
Blocking Ads, Trackers, and Malware in Browsers, Devices, and Networks
This post was originally published on 18 MAY 2022; it has since been updated and revised.
You may hear a lot that you should block ads and trackers, but you may also have a lot of questions, such as (but not limited to):
- How can you block ads on your iPhone or Android?
- Is it possible to block ads on your SmartTV?
- What's the best in-browser adblocker for Windows or Linux?
- Which browsers have native (built-in adblocking)
- Which adblockers should you use?
- Which adblocking method is best?
This guide aims to answer these questions and to provide information on different adblocking solutions that can hopefully help you in eliminating privacy-invasive ads and trackers in your browser, on your devices, and on your home/small network.
Why you should block ads (and trackers)
The main benefits of block ads and trackers boils down to limiting the amount of data collected about you (privacy) and improving your security.
Some users may also find ads annoying and unsightly, which by itself could fall outside these two benefits or complement them.
For better privacy
Ads are typically displayed with embedded trackers (most commonly tracking pixels), though they may use other tracking methods as well. Generally speaking, different methods of tracking (and their subsequent implementation) collect different data, ranging from identifying you, your devices, and network(s) to tracking the various things you may do on your devices.
Trackers buried in targeted advertisements can collect:
- Personal Identifiable Information (PII); which can include but not limited to age, gender, age
- IP addresses
- Specific location data
- Click-through rate of other ads (especially if the ad is served by the same ad network)
- Screen resolution
- Device type (device, operating system, version numbers)
- Browser settings
- Browser's referrer header
- Browsing habits
- Set language prefs
- Timezone settings
* Not an all-inclusive list
More data points collected over time paint a better "overall" picture of you, the user. Accurate, current, and relevant data relies heavily on tracking the user - often across multiple channels (think: browsing history, search history, location history, purchase history, among others).
Likewise, the more data points targeted ads and their associated trackers collect, then the more severe the negative effect on user privacy:
- Location data reveals the places you go
- Message metadata can reveal who/when you talk or message someone and over time can reveal your contacts and contact frequency
- Browsing data tells advertisers a wealth of information from the type of websites you visit to your visit frequency and duration
- Tracked and logged searches , which can be sold or "shared," tell advertisers what you're looking for
- Invasive analytics show anywhere from how often you use an app/service to details on how you interact with the app/service
- Fingerprinting uniquely identifies you and your device and enables further tracking methods
For improved security
Targeted ads can pose a security risk, potentially delivering malware, leading users to malicious/phishing domains, and/or scamming users.
According to MalwareBytes, a respected anti-malware vendor, "Malvertising can appear on any advertisement on any site, even the ones you visit as part of your everyday internet browsing."
Malvertising can serve malware to visitors, attempt to exploit vulnerabilities in the user's browser, and link to phishing or other malicious websites designed to trick users into providing sensitive information or downloading malicious programs. When interacting with or clicking a malicious advertisements, users may not even realize they have been lead to a phishing or otherwise malicious website. As such, they may interact with the website - which can include providing sensitive information or downloading malware/additional payloads.
Commonly, many websites display programmatic ads served by third-party ad networks - if the third party becomes infected, then the ads displayed on the website you visited could try delivering malware, even if the website has not been directly compromised. For example, malicious actors compromised a media content provider used by hundreds of US newspaper websites, enabling them to serve malware via these websites.
Places that run their own ads, such as Meta (Facebook, Instagram), have allowed blatant misinformation and scams to be advertised on their platforms. In 2020, Facebook reportedly allowed advertisements spreading fake coronavirus information on its platform. Meta's ad platform has also been abused to deliver infostealing malware and perpetrate a variety of scams. As a result, Meta's ad screening process has since come under scrutiny, but they're not the only offenders.
Google's "sponsored results" in its Google Search engine have been abused by threat actors to point users to domains serving malware, misinformation, and scams. This has also resulted in Google's ad screening process (or apparent lack thereof) coming under scrutiny; more threat actors have been abusing the platform to deliver malicious advertisements.
So, would you rather deal with the burglar's actions after he's ransacked your living space or prevent him from entering in the first place? As "they" say, an ounce of prevention is worth a pound of cure - so blocking an ad before it's had a chance to possibly compromise your security is the ideal solution.
