuse of that number.

Once you finish entering your personal data, Cloaked immediately scans its collection of data brokers for profiles that might be yours. I’ll discuss data broker cleanup below. It also prompts you to install the important Cloaked browser extension.

At this point, Cloaked opens to a Home page that provides an overview of all the security and privacy components. Along the top of this screen is a toggle titled Advanced features. If it’s not turned on, click to enable—you don’t want to miss out on advanced features.

A menu runs down the left side, divided into Products, Identities, and Inbox (features I’ll discuss below). The right-hand column lists the most recent messages, with an option to view all messages. Front and center is a summary of data removal progress, with a link to see full details. As you scroll down, you see suggested Action Items, such as installing Cloaked on mobile devices or setting up two-factor authentication.

Bear in mind that this app stores very sensitive information, including messages in the online inbox and the passwords for your most sensitive accounts. To protect that information, create a strong, unique master password and consider layering on multi-factor authentication (MFA), which I’ll discuss below.

The Core of a Cloaked Identity

You don’t want to give away your real identity for privacy's sake, but in many situations, you can’t avoid providing some identity information. That’s where Cloaked identities come in.

At the core of an identity is a pair of email addresses, one real and one temporary. Cloaked generates a temporary email address for you. By observation, it uses three random words such as cease.click.trace or screw.cute.cheap (these are both real-world examples) for the email name. You can generate it again if you don’t like the random email, but there’s no option to fully customize it, unlike most competing products.

Bulc Club, ManyMe, and SimpleLogin take the concept of a custom address to the next level. With these services, you can create a custom masked address on the fly without using a computer or other device. The address becomes active the first time it’s used.

Also essential is the actual email address that will receive forwarded messages sent to the fake address. Conveniently, you can associate different Cloaked identities with different real addresses. With Bulc Club and StartMail, all forwarded mail goes to your main account email. ManyMe is even tougher; you can’t change your main email after signing up. Burner Mail swings the other way, letting you forward a single burner email to multiple real-world addresses.

There’s More to a Cloaked Identity

I mentioned forwarding emails to your real-world address, but you can also create identities without forwarding. In that case, your only access to received emails is through Cloaked’s own online inbox. For each identity, you can optionally add associated contacts and block access for those not on the contact list.

As I describe in detail below, Cloaked is also a full-scale password manager using the same identity system that provides temporary email addresses. Each identity can store a username and password pair. There’s even an option to have Cloaked generate multi-factor authentication codes, replacing Google Authenticator or another authenticator app. Password managers such as Bitwarden and Enpass, among others, also offer built-in authentication.

Cloaked offers the unusual ability to create a cloaked phone number for each identity. As with cloaked emails, you can either forward texts to an actual phone number or view them in the online inbox. IronVest is the only competitor that offers a similar feature, but its masked phone number feature is more limited. There’s no inbox to catch texts, and you get just one masked phone number.

Hands On With Cloaked Identities

The easiest way to use your cloaked identity options online is through the handy browser extension. When you visit a site that asks for your email address, Cloaked offers to generate one for you. Accept the offer, and you’ve created a new identity, titled for the page’s title, with the URL and your brand-new cloaked email address recorded. Any mail from that site will get forwarded to the corresponding real-world email address you’ve selected and will also appear in the online inbox.

At this point, you’re on a roll. You receive messages sent to the cloaked email, and your replies seem to come from that email. If you get spam sent to an identity, you know that the contact for that identity sold you out (or got hacked). If that happens, you can delete the identity or stop forwarding messages. Better still, you can lock it down so only mail from existing, known contacts goes through.

As noted, you can add a cloaked phone number to any identity, which is handy when you need to receive a texted security code. By default, the first text from a new cloaked number goes through to the online inbox and, if you’ve enabled forwarding, proceeds to your mobile phone. Texts from other numbers also get held pending your approval. Calls work in a similar fashion.

You won’t necessarily know who’s sending texts to your cloaked numbers. On your mobile, the text appears to come from the cloaked number rather than the actual sender. You can reply—just be sure you know who you’re replying to.

