Having just stumbled across an article advocating against AdBlock Plus (via Lea Verou), I decided to revisit my settings for relatively nuisance-free browsing in Firefox.
For a long time I’ve done development work and writing for a site that keeps its lights on through advertising, so I sympathize with content-creators’ need for (and frustration with) ads. It’s a necessary evil, and I’ve always found it a bit disheartening to see AdBlock Plus at the top of every “Popular Plugins” list (whether for Chrome, Firefox, or Safari). Worse, there seems to be a sense of entitlement among savvy internet users, telling them that they shouldn’t have to endure ads. Commonly this might be veiled as being “anti-corporate” or some other such vague excuse, but the real reasons are usually the same as those behind piracy: it’s just nice not to have to pay for things, whether through eyeballs, bandwidth, or dollars.
(None of this is to say that I am entirely innocent on these points.)
Still, there are some troubling common practices among the more insidious of these JavaScript embeds, and I think there is some justification in circumventing them. But one doesn’t need to block every advertisement to severely diminish advertisers’ ability to, say, keep track of one’s browsing habits.
Here are the things you can do to make your browsing a little more private and safe, while still (mostly) allowing the sites you love to pay their bills. These tips will be written for Firefox users (though the equivalent plugins are readily available in Chrome and Safari), and won’t include things that readers of this site will probably already know about (e.g., avoiding “watch movies free” sites and their ilk, and disabling pop-ups).
1) Disable persistent third-party cookies
Disabling third-party cookies entirely — or deleting all cookies when you close Firefox — is impractical. I want to stay logged into Gmail and Twitter between sessions, and I want to be able to use Disqus (whose embedded comment threads rely on cookies). Unfortunately, Firefox’s preferences panel only gives you these two options. Instead, you can make third-party cookies alone be session-only.
To do this, type about:config
into Firefox’s address bar, and search for “thirdparty”. Double-click the entry that reads “network.cookie.thirdparty.sessionOnly” so that its value is changed to “true”. This will allow third-party cookies but delete them every time you close Firefox.
This is a significant and entirely invisible way to reduce a lot of the vulnerabilities to which you subject yourself on the web. If you do nothing else — say, if you are opposed to add-ons — at least do this.
2) Install Flashblock
I have no qualms with making Flash on-demand if it means that some ads will get blocked. Flash is insecure, terrible for your battery life, a strain on your computer’s resources, and sometimes noisy without being asked to play. When ads are compromising my operating system and hardware, I don’t have a problem with cutting them off at the source.
Flashblock turns every Flash embed into a clickable region, so that no Flash loads until you explicitly instruct it to. Conveniently you can also whitelist sites (like, say, YouTube) from the toolbar, so that the add-on doesn’t get in the way of content you actually want to see.
3) Install Ghostery
I’ve been using Ghostery as an alternative to AdBlock Plus for years now, and although its stated goals are different — to protect you on the web, not to obliterate ads because they’re pesky — the effects are largely the same. If there are any ads that can get past Ghostery but not AdBlock, I’d be surprised.
But since our goal here is not to eliminate ads wholesale, Ghostery’s fine-tuning options make it a fairer alternative to the content creators you rely on.
Ghostery groups “Trackers” and cookies — what they used to call “TPEs,” or “Third-Party Elements” — into five categories, and you can block or allow them at will:
- Advertising (“A tracker that delivers advertisements”)
- Analytics (“A tracker that provides research or analytics for website publishers”)
- Beacons (“Trackers that serve no purpose other than tracking”)
- Privacy (“Privacy notices as well as some other privacy-related elements”)
- Widgets (“A tracker that provides page functionality (social network button, comment form, etc.)”)
When we talk about privacy on the web, much of what we mean falls only into a few of these categories, specifically Analytics, Beacons, and Privacy. Widgets are so often innocuous and desirable that I have several of them whitelisted (Ghostery’s highly granular whitelisting options is another of its great qualities), and Advertising is what we’re trying to avoid overreaching on. By blocking only the last four of these categories, we can let the necessary evil of advertising get through without compromising nearly as much of our personal info.
Obviously these solutions aren’t perfect, neither for the user nor for the website producers, but it’s mostly effortless and is the closest thing to a middle ground I can figure. If you think there’s some room for improvement or disagree with any of my assumptions, please let me know in the comments.
Blue says:
Nice article.
Why install Ghostery if you delete third party cookies anyway? shoudn’t be enough?
Jay says:
Thanks for the comment.
Ghostery prevents certain third-party cookies from being set in the first place, protecting you for the duration of a single browser session, rather than only between sessions.
dummyano says:
Are you aware of ghostery business model? I was a fan unitil I discovered.
It may be ok if your only concern are ads, but I’m not ok with them *anonymously* reporting what I browse.
Ary says:
Great article. I recently had a change of heart toward adblocking. I hate that ads over the years have become more obtrusive. I realized I didn’t really mind the ads AND I am visiting a website so who am I to impose my beliefs on someone else’s intellectual/digital (whatever the correct word is) -property? If the information is good and it’s being made available to me for free, I am thankful. As long as there is no harm on my end when I click on the site and the safe-looking links. So I am looking for something that keeps me protected, reduces page load times, but still gives all the revenue to a website for the ads it hosts.