Blocking Ads in Your Browser
If you're like most people, then you most likely spend a lot - if not most - of your time on your device's web browser - you may use a web app to check your email, login to your bank account to pay bills, or watch a YouTube video in different tabs.
Because of the time most people spend using their browsers, it's crucial to block ads on this level as it can prove a noticeable improvement in privacy and a "defense" against the threats posed by malvertising. Not to mention, blocking ads in the browser may also improve loading speed times and lessen "clutter" on users' screens.
Best browser adblockers
uBlock Origin
uBlock Origin is the absolute gold standard for blocking ads and trackers within the browser. You'll often find it highly recommended within the privacy community. In many use-cases, uBlock Origin is the only browser based adblocker you need.
uBlock Origin is a free and open source browser plugin (add-on/extension) for browsers. It's compatible with both Firefox and Chromium and can be found in Mozilla's Add-ons for Firefox and Google's Chrome Web Store, respectfully.
uBlock Origin provides exceptional adblocking and tracker blocking from right within the browser. The default settings provide robust adblocking out-of-the-box compared to most other browser based adblocking solutions.
With the deprecation of manifest v2 support in Chrome/Chromium, users of Chromium browsers are directed to use the manifest v3 compliant version, uBlock Origin Lite. This version does not have the same filtering capabilities as uBlock Origin.
LocalCDN
LocalCDN locally interjects content serves by a website's Content Delivery Network (CDN). It's a free and open-source plugin available for Firefox and Chromium-based browsers.
What are CDNs? While not explicitly connected to ads, CDNs are generally third-parties that use their servers to serve a website's content. These providers usually have distributed server locations across the world, which helps speed up content delivery by using a server closest to the connecting visitor.
The main issue with CDNs is which CDN a website uses isn't up to the user. Some CDNs are better than others when it comes to user privacy; some CDNs may engage in their own tracking, which undermines user privacy and can be difficult for end users to combat.
LocalCDN works best on Firefox or browsers using the Gecko engine.
Best browsers with a built-in adblocker
Alternatively, you can use a browser with a built-in adblocker. This is an ideal solution for users who are using mobile devices such as an iPhone where browser extensions such as uBlock Origin can't be installed and/or wouldn't function the same on a traditional personal computer (PC).
It may also be beneficial for users who are simply not inclined to install/customize browser add-ons at all. Many browser built-in adblockers are derived from uBlock Origin, and in some cases you'll actually receive more protection from ads and trackers simply using the vanilla uBlock Origin browser plugin itself.
Some privacy-friendly browsers that also provide good and built-in adblocking functionality include:
LibreWolf
LibreWolf is a Firefox fork that is hardened for security and privacy out-of-the-box, enabling many of the about:config options for improving the privacy of standard Firefox by default. It's the community-driven successor to the defunct LibreFox project. It has uBlock Origin installed by default.
You can find Librewolf featured as an avoidthehack recommended browser for Windows and Linux.
Brave
The Brave Browser is a free and open-source Chromium fork developed by Brave Software that aims to be privacy-friendly. It has its own native adblocking solution and uses its own "Brave Services" to proxy Google Services. The Brave Browser also has other privacy-enhancing features, such as a fingerprint randomizer and the introduction of "Forgetful Browsing," which fights first-party site reidentification.
While user-friendly and better for your privacy than Google Chrome or Microsoft Edge straight out-of-the-box, it's definitely worth noting that Brave Software, the developer of the Brave browser, has been called out for some "questionable actions" over the years.
You can find the Brave Browser featured as an avoidthehack recommended browser for iOS, Android, Windows, and Linux.
Falkon
Falkon is a free and open source browser developed by KDE and utilizes QWebEngine. It has a lightweight footprint and has a demonstrated privacy-friendly stance.
Falkon's built-in adblocker is an adapted version of uBlock Origin, allowing users to load custom blocklists.
You can find Falkon featured as an avoidthehack recommended browser for Linux.
Mullvad Browser
The Mullvad Browser is a forked version of the Tor browser, designed to not run on the Tor network, enable seamless connection with a trusted VPN provider, and to provide Tor's fingerprinting capabilities to a wider audience. Like Tor, the Mullvad Browser uses uBlock Origin as its ad/tracker blocker by default.