Multi-Factor Authentication, Two Ways

Anyone who managed to hack, steal, or guess your Cloaked password would have full access to your Cloaked identities and online inbox. If you’re using Cloaked as a password manager, they now own all your accounts. You can head off this disastrous outcome by adding multi-factor authentication (MFA) to protect your account.

The most common type of MFA involves syncing Google Authenticator or another authenticator app with the service you want to protect. The app and the service generate a new security code every 30 seconds. To log in, you must enter both your master password and the current code.

Cloaked offers two MFA options, neither of which is as secure as the app-based MFA I just described. You can have it send a code via SMS or email. Using either of these is still vastly better than going without MFA, of course, but it's not as good as it could be.

That solves the problem of people who shouldn’t have access to your account getting into it. The reverse problem happens when you, who should have access, forget your master password and thus can’t get in.

If that sounds like something that might happen, Cloaked can help. Open the Cloaked settings, then choose the Recovery kit menu item. Follow the prompts to create your recovery kit document, which includes a recovery key with 40-plus characters. Now store that key somewhere safe.

Cloaked Password Manager

The Cloaked browser extension watches your online activity and offers help when you need to enter a new (or existing) cloaked email. That same extension handles Cloaked’s password management features, offering full access to the login credentials you’ve saved.

Import Passwords to Start

If you’re a regular PCMag reader, you probably already have a password manager. Even if you don’t use a third-party password manager, you may have accepted your browser’s offer to save passwords for you. There are various strategies for switching to a new password manager, but the easiest way is to import from your existing collection.

Cloaked can import from Brave, Chrome, Edge, Firefox, Opera, and Safari, as well as from Apple Keychain. Its list of competitors supported for import is rather short: 1Password, Bitwarden, Dashlane, Keeper, and LastPass. Bitwarden, by contrast, imports from almost 50 competing password managers.

In testing, I found that importing from Keeper has improved since my last review, though it's still a minor challenge. I exported my Keeper data as instructed and tried powering through the import process. Given that Keeper is listed as a supported source, I figured it should just work. I was wrong. First, Cloaked treated the first line of data as column headings. I edited the CSV file to add an actual headings row and tried again.

This time, Cloaked correctly matched the title, username, password, and URL fields. It did nothing with the Folder field from Keeper, but then, Cloaked doesn’t use folders as such. When last tested, the presence or absence of a value in the Folder field screwed up the alignment of the remaining fields, so this is a big improvement.

There was one more minor problem. Almost a third of the imported entries came through marked “Needs Review.” A little study revealed that almost all of these had usernames that weren't email addresses. When I bullheaded it and ignored the warning, it imported them correctly.

Password Capture and Replay

Using a password manager has to be easy, or else consumers will go back to pet names and sticky notes. Like all successful password managers, Cloaked automatically captures your credentials when you log in to a secure site. When you’re signing up for a new login, you can have it generate a strong password, something virtually all competitors do. But it also asks if you would like to create a cloaked email address. The password manager in IronVest does something similar.

When you create a new account backed by Cloaked, it initially prompts you to enter all fields, creating a cloaked email and generating a matching password. By default, the password generator generates 20-character passwords that include uppercase letters, lowercase letters, digits, and symbols. You can check or uncheck letters, digits, or symbols if you encounter a site that restricts them. There’s also an option to generate easy-to-remember passphrases like sign.horse.bulb or raw.bold.girl.

When you revisit a site that matches an existing identity, Cloaked offers to fill in that identity. If you have more than one match, it provides a simple menu for you to choose from. In testing, I didn’t find a site that it couldn’t handle.

Form Filling for Personal Data

Like most password managers, Cloaked leverages its ability to fill login credentials, expanding to fill personal data on web forms. To get started using this feature, click your name at the top right of the main dashboard, then click Profile, and select Personal Information from the menu on the left.

Cloaked stores your personal data in small bits, such as Name, Birthday, Gender, and Address. Fill in the data carefully, then click Save Changes. If you click back without saving, you lose those changes.

