A mere-mortal's guide to security and privacy online – Part 4: Advertising and tracking blockers

May 22, 2019 by Florian Einfalt

Every computer user is familiar with the following scenario: you are planning to make a purchase of, say, an electric toothbrush or a similar consumer good. Because there are hundreds of options from different manufacturers you go on to do some research on various websites and finally search Amazon for the option with the best price. So far so good. However, when you go to check the news on the Guardian, the New York Times or a similar publication, all advertising spots are full of electric toothbrushes. Coincidence? Far from it! In this article I’ll describe how tracking works and how you can protect yourself from the most egregious methods of social and advertising networks.

But first a little bit of context as to what I will write about in this privacy-focused series of posts: whilst the security, integrity and availability of data is pretty black and white as to the importance to the average user – I have never met someone that didn’t care at all about being hacked or having data stored online exposed publicly – however, data privacy, its usage for advertising and more nefarious purposes and the subject of consent still seem to be somewhat of a fringe topic although recently gaining traction in mainstream media. In the next posts, I want to explain how to maintain privacy online for the mere-mortal.

So why do random websites we visit seem to know what we want or have recently engaged with? The answer is cross-site behavioural tracking, a technique that is being used by data harvesters such as Google, Facebook (and its entities Instagram and WhatsApp) and many others to provide services to their customers: advertisers. In contrast to popular opinion this does not mean that your personal data is being sold to advertising networks, their service is more like a matching service based on your expressed convictions, interests and past behaviour which data harvesters collect to create a model that can be matched with the advertisers target audience, so that they can very efficiently decide in near real-time whether to advertise to you or not.

“But I don’t post anything on Facebook!”, you might think. This is where it gets interesting: most popular websites today allow you to sign up using your Facebook or Google account and/or offer integrations via “Like” buttons or sharing functionality. These integrations are able to track what you are doing on the internet and collect all your usage data for the data harvester independently of whether you are currently logged in to the social network or other service in question. This is done by connecting a small piece of data called a “cookie” that is saved when you interact with the service and is then used to identifiably track you and your behaviour on virtually every other popular website. These cookies persist even beyond a restart of your browser or operating system and would have to be manually deleted should you want to get rid of them. Facebook has long been rumoured to the create so called “shadow profiles” to enable this kind of tracking for people that do not even have a Facebook account, the initial cookie just gets saved the first time a website displays a “Like” button to you! While there is no independent confirmation of this, it seems likely judging by Facebook’s behaviour and their privacy-related scandals in the last 12 months.

Let’s assume the above proposition seems undesirable to you, what can you do to stop this sort of tracking in your browsers on a PC or Mac and mobile devices?

The answer to this question is somewhat controversial in publishing circles. Most publications online are funded by advertising, but there is a gradient as to how intrusive these ads and the associated tracking practices are. Whenever the remedy to the above privacy issues – namely ad-blocking technology – is discussed in the mainstream media, there is usually a big out-cry as to the diminished financial viability of online publication platforms if ad-blocking found mainstream adoption. The truth here is simple: if publications would use less intrusive advertising networks and technology, people would be less likely to use ad-blockers. So for the time being I would recommend the use of advertising and tracker blocking technology to protect your online privacy. These small programs detect areas of the web page you are currently visiting, identify ads and cross-site trackers and simply block these components, which means that you will see the same content but without the ads. Invisible trackers and visible social media integrations will vanish, too.

On traditional Macs and PCs browsers like Mozilla’s Firefox and Apple’s Safari already come with ad and tracking blockers built in, all you have to do is switch these on in the settings menu. On other browsers like Google’s Chrome (but also on Firefox and Safari) there are third-party extensions you can use to further enhance your privacy. My tool of choice here is Ghostery which is free and actively maintained to always block all new and relevant tracking technologies by default. The settings as to which types of trackers to block are wide-ranging and there are also whitelisting options for websites which ads you do not mind and therefore do not want to block.

Mobile platforms like iOS obviously do not allow the installation of native browser extensions. However there are APIs that Apple provides that allow for ad-blocking apps to hook into Safari, thus enabling the same outcome as described above. These can be installed through the AppStore like other apps and can then be activated individually under Settings » Safari » Content Blockers. This means you can test multiple available options and some blocker apps even support the individual activation of different classes of trackers.

Currently, I use Firefox Klar from Mozilla, the makers of the Firefox browser, which in my view represents the best trade-off in terms of performance and blocking effectiveness. Other options include Purify (which uses the Ghostery database) and 1Blocker X. All these apps feature the whitelisting and individual activation for blocking different types of trackers. As a result, browser performance on all platforms is appreciably increased and cross-site behavioural tracking is minimised to the best extent possible.

Of course, doing this precludes websites from creating advertising revenue, so I generally try to whitelist sites that I want to support specifically (such as Daring Fireball and Macstories) and those who have a non-egregious tracking policy, however, this is a personal choice that everyone needs to make for themselves.

© 2018-2020 Florian Einfalt