Ask HN: What's the best setup for ad blocking and tracker blocking?

I recommend multiple layers. Why? Because some devices&#x2F;apps will circumvent one of these layers one way or another.<p>I use Pi-Hole plus WireGuard to route all my devices through my home broadband connection (so even on a hotel&#x2F;train WiFi, when on LTE, etc). I forward it to Unbound which uses DNSSEC and DNSCrypt. I&#x27;m using an EdgeRouter Lite for that purpose. It does add a little bit of latency, but I don&#x27;t mind, as it also increases my privacy on the insecure link. It also works on say a smart TV or an official Android device (I use a rooted Android device with microG which doesn&#x27;t implement GAds). My partner sees barely any ads at home due to this setup (I did not bother to setup WireGuard on her smartphone as of yet).<p>On each individual client device I also use a layer 7 firewall (&quot;personal firewall&quot;). On macOS I use Little Snitch and LuLu. On Linux I use OpenSnitch. I don&#x27;t use Windows, but if I would I&#x27;d at least remove all the tracking stuff (for example with O&amp;O ShutUp). On Android, I don&#x27;t use a layer 7 firewall which is my bad.<p>For browser, on every OS I use a configured Firefox (which I did NOT document; my bad!) with a bunch of addons. uBlock Origin (mainly to manually block &quot;you are blocking ads&quot; notices). I use uMatrix, Cookie AutoDelete, Smart Referer, Privacy Badger, Decentraleyes, HTTPS Everywhere, containers for Amazon&#x2F;Facebook&#x2F;Google (would like to add Microsoft), CanvasBlocker, Tracking Token Stripper, Forget Me Not, Terms of Service; Didn’t Read, and Buster: Captcha Solver for Humans.<p>uMatrix <i>will</i> break the web. However it is more user-friendly than NoScript ever was. You are going to have to configure such. For websites you regularly use, you can save the temporary changes, or just not use such bloated websites. Also, I recommend the addon Dark Reader and the feature Reader Mode.<p>To test your setup on your browser, try ipleak.net. One of the things I configured in Firefox, is to disable WebRTC. I don&#x27;t use an addon for that.

I have &quot;pi-holed&quot; my openbsd router using both ip blocklists for the firewall and dns blocklists for unbound that refresh automatically every night.<p>All my clients run firefox with ublock origin and https everywhere. I ran no script for a while but it is quite painfull to manually allow scripts on a lot of pages so I think I have found a nice balance. I have also turned off wasm support in firefox.<p>If a site doesn&#x27;t work with the above or shoves large nasty inline popups with &quot;we value your privacy&quot; etc and do not show a clear reject button I leave.<p>edit: I also pay subscription to most of the websites I use often that support payment and if they don&#x27;t I email them and tell that I don&#x27;t want ads and that I&#x27;d like to pay for it. Usually one can come to an arrangement.

If uBlock Origin + Privacy Badger give you too many problems, what you are after is a worse setup. You want a less aggressive system that allows the ad-tech that those sites are relying on to work, which will also allow that ad-tech to display some ads and invade some privacy, but its a perfectly reasonable choice.<p>Personally, I use uBlock Origin + Privacy Badger (and NoScript for work, per policy). In most cases, if a site doesn&#x27;t work I&#x27;ve realized I really don&#x27;t want to be there (and the Internet is likely better off without adding my rant to the comments section of that click bait article I really shouldn&#x27;t be wasting my time with). It is fairly rare to find a broken site and rarer still to actually need to use it (airlines are the worst), so I don&#x27;t sweat the time to temporarily disable protection or work out the white list.

The <i>best</i> setup acc to me for web is Firefox + uMatrix + CanvasBlocker + WebRTC Blocker + DecentralEyes + HTTPS Everywhere + Smart Referrer + StartPage &#x2F; DuckDuckGo + any DNS over HTTPS provider of your choice. Be prepared for the recaptcha time sink. You could turn on Firefox&#x27;s resistFingerpriting setting, too. Use Brave or Bromite as an alternative browser for websites that break.<p>For phones, you could run DNSCloak with AdGuard DNS (iOS) or Blokada (Android). There&#x27;s AdGuard Pro, Lockdown Firewall, and Guardian VPN+Firewall for iOS that are super neat.<p>NoRoot Firewall, NetGuard, and GlassWire Firewall for Android that I&#x27;ve found to have acceptable privacy policies. LittleSnitch or LuLu Firewall for Mac, GlassWire Firewall for Windows are some of the other options.<p>Pi-Hole your routers too for other devices connecting to Internet.

Apart from the usual recommendations, to Firefox users I recommend enabling first-party isolation by setting &quot;privacy.firstparty.isolate&quot; to true. In this way, the data of every website will be isolated from each other. It is like the Facebook&#x2F;Google container extension, but for every single website there is. It has yet to break something after one year of use and it has certainly made my browsing feel much less invasive.

