For a long time I’ve done development work and writing for a site that keeps its lights on through advertising, so I sympathize with content-creators’ need for (and frustration with) ads. It’s a necessary evil, and I’ve always found it a bit disheartening to see AdBlock Plus at the top of every “Popular Plugins” list (whether for Chrome, Firefox, or Safari). Worse, there seems to be a sense of entitlement among savvy internet users, telling them that they shouldn’t have to endure ads. Commonly this might be veiled as being “anti-corporate” or some other such vague excuse, but the real reasons are usually the same as those behind piracy: it’s just nice not to have to pay for things, whether through eyeballs, bandwidth, or dollars.
(None of this is to say that I am entirely innocent on these points.)
Here are the things you can do to make your browsing a little more private and safe, while still (mostly) allowing the sites you love to pay their bills. These tips will be written for Firefox users (though the equivalent plugins are readily available in Chrome and Safari), and won’t include things that readers of this site will probably already know about (e.g., avoiding “watch movies free” sites and their ilk, and disabling pop-ups).
1) Disable persistent third-party cookies
Disabling third-party cookies entirely — or deleting all cookies when you close Firefox — is impractical. I want to stay logged into Gmail and Twitter between sessions, and I want to be able to use Disqus (whose embedded comment threads rely on cookies). Unfortunately, Firefox’s preferences panel only gives you these two options. Instead, you can make third-party cookies alone be session-only.
To do this, type
about:config into Firefox’s address bar, and search for “thirdparty”. Double-click the entry that reads “network.cookie.thirdparty.sessionOnly” so that its value is changed to “true”. This will allow third-party cookies but delete them every time you close Firefox.
This is a significant and entirely invisible way to reduce a lot of the vulnerabilities to which you subject yourself on the web. If you do nothing else — say, if you are opposed to add-ons — at least do this.
2) Install Flashblock
I have no qualms with making Flash on-demand if it means that some ads will get blocked. Flash is insecure, terrible for your battery life, a strain on your computer’s resources, and sometimes noisy without being asked to play. When ads are compromising my operating system and hardware, I don’t have a problem with cutting them off at the source.
Flashblock turns every Flash embed into a clickable region, so that no Flash loads until you explicitly instruct it to. Conveniently you can also whitelist sites (like, say, YouTube) from the toolbar, so that the add-on doesn’t get in the way of content you actually want to see.
3) Install Ghostery
I’ve been using Ghostery as an alternative to AdBlock Plus for years now, and although its stated goals are different — to protect you on the web, not to obliterate ads because they’re pesky — the effects are largely the same. If there are any ads that can get past Ghostery but not AdBlock, I’d be surprised.
But since our goal here is not to eliminate ads wholesale, Ghostery’s fine-tuning options make it a fairer alternative to the content creators you rely on.
Ghostery groups “Trackers” and cookies — what they used to call “TPEs,” or “Third-Party Elements” — into five categories, and you can block or allow them at will:
- Advertising (“A tracker that delivers advertisements”)
- Analytics (“A tracker that provides research or analytics for website publishers”)
- Beacons (“Trackers that serve no purpose other than tracking”)
- Privacy (“Privacy notices as well as some other privacy-related elements”)
- Widgets (“A tracker that provides page functionality (social network button, comment form, etc.)”)
When we talk about privacy on the web, much of what we mean falls only into a few of these categories, specifically Analytics, Beacons, and Privacy. Widgets are so often innocuous and desirable that I have several of them whitelisted (Ghostery’s highly granular whitelisting options is another of its great qualities), and Advertising is what we’re trying to avoid overreaching on. By blocking only the last four of these categories, we can let the necessary evil of advertising get through without compromising nearly as much of our personal info.
Obviously these solutions aren’t perfect, neither for the user nor for the website producers, but it’s mostly effortless and is the closest thing to a middle ground I can figure. If you think there’s some room for improvement or disagree with any of my assumptions, please let me know in the comments.