You can find the Mullvad Browser as an avoidthehack recommended browser for Windows and Linux.
Waterfox
Waterfox is a Firefox fork with origins in optimization for speed. Over the years and course of community development, Waterfox grown to promote a more privacy-friendly stance. Waterfox started off a majorly one-man show (with community help), or otherwise an independent project, until it was partially acquired by System1 in December 2019.
As of July 2023, Waterfox has returned to its previous independent status.
Using the avoidthehack Browser Comparison Tool
The Privacy Browser Comparison Tool hosted on avoidthehack compares key points and features of different privacy browsers - including listed browsers' ad and tracker blocking capabilities.
Using the Privacy Browser Comparison Tool is easy; users can find it on its dedicated resource page. There are columns ("Tracker Blocking" and "Script blocking") designed to give an overview of a privacy browser's filtering/blocking tools.
For more privacy-oriented browsers that do not necessarily have adblocking "by default," users are encouraged to view the avoidthehack private browser recommendations.
Blocking ads on a Windows or Linux computer (desktop/laptop)
While many, if not most, ads users encounter are in the browser of their computers, ads (and other unwanted content) certainly exist outside the web browser. Even with the most stringent and cohesive blocking inside the browser, once outside the browser - say in another program or app with ads - all the blocking inside the browser becomes useless.
Enter host-based application firewalls, which enable users to both be aware of and fine-tune the network connections their computers make. Remember, serving ads typically involve the computer making an internet connection - usually to the ad server.
It’s worth noting most of the adblocking programs/apps (or rather, host-based application firewalls) for personal computers (PCs) have usability that far extends just adblocking; in many cases, this type of software can block unwanted incoming connections, peer-to-peer (P2P) connections, telemetry, excessive DNS requests, and more.
In some cases, this software can give clues to potentially unwanted programs (PUPs) or malware, such as cryptominers, present on the device.
SafingIO Portmaster
SafingIO’s Portmaster is a free, open-source, and extremely easy to use application firewall. Portmaster can be configured to auto-block ads and trackers across an entire system; it supports both Global and per-App settings. Users can block connections based on country or other means.
Portmaster automatically forwards DNS requests to an encrypted DNS provider of the user’s choice and be configured to forward requests to a DNS provider that also supports domain filtering (malware or adblocking).
The premium version of Portmaster unlocks its SPN feature, which in some cases, can replace a user’s need/want for a virtual private network (VPN).
The GUI is slick and easy to understand, even for a more novice user- there’s a dedicated “basic” layout, keeping information displayed simple. An app’s connections can be denied with a toggle. With notifications, Portmaster keeps the user aware of applications making network connections (or receiving them.)
Default settings for Portmaster are pretty good for ad and tracker blocking and allow any user to install-and-go if desired.
simplewall
simplewall is an open-source and lightweight tool enabling easier configuration of the Windows Filtering Platform (WFP); the WFP configures the various network activity happening in the foreground and background of the Windows system.
Configuring what activity happens in simplewall allows effective control of most a Windows machine’s network activity, which can include calls to known ad and tracker hosts.
OpenSnitch
OpenSnitch is forked from the macOS exclusive, Little Snitch for Linux-based systems. OpenSnitch delivers convenient notifications for applications sending outbound and receiving incoming requests.
OpenSnitch allows use of block and allow lists for domains. With regular expressions, it can also use lists of IPs, network ranges, and domains to block known ads, trackers, and malware serving domains.
Windows users may also wish to reduce the amount of telemetry their system conducts. This is outside the scope of this post, but has been covered in a dedicated avoidthehack post for “shutting up” Windows 10/11.
Blocking ads on iPhone and Android
On a mobile device such as an iPhone, you may not spend as much time directly in the browser as you may on different applications (apps) installed on it. Therefore, you may not directly spend as much time on the smartphone's browser as you would, let's say, your laptop or desktop computer.
Mobile devices, such as the iPhone, often don't have the best support for browser extensions. Even on Android, where extensions can be installed, it's not uncommon to find the selection of extensions for installation is smaller than personal computer (PC) counterparts and extension functionality reduced.