Dashlane and RoboForm are among the password managers that allow multiple entries in personal data fields. With Cloaked, you just get one entry per field. However, you can add multiple credit or debit cards as payment methods.

The form-filling process has improved since my last review. A cloak icon appears in the appropriate entry fields. Clicking the city field, for example, opens a menu that lets you fill just the city or the entire address. And where it previously failed to fill in the CVV along with a credit card number, this time it handled all the data just fine.

Of course, filling out web forms isn’t a primary feature of password management. It’s just a nice bonus. And every field that Cloaked fills is one you don’t have to type yourself.

Automated Cloaking

Cloaked combines password management with a temporary email address system. As you update weak passwords, you should also consider whether you want to switch to a cloaked email. Of course, this entails going to the corresponding websites and carefully making the changes.

According to the Cloaked FAQ, the company offers a beta feature called AutoCloak that “automatically updates your existing login credentials to more secure Cloaked versions, enhancing your online privacy and security.” Also, according to the FAQ, this feature works only on a dozen or so websites.

My contact at Cloaked revealed that this feature isn’t generally available at present, but that the Cloaked team is “excited for more users to get access to AutoCloaking in the coming months.”

Identity Sharing

In some situations, sharing passwords is necessary, such as when you share a bank account with a partner or when one person in the household manages the streaming accounts. Like most competitors, Cloaked offers secure sharing.

Password managers handle sharing in various ways. Dashlane, LogMeOnce, and NordPass are among those that create connected shares. If you’ve given the recipient permission to make changes, those changes will show up in your own password collection. Bitwarden, Keeper, and Proton Pass allow creating shared folders; everything in the folder belongs to the group.

Click the share-box icon at the top-right of an identity to start sharing with Cloaked. You can choose to share full details (though without things like associated calls and emails) or only the identity name, URL, email, or password. Either way, it’s a read-only share. 1Password uses a similar system, and it’s an option with Bitwarden.

Cloaked creates a password-protected link that gives the recipient temporary access—for an hour, by default. You transmit the link and, for proper security, send the password by another means. The recipient can now view the information you sent, at least until the temporary access expires.

The page that presents the shared information includes a link to install Cloaked, though it’s not entirely necessary. The recipient can copy and paste the received information into their password manager.

What’s Not Here?

Getting your existing passwords stored in a password manager is an excellent first step. However, you’re not truly taking advantage of its service until you replace all your weak and double-duty passwords with strong, unique ones. 1Password, Keeper, and Bitwarden are among the many password managers with built-in password strength reports to help you see which ones need work. IronVest goes a step further, giving you bonus points for entries that have both a strong password and a masked email address. With Cloaked, improving your passwords is a DIY task.

Securely sharing login credentials is a handy feature, but what if you’re no longer alive to initiate sharing? Bitwarden, LogMeOnce, and RoboForm, among others, offer built-in systems that let your heirs access your account, with safeguards to prevent premature access. That’s not something you get with Cloaked.

If you choose Cloaked for its ability to protect your email address and phone number, you won’t go wrong relying on it for password management as well. It doesn’t challenge the best dedicated password managers, but it’s roughly on par with what you get in IronVest.

Data Removal to Protect Privacy

By letting you communicate without giving away your actual email address or phone number, Cloaked prevents the exposure of your private information. Reached by clicking Exposure Status on the Home page’s main menu, the Data Removal feature takes the privacy fight one step further, seeking out data brokers and aggregators who have already captured your data.

Bear in mind that these aggregators aren’t breaking the law; they're simply collecting and packaging public information. To stay on the right side of the law, though, they must comply when you (or Cloaked, as your agent) ask them to remove your data.

Cloaked checks around 120 data broker sites as soon as you activate its data removal feature, and scans again monthly to remove any new profiles that appear. The removal page states that most requests should be completed within two weeks.

Cloaked's collection of about 120 data brokers is a bit on the low side compared with dedicated personal data removal tools. Editors’ Choice products Optery and Privacy Bee cover many hundreds of brokers.