I&#x27;ve been using <a href="https:&#x2F;&#x2F;www.nextdns.io" rel="nofollow">https:&#x2F;&#x2F;www.nextdns.io</a> for the last month.<p>It&#x27;s PiHole as a Service.

I&#x27;m curious, what websites are breaking for you? I use the same (+ Facebook Container) and I rarely notice breakage. PrivacyBadger is the only one that&#x27;s broken something for me before (image links from a CDN), I can&#x27;t recall uBlock Origin ever breaking a site for me unless the site has an anti-adblocker.<p>If you&#x27;re talking about the &quot;please disable your adblocker to continue&quot; messages, you can consider something like Anti Adblock Killer [1] which can help bypass those kinds of blocks.<p>As far as the best setup I think what you have is fairly close to &quot;the best&quot; already without getting more hands-on. You can check out Pi-hole which I&#x27;ve heard is superior, but harder to setup [2].<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;reek&#x2F;anti-adblock-killer" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;reek&#x2F;anti-adblock-killer</a><p>[2] <a href="https:&#x2F;&#x2F;pi-hole.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;pi-hole.net&#x2F;</a>

&gt; I&#x27;ve become frustrated with having to disable one or both of the above for too many sites--they just break functionality for a good chunk of the web<p>For uBlock Origin[1], the best solution is to report the breakage to filter list maintainers.<p>Keep in mind that all the lists are community-contributed, with filtering issue addressed as users report them. So you benefit from these when using a content blocker making use of these community-maintained lists.<p>So when you report a broken site and that as a result the lists are updated, then you contributed back to have the issue addressed for others as well when they visit the site.<p>The basic default lists&#x2F;settings should have minimal breakage issues.<p>* * *<p>[1] Side note: uBO is a <i>content blocker</i>, not an &quot;ad blocker&quot; -- I never ever referred to uBO as an &quot;ad blocker&quot;. I consider this an important distinction.

Edit: I forgot to mention the most important piece: When a site says that it won&#x27;t work without JS, I accept this and close the tab. Unless it&#x27;s Google Maps.<p>My browser has built-in URL-based filters.<p>I browse with JS disabled except for a handful of sites, which I enable for the session whenever I need it.<p>My browser makes it easy, with a three-key shortcut to toggle it.<p>This is about the extent of it.<p>I used to use uBO, which I still think is great, and enough for more Chrome and Firefox users. Many blessings to its maintainer.

General advice: make sure you have a solution on all platforms. TV, IoT, phone on wifi, phone on mobile network, etc...<p>At home you need to first subvert your ISP.<p>Make sure you have a router doing blocking, like a PiHole. For mobile devices always use a VPN and DNS protection like dns-crypt. Use Cloudflare’s mobile DNS over HTTPS solution even though that’s a single point of failure, decide for yourself how risky you think that is.<p>Besides browser specific plugins you should implement a host block. The host block lists are not too exhaustive so if you use dns-crypt configure it to log every dns request and add any new hosts to your block list that look surprising.<p>It’s a lot of work, but if that’s what you’re looking for you may find some fun ways to automate this workflow :)

For mobile I use <a href="https:&#x2F;&#x2F;blockerdns.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blockerdns.com&#x2F;</a> (full disclaimer: that&#x27;s my creation). It&#x27;s ad blocking through DNS-over-TLS on Android 9 and above.<p>For home I just run my own bind DNS servers internally. And then for friends and family I have them set their routers to a couple bind DNS servers (same config as my internal ones) in the cloud.<p>For all of the above I use the same block list. It currently has about 25k entries, and is built with some data from a few of the well known public lists. But I augment that with domains I find by regularly auditing specific websites that are particularly aggressive with ads and specifically trackers.<p>But with that said, since I&#x27;ve got friends, family and paying users working from that list, I do actively try to prevent the breaking of popular sites and services. For example, personally I&#x27;d outright block anything related to Facebook since I quit them years ago, but too many people still use it, so for my list I try to keep a good balance by blocking their pixel and stuff like that, while allowing the resources absolutely necessary for the site.

The best setup is cli browser links or lynx.<p>Next best is Firefox with uBlock Origin, uMatrix, Privacy Badger, Cookie Autodelete, Decentreleyes, and a bunch of about:config alterations. Some sites will break. If a site breaks I either forget about it or open it in incognito.

On macOS I mostly use LittleSnitch, with a few lists, then manually add trackers and calls to weird domains made by apps that shouldn&#x27;t make them. Upside is, it&#x27;s system-wide.<p>Wrote a post about that <a href="https:&#x2F;&#x2F;weekly.elfitz.com&#x2F;2019&#x2F;02&#x2F;12&#x2F;block-ads-and-trackers-on-your-mac-with-little-snitch&#x2F;" rel="nofollow">https:&#x2F;&#x2F;weekly.elfitz.com&#x2F;2019&#x2F;02&#x2F;12&#x2F;block-ads-and-trackers-...</a><p>But the best setup (still haven&#x27;t done it) would probably be pi-hole, remotely accessible over some vpn (because you don&#x27;t want to manage what would otherwise amount to a publicly accessible DNS server). It would cover all your apps and devices.