So, without using adblocking within a browser, how would you block ad and trackers across the mobile device itself?
Fortunately, there are some ways to enjoy adblocking benefits on iPhone and Android, though the effectiveness can vary depending on the device manufacturer and the mobile operating system. Users can block some ads and trackers by downloading trusted apps dedicated to doing so.
The absolute key here is to download trusted ad and tracker blocking apps/extensions that don't act as double agents.
It would do little good to download an app that claimed to block ads and trackers in your device's browser, but then turned around and collected and sold data about you, your browsing, and your device anyway. It's important to research apps - at least verifying their legitimacy, the developers' legitimacy, prior to downloading and installing - even if it's found in a "safe" place like the App Store or Play Store.
Some proven and trusted apps to help with blocking ads and trackers on your mobile device(s) include:
AdGuard
AdGuard is a trusted and open source solution for adblocking on mobile devices; it's also available for Windows and Mac. There is both a free version and a paid (premium) version of AdGuard.
On iOS, the free version of AdGuard provides adblocking exclusively within Safari.
The paid version enables more comprehensive ad, content, and tracker blocking. It also grants access to AdGuard's DNS protection, which encrypts your DNS queries and advanced protection, which features additional adblocking and content filtering.
Additionally, the paid version allows you to enable personalized filters and blocking lists. With the paid version, you also have access to statistics; for example you can view what trackers/ads AdGuard has blocked and associated logs of DNS requests.
On Android, One of the biggest pluses for AdGuard on Android is that it does not need root in order to remove ads and trackers across the browser and apps on the device.
There's also a free and paid version of AdGuard on Android.
The paid version of AdGuard on Android is very similar to the iOS version. Premium AdGuard grants you access to more comprehensive ad, content, and tracker blocking, AdGuard DNS, and personalized lists for content filtering.
On Android devices, AdGuard is only available for Samsung and Yandex users.
Personal DNS Filter
Personal DNS filter (personalDNSfilter) is a DNS filter for Android. It blocks connections to filtered domains/hosts on your Android device. These filtered domains can include the likes of known ad servers, tracker servers, and malicious domains.
personalDNSfilter does not need root access to perform its functions. This is ideal because an application with root access is granted many high level permissions on your device; the lack of root access lowers your attack surface.
personalDNSfilter also features encrypted DNS support (DoH and DoT) and allows you to send queries to a trusted DNS upstream server.
As of writing, personalDNSfilter is only available for Android users. It can be adapted to work on Windows and Linux devices as well.
Blocking ads on other smart Devices
Chances are you have other "smart" devices on your network, not including your smartphone or your PC. What smart devices are present varies by household, but can include:
- Smart TVs
- Smart printers
- Smart speakers
- Smart thermostats
- Smart kitchen appliances (fridges, coffee makers, etc)
- Gaming consoles
- Camera systems
* This is not an all inclusive list.
Typically, with smart devices and other Internet of Things (IoT) devices, you may not be able to install adblocking software directly on the device. Many IoT devices use embedded systems and are designed to perform a specific task and/or service. Embedded systems may not come with room for customization; you may not be able to readily tweak/alter settings on an IoT device the same way you may be able to on your iPhone or Windows machine.
Generally speaking, your best solution for ad and tracker blocking capabilities on most IoT devices is using network-wide adblocking techniques, which blocks ads across your network.
However, in the case of some smart devices, you may be able to configure connectivity settings and/or download apps to provide additional (possibly adblocking) functionality. A prime example of this are smart TVs.
With smart TVs, you generally have some wiggle room to implement adblocking on the device itself. Many smart TVs allow changing default DNS settings, where you can set the DNS to a trusted provider that may provide adblocking services. Some also allow you to download apps that connect your smart TV to the servers of a given VPN provider, where adblocking services can also be performed. Ultimately, what you can do depends on any limitations set by the manufacturer in the firmware and OS.
Be aware of IoT security/privacy issues
Ad/tracker/telemetry blocking may not be one-size-fits-all for your IoT devices. You should be aware of security and privacy issues surrounding the IoT devices your regularly use in your life. In many cases, mitigating critical or otherwise serious security and/or privacy issues with certain IoT devices with network-wide adblocking solutions may not be enough.
