Blocking Ads, Trackers, and Malware in Browsers, Devices, and Networks
This post was originally published on 18 MAY 2022; it has since been updated and revised.
You may hear a lot that you should block ads and trackers. But how can you block ads? Which adblockers should you use? Which adblocking method is best?
This guide aims to provide information on different adblocking solutions that can hopefully help you in eliminating privacy-invasive ads and trackers.
Why you should block ads (and trackers)
The main benefits of block ads and trackers basically boils down to 1) limiting the amount of data collected about you and 2) improving your security. Some users may also find ads annoying and unsightly.
Keep better control of your data
Ads are typically packed with all kinds of different trackers, which in turn come in different forms. The differing forms of tracking tend to collect different pieces of your data, ranging from identifying you, your devices, and network(s) to tracking the various things you may do on your devices.
Trackers buried within targeted advertisements can collect:
- Personal Identifiable Information (PII); which can include but not limited to age, gender, age
- IP addresses
- Specific location data
- Click-through rate of other ads (especially if the ad is served by the same ad network)
- Screen resolution
- Device type (device, operating system, version numbers)
- Browser settings
- Browser's referrer header
- Browsing habits
- Set language prefs
- Timezone settings
* Not an all-inclusive list; please refer to the Tracker Blocking page for a more comprehensive list
Targeted advertisements also engage in varying degrees of fingerprinting practices, which all frequently serve as an intrusive way to identify you and your device.
Different tracking methods are often deployed simultaneously in order to collect more data points. The more data points collected, the better the picture of you as a user/consumer painted is. Likewise, the more data points targeted ads collect, then the more of an adverse affect it tends to have on your privacy:
- Location data reveals the places you tend to go
- Browsing data tells advertisers a wealth of information from the type of websites you visit to your visit frequency and duration
- Tracked and logged searches tell advertisers what you're looking for
- Invasive analytics show anywhere from how often you use an app/service to details on how you interact with the app/service
- Fingerprinting identifies you and your device and enables further tracking methods
Improve your security
Some ad networks have served malware to users and visitors of a website. In fact, this way of spreading malware even has a name: Malvertising.
It's a common misconception that malware can only be installed on a system through direct user action such as downloading and executing (read: running) a suspicious file. While this is the case for some forms of malware, there are many others that can be silently installed by visiting/connecting to an infected website, web service, or web app.
Additionally others (ex: Facebook) have allowed blatant misinformation and scams be advertised on their platforms. In 2020, Facebook reportedly allowed advertisements spreading fake coronavirus information on its platform. As a result, Facebook's ad screening process has since come under hot scrutiny.
In other words, would you rather deal with the burglar's actions after he's ransacked your living space or prevent him from entering in the first place?
Blocking Ads in Your Browser
If you're like most people, then you most likely spend a lot - if not most - of your time on your device's web browser as you surf the web.
Because of the time people such as you and I spend in our browsers, it becomes crucial to utilize browser-level adblockers as a front line defense for disposing of ads and trackers and all the negatives that tend to come with them.
Best browser adblockers
uBlock Origin is the absolute gold standard for blocking ads and trackers within the browser. You'll often find it highly recommended within the privacy community. In many use-cases, uBlock Origin is the only browser based adblocker you need.
uBlock Origin is a free and open source browser plugin (add-on/extension) for browsers. It's compatible with both Firefox and Chromium.
uBlock Origin provides exceptional adblocking and tracker blocking from right within the browser. Even the default settings provide robust adblocking out-of-the-box compared to most other browser based adblocking solutions.
LocalCDN is recommended as a supplement to a wide-spectrum adblocker like uBlock Origin. LocalCDN locally interjects content serves by a website's Content Delivery Network (CDN). It's free and open source.
Plainly speaking, CDNs are third-parties that use their servers to serve a website's content, usually with the hopes that the content is served faster due to distributed server locations across the world.
Which CDN a website uses isn't up to the user and some CDNs are better than others when it comes to privacy; some CDNs may engage in their own tracking that's hard for end users to combat. LocalCDN aims to mitigate this issue.
NOTE: Be aware that LocalCDN works best on Firefox or browsers that utilize the Gecko engine.
Best browsers with a built-in adblocker
Alternatively, you can use a browser with a built-in adblocker. This is an ideal solution for users who are using mobile devices such as an iPhone where browser extensions such as uBlock Origin can't be installed and/or wouldn't function the same on a traditional personal computer (PC).
It may also be beneficial for users who are simply not inclined to install/customize browser add-ons at all. It should also be noted that many browser built-in adblockers are derived from uBlock Origin and in a lot of cases you'll actually receive more protection from ads and trackers simply using the vanilla uBlock Origin browser plugin itself.
