A fairer, more conscientious alternative to AdBlock Plus

Hav­ing just stum­bled across an arti­cle advo­cat­ing against AdBlock Plus (via Lea Ver­ou), I decid­ed to revis­it my set­tings for rel­a­tive­ly nui­sance-free brows­ing in Fire­fox.

For a long time I’ve done devel­op­ment work and writ­ing for a site that keeps its lights on through adver­tis­ing, so I sym­pa­thize with con­tent-cre­ators’ need for (and frus­tra­tion with) ads. It’s a nec­es­sary evil, and I’ve always found it a bit dis­heart­en­ing to see AdBlock Plus at the top of every “Pop­u­lar Plu­g­ins” list (whether for Chrome, Fire­fox, or Safari). Worse, there seems to be a sense of enti­tle­ment among savvy inter­net users, telling them that they should­n’t have to endure ads. Com­mon­ly this might be veiled as being “anti-cor­po­rate” or some oth­er such vague excuse, but the real rea­sons are usu­al­ly the same as those behind pira­cy: it’s just nice not to have to pay for things, whether through eye­balls, band­width, or dol­lars.

(None of this is to say that I am entire­ly inno­cent on these points.)

Still, there are some trou­bling com­mon prac­tices among the more insid­i­ous of these JavaScript embeds, and I think there is some jus­ti­fi­ca­tion in cir­cum­vent­ing them. But one does­n’t need to block every adver­tise­ment to severe­ly dimin­ish adver­tis­ers’ abil­i­ty to, say, keep track of one’s brows­ing habits.

Here are the things you can do to make your brows­ing a lit­tle more pri­vate and safe, while still (most­ly) allow­ing the sites you love to pay their bills. These tips will be writ­ten for Fire­fox users (though the equiv­a­lent plu­g­ins are read­i­ly avail­able in Chrome and Safari), and won’t include things that read­ers of this site will prob­a­bly already know about (e.g., avoid­ing “watch movies free” sites and their ilk, and dis­abling pop-ups).

1) Dis­able per­sis­tent third-par­ty cook­ies

Dis­abling third-par­ty cook­ies entire­ly — or delet­ing all cook­ies when you close Fire­fox — is imprac­ti­cal. I want to stay logged into Gmail and Twit­ter between ses­sions, and I want to be able to use Dis­qus (whose embed­ded com­ment threads rely on cook­ies). Unfor­tu­nate­ly, Fire­fox’s pref­er­ences pan­el only gives you these two options. Instead, you can make third-par­ty cook­ies alone be ses­sion-only.

To do this, type about:config into Fire­fox’s address bar, and search for “third­par­ty”. Dou­ble-click the entry that reads “network.cookie.thirdparty.sessionOnly” so that its val­ue is changed to “true”. This will allow third-par­ty cook­ies but delete them every time you close Fire­fox.

This is a sig­nif­i­cant and entire­ly invis­i­ble way to reduce a lot of the vul­ner­a­bil­i­ties to which you sub­ject your­self on the web. If you do noth­ing else — say, if you are opposed to add-ons — at least do this.

2) Install Flash­block

I have no qualms with mak­ing Flash on-demand if it means that some ads will get blocked. Flash is inse­cure, ter­ri­ble for your bat­tery life, a strain on your com­put­er’s resources, and some­times noisy with­out being asked to play. When ads are com­pro­mis­ing my oper­at­ing sys­tem and hard­ware, I don’t have a prob­lem with cut­ting them off at the source.

Flash­block turns every Flash embed into a click­able region, so that no Flash loads until you explic­it­ly instruct it to. Con­ve­nient­ly you can also whitelist sites (like, say, YouTube) from the tool­bar, so that the add-on does­n’t get in the way of con­tent you actu­al­ly want to see.

3) Install Ghostery

I’ve been using Ghostery as an alter­na­tive to AdBlock Plus for years now, and although its stat­ed goals are dif­fer­ent — to pro­tect you on the web, not to oblit­er­ate ads because they’re pesky — the effects are large­ly the same. If there are any ads that can get past Ghostery but not AdBlock, I’d be sur­prised.

But since our goal here is not to elim­i­nate ads whole­sale, Ghostery’s fine-tun­ing options make it a fair­er alter­na­tive to the con­tent cre­ators you rely on.

Ghostery groups “Track­ers” and cook­ies — what they used to call “TPEs,” or “Third-Par­ty Ele­ments” — into five cat­e­gories, and you can block or allow them at will:

  1. Adver­tis­ing (“A track­er that deliv­ers adver­tise­ments”)
  2. Ana­lyt­ics (“A track­er that pro­vides research or ana­lyt­ics for web­site pub­lish­ers”)
  3. Bea­cons (“Track­ers that serve no pur­pose oth­er than track­ing”)
  4. Pri­va­cy (“Pri­va­cy notices as well as some oth­er pri­va­cy-relat­ed ele­ments”)
  5. Wid­gets (“A track­er that pro­vides page func­tion­al­i­ty (social net­work but­ton, com­ment form, etc.)”)

When we talk about pri­va­cy on the web, much of what we mean falls only into a few of these cat­e­gories, specif­i­cal­ly Ana­lyt­ics, Bea­cons, and Pri­va­cy. Wid­gets are so often innocu­ous and desir­able that I have sev­er­al of them whitelist­ed (Ghostery’s high­ly gran­u­lar whitelist­ing options is anoth­er of its great qual­i­ties), and Adver­tis­ing is what we’re try­ing to avoid over­reach­ing on. By block­ing only the last four of these cat­e­gories, we can let the nec­es­sary evil of adver­tis­ing get through with­out com­pro­mis­ing near­ly as much of our per­son­al info.

Obvi­ous­ly these solu­tions aren’t per­fect, nei­ther for the user nor for the web­site pro­duc­ers, but it’s most­ly effort­less and is the clos­est thing to a mid­dle ground I can fig­ure. If you think there’s some room for improve­ment or dis­agree with any of my assump­tions, please let me know in the com­ments.