Many IoT devices are not designed with security in mind and are riddled with security vulnerabilities, which can be exploited by malicious actors for access to/total control of the device:
- In August 2024, security vulnerabilities in home robots made by Ecovacs could allow the devices to be remotely taken over, giving attackers access to microphones, Wi-Fi credentials, and video camera feeds to potentially spy on users. The security researchers described Ecovacs security as "really, really, really, really bad."
- In April 2024, approximately 91,000 LG TVs across four different models exposed a service meant for LAN access only to the public internet. Attackers could exploit security vulnerabilities to gain privileged access to the TV, and could inject commands.
- In April 2023, a "smart garage door controller" had so many severe security and privacy vulnerabilities that the immediate solution was to unplug the device. Specifically, the smart garage door controller used a universal password (which enabled administrator access) and sent user data and commands unencrypted - in plaintext, readable for all - across the internet.
Additionally, almost hand-in-hand with poor security practices, many IoT devices are also not designed with privacy in mind:
- Amazon's Ring collects and shares personal data with third parties. Additionally, video captured by the Ring doorbell may be shared with law enforcement agencies without expressed user consent.
- In June 2023, Amazon's Ring, a "smart" video doorbell, paid approximately $31 million in privacy violation penalties. Amazon was ordered to overhaul its data deletion practices and impose stricter privacy measures - Amazon had a years-long history of keeping children's recordings indefinitely and did not honor requests to delete such data.
(When it comes to Amazon Ring-specific privacy violations, this is just the tip of the iceberg.
- Robot vacuums collect a surprising amount of information about your home: layout, use patterns, Wi-Fi Network details, live video data or images. Depending on the manufacturer, robot vacuums may share data with third parties - and could accidentally include personal data even when diagnosing malfunctions or issues.
- Smart TV brands are increasingly prioritizing data collection and the ability to sell/deliver ads. Companies like LG, Vizio, and Samsung have increasingly shared information gathered from viewers with third-party marketers and advertisers.
Blocking ads on your network
It's possible to provide adblocking and tracker blocking across the entirety of your network. This allows any internet-connected device on your network to reap the benefits of adblocking protection when connected to your network.
Depending on your needs, you may also be able to block specific domains that are known to be malicious or receptacles for invasive telemetry/phoning home data.
Pi-Hole
Pi-Hole is an open-source and community-driven piece of software that acts as a personal DNS filter for your network. Plainly speaking, it provides ad and tracker blocking services for your entire network.
Pi-Hole is relatively easy to set up; however, you should be forewarned that it's easier to set up within a Linux environment and should be installed on a device that is always on.
Domains that Pi-Hole can't resolve get forwarded to an upstream DNS server of your choosing; you can combine the benefits of an encrypted DNS provider that provides adblocking with this feature by setting your Pi-Hole upstream DNS server to forward requests to that specific provider.
Pi-Hole generally relies on blocking lists to deliver its adblocking abilities. We've compiled the best Pi-Hole blocklists to help maximize your Pi-Hole's blocking capabilities in another post.
Using an Encrypted DNS Provider with Adblocking
As I mentioned earlier, you can combine your Pi-Hole with these encrypted DNS providers (who also provide some adblocking functionality) to really reap in the network-wide adblocking benefits. This is easily done by setting your Pi-Hole configuration to an encrypted DNS Provider that provides adblocking from within the settings.
If you are not running Pi-Hole, you can still take advantage of encrypted DNS providers and any adblocking capabilities they may offer. Generally, this requires you logging into the administrator panel of your router and changing the DNS settings to point to the IP address (usually IPv4) of the provider's DNS servers.
Ensuring your DNS queries are encrypted by a trusted provider (or via a self-hosted option too) comes with many benefits itself. The biggest benefit of using an encrypted and trusted DNS provider is that the encryption protocol itself helps protect your DNS queries from both snooping (ex: your ISP) and malicious third parties.
A truly beneficial feature that some trusted encrypted DNS providers offer is domain blocking - which can be extended to malicious domain blocking, tracker blocking, and adblocking.
NextDNS
NextDNS offers comprehensive adblocking and content filtering on its servers. NextDNS is a commercial entity but lends itself as an advocate to the privacy community, featuring optional query logging that is dependent on user choice(s) during configuration and a free tier.