Some privacy-friendly browsers that also provide good and built-in adblocking functionality include:
The Brave Browser is a free and open source Chromium fork developed by Brave Software that aims to be privacy-friendly. Most notable, it feature its own adblocking solution and proxies Google Services found in Chromium through its own network. Additionally, Brave has a unique rewards program that is opt-in.
While user-friendly and better for your privacy than Google Chrome or Microsoft Edge straight out-of-the-box, it's definitely worth noting that Brave has been called out for some "questionable actions" over the years. The most notable one involves the infamous Binance scandal.
You can find the Brave Browser featured as an avoidthehack recommended browser for iOS.
Falkon is a free and open source browser developed by KDE and utilizes QWebEngine. It has a lightweight footprint and has a demonstrated privacy-friendly stance.
Falkon's built-in adblocker is an adapted version of uBlock Origin, allowing users to load custom blocklists.
You can find Falkon featured as an avoidthehack recommended browser for Linux.
Vivaldi is a free and partly open-source Chromium fork developed by Vivaldi Technologies that aims to improve productivity and workflow while being "privacy conscious." Specifically, Vivaldi's user interface (UI) is closed-source.
Vivaldi has many features included in the browser, virtually eliminating the absolute "need" to download extensions. Of these features is Vivaldi's adblocker, which is decent, but is unfortunately disabled by default and is less effective than some other in-browser solutions or trusted extensions like uBlock Origin.
It is advised to use the Vivaldi browser with caution. Vivaldi fails many browser privacy tests at PrivacyTests. Additionally, some users may be uncomfortable with Vivaldi's telemetry, which was noted in the cons section of the avoidthehack review.
Additionally, some browsers come with the default uBlock Origin already installed as a plugin, versus developing their own adblocking solution:
Librewolf is a Firefox fork that is hardened for security and privacy out-of-the-box. It's the community-driven successor to the now defunct LibreFox project. uBlock Origin comes pre-installed.
You can find Librewolf featured as an avoidthehack recommended browser for Windows and Linux.
Waterfox is a Firefox fork that initially started out simply being optimized for speed. Over the years, it's grown to promote a more privacy-friendly stance. Waterfox was once a majorly one-man show but is now owned by System1. uBlock Origin comes pre-installed.
Feel free to view the avoidthehack browser recommendations and the avoidthehack privacy browser comparison tool for more privacy browser-related information.
Blocking ads on a computer (desktop/laptop)
While many, if not most, ads users encounter exist in the browser of their computers, ads (and other unwanted content) certainly exist outside the web browser. Even with the most stringent and cohesive blocking inside the browser, once outside the browser - say in another program or app with ads - all the blocking inside the browser becomes useless.
Enter host-based application firewalls, which enable users to both be aware of and fine-tune the network connections their computers make. Remember, serving ads typically involve the computer making an internet connection - usually to the ad server.
It’s worth noting most of the adblocking programs/apps (or rather, host-based application firewalls) for personal computers (PCs) have usability that far extends just adblocking; in many cases, this type of software can block unwanted incoming connections, peer-to-peer (P2P) connections, telemetry, excessive DNS requests, and more.
In some cases, this software can give clues to potentially unwanted programs (PUPs) or malware, such as cryptominers, present on the device.
SafingIO’s Portmaster is a free, open-source, and extremely easy to use application firewall. Portmaster can be configured to auto-block ads and trackers across an entire system; it supports both Global and per-App settings. Users can block connections based on country or other means.
Portmaster automatically forwards DNS requests to an encrypted DNS provider of the user’s choice.
The premium version of Portmaster unlocks its SPN feature, which in some cases, can replace a user’s need/want for a virtual private network (VPN).
The GUI is slick and easy to understand, even for a more novice user- there’s a dedicated “basic” layout to keep it simple. An app’s connections can be denied with a toggle. With notifications, Portmaster keeps the user aware of applications making network connections (or receiving them.)
Default settings for Portmaster are pretty good for ad and tracker blocking and allow any user to install-and-go if desired.
simplewall is an open-source and lightweight tool enabling easier configuration of the Windows Filtering Platform (WFP); the WFP configures the various network activity happening in the foreground and background of the Windows system.
Configuring what activity happens in simplewall allows effective control of most a Windows machine’s network activity, which can include calls to known ad and tracker hosts.
OpenSnitch is forked from the macOS exclusive, Little Snitch for Linux-based systems. OpenSnitch delivers convenient notifications for applications sending outbound and receiving incoming requests.
OpenSnitch allows use of block and allow lists for domains. With regular expressions, it can also use lists of IPs, network ranges, and domains to block known ads, trackers, and malware serving domains.
Windows users may also wish to reduce the amount of telemetry their system conducts. This is specifically outside the scope of this post, but has been covered in a dedicated avoidthehack post for “shutting up” Windows 10/11.
