This guide is not a proper tutorial and does not endorse anything, but rather suggests on ways of combating obnoxious and predatory ad networks on the Internet. Adjust to your liking.
Ad/tracker blocking
Router
My router is connected to a micro controller which runs Armbian. The only thing that is installed there is Pi-Hole. It is a DNS ad blocker, which allows blocking pretty much anything. Requests are blocked automatically for everyone who connects to the Wi-Fi access point.
I use dnsmasq for the local DNS server and OpenDNS as an upstream DNS server.
On average, Pi Hole is blocking around ~10-20% of all traffic.
I use the following blocklists:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts
https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/tif.mini.txt
https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/pro.txtDNS-level ad blocking helps with ads inside mobile apps, which are not as easy to block on iOS or Android.
Browser
uBlock Origin is the best choice for a browser ad blocker. The extension blocks most of the ads and trackers, the rest is handled by Pi-Hole.
Depending on the country, you might want to enable regional blocklists in uBlock Origin “filter lists” settings.
Certain consent pop-ups don’t get blocked. I use Consent-o-Matic to reject data processing consent in automatic mode.
Decentraleyes is good for protecting yourself from CDN tracking. It caches CDN requests, so that it is no longer possible to track you cross-site.
Phone
My phone runs GrapheneOS. For app-wide ad blocking where possible, TrackerControl is a good option. Some apps stop working properly (especially those that do cross-app requests), so sometimes you would probably want to turn it off, or just whitelist certain apps.
Redirects
Tech giants now force users more and more to stay within walled gardens. With aggresive blocking of crawlers by Twitter, and then Reddit and others, it became increasingly hard to browse those websites without an account. All of them now load an insane amount of JavaScript, various trackers and obnoxious ads. This all makes using those websites pretty unpleasant. I personally despise Reddit’s current UI for how immovable and bloated it is.
Thanks to many volunteers, there is a myriad of private front-end instances available. In order to automatically redirect reddit.com to front-ends, LibRedirect can be used. In order to distribute load across those instances and obfuscate search history, a random instance is chosen every time.
These 3 redirects should be enough to make web browsing slightly more pleasant:
- X->Nitter
- YouTube->Invidious
- Reddit->Redlib
Since now half of web gets crawled and abused by AI bots, many such instances are behind Anubis, a PoW-based captcha. It happens automatically so you don’t have to click anything.
LibRedirect is also available for Search. The browser extension adds a new search engine option which can be set as default.
YouTube
Ad blockers often fail to remove ads on YouTube. LibreTube can be used on mobile, which also skips sponsor ads. Invidious and FreeTube provide ad-free experience for desktop, though they don’t block sponsor ads.
VPN
XTLS is the best option for VPN at the moment. Besides hiding your original IP, like most VPNs do, it also bypasses deep packet inspection. The way it works is that it masquerades as fake TLS traffic from some other website, without requiring its actual certificate.
It’s trivial to self host, but if you don’t feel like getting your hands dirty, you can use one of the public instances. Beware that certain servers might log DNS requests which can potentially deanonymize you. Rest assured, XTLS servers can’t peek inside request content, and connection between the VPN client and VPN server is end-to-end encrypted.
Reusing the same e-mail everywhere is not good for privacy. When you end up in spam lists, sometimes it becomes impossible to block it all. Email masks aid the situation a bit. They are randomized email addresses which can be revoked any time. Once a mask is revoked, spam stops.
Below are email services that have masking built-in (not endorsements):
- Apple Mail
- Proton Mail
- Fastmail
Most popular email providers are integrated into Bitwarden and other password managers for username generation.
Conclusion
Such setup combines multiple levels of ad blocking and tracking protection (router, device and browser). While you might still see ads that might slip through, there will certainly be much less of such noise.
However, such measures are not bulletproof. Many sites run analytics and ad CDNs under their own subdomains, or even on subpaths of the same origin. Those would require manual blocking.