There are a whole host of settings within the NextDNS control panel that allows you to truly fine-tune the settings to your specific tastes. The service also features a command-line interface (CLI) that power users might prefer. NextDNS also allows the user to control logging behavior.
NextDNS is also a default trusted provider for Firefox's DNS-over-HTTPS (DoH) feature.
Control D
Control D is another encrypted DNS provider with filtering capabilities; Control D can block ads, malware, and be configured by the user to block domains according to their own needs.
Control D's filter lists are curated by the service, but it does support loading 3rd-party lists and allows users to set their own custom rules for domains.
Control D offers a free tier, but also has two premium tiers. It features a "no-logs" policy and supports DoH, DoT, DNS-over-QUIC, and DNS-over-HTTP3. DNSSEC is supported by default.
avoidthehack also has additional recommendations for the best encrypted, trusted DNS providers that provide ad and domain blocking.
Using a trusted VPN with adblocking capability
If you've determined that you have a need for a Virtual Private Network (VPN), then you should be aware that some providers provide adblocking through their VPN services as well.
A VPN is not a one-size fits all solution and you should determine whether a VPN genuinely fits your wants and needs for privacy. VPNs have many limitations, and solely relying on a VPN service to render adblocking is not the most ideal method in many circumstances.
The trick to choosing a VPN service that offers adblocking is to make sure that service is indeed trustworthy. After all, by nature a VPN provider has a high level of access to your data.
Note: VPN providers typically provide their adblocking services via their own DNS servers. Therefore, if you are already running some sort of network-wide adblocking solution (whether self-hosted or using a DNS provider), using a VPN solely for this purpose will not be beneficial.
ProtonVPN
ProtonVPN is a highly trusted VPN provider with an audited no-logs policy. One of the truly amazing things about ProtonVPN is that it has a no-nonsense free tier that is subsidized by paying users.
ProtonVPN's free tier allows connections from a limited number of regions (to include the US) and upholds ProtonVPN's verified no-logs policy with decent speed. With a paid subscription, you'll gain access to ProtonVPN's adblocking capabilities, additional locations, faster speeds, and simultaneous VPN connections.
ProtonVPN is based in Switzerland, a jurisdiction which enjoys favorable consumer data privacy laws and regulations. Its transparent in its business practices and has a high ethics standard. ProtonVPN regularly gives back to privacy-related causes.
iVPN
iVPN is a highly trusted VPN provider with an audited no-logs policy. This VPN service does not require any PII to get started, permitting truly anonymous registration and use. For example, you don't need to supply an email address during an account creation process before you can use the service.
iVPN's uses its AntiTracker feature to enable adblocking while connected to their servers. AntiTracker has a "Hardcore mode," which blocks connections to Google and Facebook services, but runs the risks of breaking some websites or applications.
iVPN is highly transparent in its business practices and hold themselves to a high ethics standard. Additionally, they regularly give back to the privacy community, donating to high-profile organization such as the Electronic Frontier Foundation (EFF) and The Tor Project.
iVPN is based in Gibraltar.
Mullvad VPN
MullvadVPN is a highly trusted VPN provider with an audited no-logs policy. This VPN service does not require any PII to get started, permitting truly anonymous registration and use.
Mullvad can be easily configured to provide adblocking when connected to the VPN service. The DNS servers Mullvad uses for adblocking in its VPN service and its free DNS service are the same. Mullvad's DNS servers are free and publicly available and can block ads, trackers, and malware.
Mullvad is highly transparent in its business practices, holding themselves to a high ethics standard. Mullvad gives back to the privacy community in ways such as donating to the Tor Project.
Mullvad is based in Sweden.
Final thoughts
Hopefully you're now aware that you have many different options for adblocking!
Adblocking is crucial for improving your privacy and proves an important part of maintaining your security as well. Given the current state of AdTech siphoning and sharing insurmountable amounts of data on everyday users, it's generally best to block ads first and ask questions later.
With that said, happy adblocking and stay safe out there!
Acknowledgements
Thanks iAnonymous3000 for pointing out the various issues with the Vivaldi browser, despite it having adblocking capabilities.