Blocking ads on your mobile device (iPhone/Android)
On a mobile device such as an iPhone, you may not spend as much time directly in the browser as you may on different applications (apps) installed on it. Therefore, you may not directly spend as much time on the smartphone's browser as you would, let's say, your laptop or desktop computer.
Additionally, mobile devices such as the iPhone don't have the best support for browser extensions (granted, this is changing with new updates to iOS by Apple.) Even on Android, where you can install browser extensions, it's not uncommon to find the selection of extensions for installation is smaller than personal computer (PC) counterparts and extension functionality reduced.
All of this to ask the question: "How do I block ads and trackers on my mobile device?"
Fortunately, it's pretty easy - you can easily block ads and trackers by downloading apps dedicated to blocking ads and trackers.
Hold on though! The absolute key here is to download trusted ad and tracker blocking apps/extensions that don't act as double agents. In other words, it wouldn't do you much actual good if you downloaded an app that claimed to block ads and trackers in your device's browser, but then turned around and collected and sold data about you, your browsing, and your device anyway.
Some proven and trusted apps to help with blocking ads and trackers on your mobile device(s) include:
AdGuard is a trusted and open source solution for adblocking on mobile devices; it's also available for Windows and Mac. There is both a free version and a paid (premium) version of AdGuard.
On iOS, the free version of AdGuard provides adblocking exclusively within Safari.
The paid version enables more comprehensive ad, content, and tracker blocking. It also grants access to AdGuard's DNS protection, which encrypts your DNS queries and advanced protection, which features additional adblocking and content filtering.
Additionally, the paid version allows you to enable personalized filters and blocking lists. With the paid version, you also have access to statistics; for example you can view what trackers/ads AdGuard has blocked and associated logs of DNS requests.
On Android, One of the biggest pluses for AdGuard on Android is that it does not need root in order to remove ads and trackers across the browser and apps on the device.
There's also a free and paid version of AdGuard on Android.
The paid version of AdGuard on Android is very similar to the iOS version. Premium AdGuard grants you access to more comprehensive ad, content, and tracker blocking, AdGuard DNS, and personalized lists for content filtering.
NOTE: On Android devices, AdGuard is only available for Samsung and Yandex users.
Personal DNS Filter
Personal DNS filter (personalDNSfilter) is a DNS filter for Android. It blocks connections to filtered domains/hosts on your Android device. These filtered domains can include the likes of known ad servers, tracker servers, and malicious domains.
personalDNSfilter does not need root access to perform its functions. This is ideal because an application with root access is granted many high level permissions on your device; the lack of root access lowers your attack surface.
personalDNSfilter also features encrypted DNS support (DoH and DoT) and allows you to send queries to a trusted DNS upstream server.
Unfortunately for iOS users, as of writing, personalDNSfilter is only available for Android users. It can be adapted to work on Windows and Linux devices as well.
Blocking ads on other smart Devices
Chances are you have other "smart" devices on your network besides just your smartphone or your PC. Other smart devices that might be on your home network can include the likes of:
- Smart TVs
- Smart printers
- Smart speakers
- Smart thermostats
- Smart kitchen appliances (fridges, coffee makers, etc)
- Gaming consoles
- Camera systems
* This is not an all inclusive list.
Typically, with smart devices and other Internet of Things (IoT) devices, you may not be able to install adblocking software directly on the device. Many IoT devices utilize embedded systems; in other words, lots of IoT devices are designed to perform a specific task and/or service.
Additionally, it's worth mentioning that they're generally not designed with security (and in some cases, privacy) in mind.
However, in the case of some smart devices, you may be able to configure connectivity settings and/or download apps to provide additional (possibly adblocking) functionality. A prime example are smart TVs
With smart TVs, you generally have some wiggle room to implement adblocking on the device itself. Many smart TVs allow you to change the default DNS settings, where you can set the DNS to a trusted provider that may provide adblocking services. Some also allow you to download apps that connect your smart TV to the servers of a given VPN provider, where adblocking services can also be performed.
NOTE: It's important to remember the degree of customizable connectivity settings and the availability of apps tends to be dependent on the TV manufacturer.
Generally speaking though, your best solution for ad and tracker blocking capabilities on most IoT devices is running some sort of network-wide adblocker. Refer to the "Blocking ads on your network" section below.
Blocking ads on your Network
It's possible to provide adblocking and tracker blocking across the entirety of your network. This allows any internet-connected device on your network to reap the benefits of adblocking protection when connected to your network.
Depending on your needs, you may also be able to block specific domains that are known to be malicious or receptacles for invasive telemetry/phoning home data. Pi-Hole
Pi-Hole is an open-source and community-driven piece of software that acts as a personal DNS filter for your network. Plainly speaking, it provides ad and tracker blocking services for your entire network.