The first step in activating Data Removal is simply entering your phone number. As soon as I did so, Cloaked came back with my full name, birth date, and partial social security number—not mine, though, but my wife’s. It also reported a collection of phone numbers, some of which were clearly wrong. Of course, that was a broker’s error, not a mistake by Cloaked.

I corrected the app’s information to refer to me rather than my wife and verified a few additional data points. Like most products in this area, Cloaked asks for permission to act as your agent for data removals. With preparation complete, its scan took almost no time. A simple message informed me that removals should generally be finished within two weeks.

I added more details, including past addresses and phone numbers. I was a bit disappointed to learn that Cloaked wouldn’t search for these new data items until its next scheduled scan, which is a few weeks away. In any case, Cloaked didn’t find many brokers holding my data. The problem here is that I’ve tested so many products in the personal data removal realm that there’s hardly anything for a new product to find.

A personal data dashboard offers an informative collection of statistics, breaking down the types of data found by past scans. These types include addresses, email addresses, full names, phone numbers, and relatives. A graph shows removals over time, broken down by data type.

Below the stats dashboard is a list of data brokers and their status. You can filter the list by status: Complete, Continued on next scan, In progress, Needs attention, No records found, and Scanning. Those labeled as needing attention typically require you to respond directly to the broker's query or simply confirm your request to opt out.

If you wish, you can review the list of brokers, check removal status, and view details. But you can also just stick with watching the overall stats that show Cloaked’s progress clearing your personal profiles.

Personal data removal is a relatively new feature for Cloaked, and it needs to grow before it can compete with the best dedicated removal apps. Even so, it does a fine job presenting its progress and successes without bogging the user down in the details.

Identity Monitoring

Looking at the Home page’s main menu, there’s a group of three items labeled Products. They are: Exposure Status, Identity Monitoring, and Virtual Cards. I just covered Exposure Status, and I’ll discuss the new Virtual Cards feature below. Once you activate it, Identity Monitoring begins monitoring the dark web for your personal data. You get notified right away if the monitor finds anything.

The home page for identity monitoring lists any data breaches that included your personal information. You can click to see details about the breach, including which personal data items were exposed. Many similar dark web monitoring systems let you archive notifications that you’ve dealt with, for example, by changing a password. Cloaked instead simply moves notifications from the recent list to the historical list after 30 days.

While Cloaked doesn’t include the full panoply of features found in dedicated identity theft remediation apps, it does offer 24/7 help for identity theft remediation, backed by a million-dollar insurance policy from partner AIG.

The full terms and conditions for Cloaked’s insurance will look familiar if you’ve ever dug into another identity theft service. You need to report an identity theft event as soon as possible and no later than 90 days after the occurrence. You can’t be involved in any shady dealings related to the event. Certain payout types have their own sub-limits. For example, the policy will reimburse lost wages at $2,000 per week for up to five weeks. If you think your identity has been stolen, just call the number on the main Identity Monitoring page.

Cloaked Pay and Virtual Cards

Using a Cloaked identity, you can already shop online without giving away your true email address. New since my last review, the virtual cards feature lets you shop while keeping your actual credit card number secret. IronVest’s masked card feature works in much the same way. Start by clicking Virtual Cards in the Home screen's main menu.

To start, you confirm your personal data for Cloaked’s banking partner and agree to the terms and conditions. With that task complete, you can choose to back your virtual cards with a real credit or debit card or draw directly from a bank account. Cloaked points out that if your credit card offers rewards, you’ll still receive them when using it with a virtual card.

Once you’ve verified your payment method, Cloaked invites you to create a masked card for one-time purchase, for ongoing payments, or a custom card. If it’s a one-time purchase, you create a one-use masked card loaded with exactly the amount you’re paying. Once that card is used, it’s done. The merchant can’t tag on an extra purchase or sell the card number.

If you’re paying for a subscription or another recurring payment with Cloaked, you can create a masked card for ongoing use. This type of masked card refills a specific amount from your payment source every 30 days. You can also select a custom card, with full control over detailed settings. For example, you can set a refill interval other than monthly, or set the card to expire in a day, month, or year.