Pi-Hole is relatively easy to set up; however, you should be forewarned that it's easier to set up within a Linux environment and should be installed on a device that is always on.
Domains that Pi-Hole can't resolve get forwarded to an upstream DNS server of your choosing; you can combine the benefits of an encrypted DNS provider that provides adblocking with this feature by setting your Pi-Hole upstream DNS server to forward requests to that specific provider.
Pi-Hole generally relies on blocking lists to deliver its adblocking abilities. We've compiled the best Pi-Hole blocklists to help maximize your Pi-Hole's blocking capabilities in another post.
Using an Encrypted DNS Provider with Adblocking
As I mentioned earlier, you can combine your Pi-Hole with these encrypted DNS providers (who also provide some adblocking functionality) to really reap in the network-wide adblocking benefits. This is easily done by setting your Pi-Hole configuration to an encrypted DNS Provider that provides adblocking from within the settings.
Ensuring your DNS queries are encrypted by a trusted provider (or via a self-hosted option too) comes with many benefits itself. The biggest benefit of using an encrypted and trusted DNS provider is that the encryption protocol itself helps protect your DNS queries from both snooping (ex: your ISP) and malicious third-parties. Providers
A real beneficial feature that some trusted encrypted DNS providers offer is domain blocking - which can be extended to malicious domain blocking, tracker blocking, and adblocking.
Quad9 is a trusted encrypted DNS provider. Quad9 is a non-profit headquartered in Switzerland, providing their DNS resolving services for free. Quad9's infrastructure is spread out all across the world - so you'll likely have a resolver that's close to your location.
While Quad9's DNS resolving service doesn't provide traditional adblocking capabilities, they do provide malicious domain blocking services. This malicious domain blocking prevents the devices on your network from connecting to known malicious hosts.
The filtered hosts are provided by trusted Threat Intelligence Companies that have partnered with Quad9 to constantly update and maintain the malicious domain blocking service. Quad9 features a strict no logging policy.
NextDNS is another trusted encrypted DNS provider. NextDNS features comprehensive adblocking and content filtering on its servers. NextDNS is a commercial entity but lends itself as an advocate to the privacy community, featuring optional query logging that is dependent on user choice(s) during configuration and a generous free tier.
There are a whole host of settings within the NextDNS control panel that allows you to truly fine-tune the settings to your specific tastes. The service also features a command-line interface (CLI) that power users might prefer.
NextDNS is also a default trusted provider for Firefox's DNS-over-HTTPS (DoH) feature.
Be sure to view our full list of the best encrypted, trusted DNS providers that provide ad and domain blocking.
Using a trusted VPN with adblocking capability
If you've determined that you have a need for a Virtual Private Network (VPN), then you should be aware that some providers provide adblocking through their VPN services as well. Please note that a VPN is not a one-size fits all solution and you should determine whether a VPN genuinely fits your wants and needs.
The trick to choosing a VPN service that offers adblocking is to make sure that service is indeed trustworthy. After all, by nature a VPN provider has a high level of access to your data.
ProtonVPN is a highly trusted VPN provider with a proven no-logs policy. One of the truly amazing things about ProtonVPN is that it has a no-nonsense free tier that is subsidized by paying users.
ProtonVPN's free tier allows connections from a limited number of regions (to include the US) and upholds ProtonVPN's verified no-logs policy with decent speed. With a paid subscription, you'll gain access to ProtonVPN's adblocking capabilities, additional locations, faster speeds, and simultaneous VPN connections.
It's definitely worth noting that ProtonVPN is based in Switzerland, a jurisdiction which enjoys favorable consumer data privacy laws and regulations. Its transparent in its business practices and has a high ethics standard. ProtonVPN regularly gives back to privacy-related causes.
iVPN is another highly trusted VPN provider with a proven no-logs policy. The neatest thing about this service is that they don't require any PII in order to get started; for example, you don't need to supply an email address during an account creation process before you can use the service.
iVPN's uses its AntiTracker feature to enable adblocking while connected to their servers. AntiTracker has a "Hardcore mode," which blocks connections to Google and Facebook services.
iVPN is highly transparent in its business practices and hold themselves to a high ethics standard. Additionally, they regularly give back to the privacy community, donating to high-profile organization such as the Electronic Frontier Foundation (EFF) and The TOR Project.
Hopefully you're now aware that you have many different options for adblocking!
Adblocking is crucial for improving your privacy and proves an important part of maintaining your security as well. Given the current state of AdTech siphoning and sharing insurmountable amounts of data on everyday users, it's generally best to block ads first and ask questions later.
With that said, happy adblocking and stay safe out there!