Now here’s the bad news. You may or may not have access to the Cloaked Pay system that backs virtual cards. One of my test accounts has full access, while the other shows the feature as “coming soon” with a button to join the waitlist.

Cloaked’s Limited Mobile VPN

The Cloaked mobile apps for iOS and Android offer all the familiar Cloaked features and more. For testing, I used a Google Pixel 9.

On installing the app and logging in to my Cloaked account, I immediately saw one big difference. Mobile users get full access to Cloaked VPN. A large banner introduces the feature and offers to protect your device immediately. You can let the VPN pick the fastest connection or choose from servers in about 70 countries. If you pick the US, you get to choose from 13 cities. Australia and the UK have two cities, but almost all the rest have just one.

Almost half the server locations are in Europe, and servers in Europe plus North America account for 60% of the total. Asia accounts for another quarter, while Africa and South America at least make a showing.

As for other VPN settings, well, there aren’t any. You don’t get to choose which VPN protocol to use. The VPN doesn’t offer a kill switch or support split tunneling. Even simple settings, like automatically enabling the VPN when you connect to a less-secure Wi-Fi hotspot, are absent. Picking the VPN server is the only setting within your control.

You don’t need those settings to enjoy VPN protection for your mobile connections. Just turn it on, and nobody can tweak or snoop your online connections, not even the owner of the shady café that’s hosting the hotspot you’re using. That said, I’m disappointed that there’s no VPN for the desktop editions. If you want VPN protection for all your devices, you’re better off purchasing a dedicated VPN app or choosing among the best free VPNs.

Using Cloaked on a Mobile Device

The VPN is the first item in your face when you install the Cloaked app on your mobile device, but there’s more, much more. I did find it oddly difficult to get back to the main Cloaked app after working with the VPN. The only way I found was to dismiss the app and relaunch it.

At the top of the home screen are four buttons to generate a new phone number, email address, password, or username. Tapping any of these brings up a screen where you can create a new identity. Below these are panels to access three important mobile features: VPN, call guard, and identity monitoring.

Scrolling further, you’ll find a panel that briefly summarizes data removal progress. It shows the number of personal data items removed and the data of the next full scan. Tapping the summary opens the full analytics page, which charts the removed items and lists the data brokers where Cloaked has removed your data (or is in the process of removing it).

At the very bottom are buttons to view all your identities, check messages in your inbox, deal with cloaked phone numbers, or return to the home screen.

The panel below the VPN is titled “Eliminate spam calls for good.” Tapping this one starts you on the process of setting up Cloaked’s Call Guard feature. The simple setup includes supplying the number to protect, confirming no other filtering system is active, and configuring your phone account so calls go first to the Call Guard system. When Call Guard is active, you never see spam calls—your phone doesn’t even ring.

When you enable identity monitoring on your mobile device, Cloaked displays all breaches it has found that contain your data. As in the desktop version, it puts new findings on the Recent Events tab, moving them to the Historical Events tab after 30 days. You can also review and edit the personal data that Clocked tracks, though this kind of data entry may be better performed on the desktop.

Before you can use Cloaked Mobile for password management, you must configure your device to grant Cloaked autofill permission. If you don’t see this task in the app’s recommended actions, just dig into settings and enable it. Now, when you visit a site where Cloaked has a stored identity, you’ll see an icon to fill in that identity. If you log in to a new site, you can tap the Cloaked icon to create a new identity.

Tapping the Identities icon at the bottom of the main screen brings up a list of all your saved identities. On the desktop, it’s a snap to launch a saved site and automatically log in. With the mobile edition, launching the site requires opening the item and finding the URL on its Settings tab—a bit less obvious. But you can still do it.

Final Thoughts

(Credit: Cloaked)

Cloaked

4.0 Excellent

Cloaked seamlessly protects your actual email behind temporary addresses. While pricey, it also safeguards your phone and credit card numbers, manages your passwords, gives you identity theft insurance, and more.