My setup is Firefox with the usual about:config modifications (search for it)<p>uMatrix<p>Ad Nauseum<p>Smart Referer<p>Decentralized Eyes<p>https everywhere<p>Cookie autodelete<p>VPN with ipv6 turned off since they don&#x27;t reroute that<p>With uMatrix I also block all first party cookies and scripts by default and white list as needed.<p>This only breaks websites the first time you visit them. Only thing that becomes an issue is uMatrix but as you Whitelist the sites you need it just ends up not being a big deal.

I&#x27;m mildly surprised that no one has mentioned [Better](<a href="https:&#x2F;&#x2F;better.fyi" rel="nofollow">https:&#x2F;&#x2F;better.fyi</a>). Works very well for me.<p>The pitch:<p>Better uses our own list of blocking rules, curated and maintained by Ind.ie. We use the principles of Ethical Design to decide what should be blocked. This is our only blocking criteria, advertisers cannot pay us to compromise our integrity and unblock them.<p>Better does not block respectful ads. Respectful ads respect human rights, human effort, and human experience. For an example of respectful ads, see The Deck network, winner of our first Cloud of Fame award.

<a href="https:&#x2F;&#x2F;technitium.com&#x2F;dns&#x2F;" rel="nofollow">https:&#x2F;&#x2F;technitium.com&#x2F;dns&#x2F;</a><p>You block domains at the dns, you can download a variety of block lists and you can also create your own. You can log the dns lookups to find out what domains are being used which can be used to further create a block list. The advertising code and tracking code never gets downloaded. Runs on the window pc so you don&#x27;t have to worry about making changes to anything else upstream, great for laptops and road warriors who use a variety of internet connections.

I use firefox with ublock origin and privacy badger and I can&#x27;t recall the last time I ran into a site that was broken because of it. But, I visit a fairly narrow section of the internet regularly so there might not be much overlap between what I browse and you browse.<p>I also use the multi-account container add on and the temporary container add on. This allows me to pin a few big sites to their own containers (google, amazon, etc) and open all other new tabs in temporary containers. This setup works great and appears to help keep firefox fast over time. I use duck duck go to search but firefox makes it trivial for me to re-run a search with google if I need to.<p>I also run an ad blocking vpn on google cloud using Algo. I use google cloud because the vpn can run on the permanently free tier and I only pay for network traffic (which is near zero), and I also enjoy the irony of it. I have wireguard clients setup on all of my devices to use the vpn either permanently (phone) or on demand (laptops). Having this vpn is nice as it makes it easy to block ads in apps on my kids mobile devices.<p>This vpn setup works ok but not quite as well as when I ran the same thing using Streisand and open vpn clients. I only say this because I have a homebrew whole-house audio setup with a bunch of google audio chromecasts and no matter how I tweak the wireguard client settings I cannot get that casting to work properly. With open vpn clients, those settings are a cinch.

I&#x27;m also curious about this. A couple years back, I switched from &#x27;AdBlock Plus&#x27; to &#x27;uBlock Origin&#x27; and the difference was night and day (it blocked SO many more ads).<p>I&#x27;ve been out of the game for awhile, so I&#x27;m wondering what beats uBlock nowadays... Any recommendations?

Although this isn&#x27;t exactly blocking, I tend to use Reader View a lot these days. I installed an extension that allows to force using it for any page, and I wish that FF made it default.

A Raspberry Pi running Pi-hole[1] works really well in my household. We have 20+ devices and 2 adults, 2 kids, connecting to a combination of wifi and ethernet and all get DNS automatically assigned to the Pi-hole. I routinely see ~ 20-30% of all outgoing DNS requests blocked by the Pi-hole.<p>Note you don&#x27;t need a Raspberry Pi to run Pi-hole, you can run it using a Docker image too.<p>[1] <a href="https:&#x2F;&#x2F;pi-hole.net" rel="nofollow">https:&#x2F;&#x2F;pi-hole.net</a>

I&#x27;d recommend starting with Firefox, and configuring Firefox&#x27;s cookie settings to always block third party cookies.<p>Next, if you have a good password manager that can auto-fill logins, set Firefox to delete all cookies (and everything else) when you close the browser. That way, every time you open your browser you&#x27;re starting from a clean slate. I promise you&#x27;ll quickly get used to logging in every time, and it won&#x27;t be that hard.<p>Next, enable Firefox&#x27;s Multi-Account Containers add-on. This basically allows you to isolate sites you commonly use into their own cookie realms. Create containers for the sites you want to isolate (Google, Facebook, LinkedIn, etc.) and set those domains to always open in that domain&#x27;s container. That way, when you click on a link to Facebook it will auto open a new tab in that Facebook container.<p>Next, install uBlock Origin. I don&#x27;t think there&#x27;s a need to install Privacy Badger since you&#x27;re already blocking third party cookies, but others please correct me.<p>Next, for websites that don&#x27;t work with uBlock Origin, create a dedicated container for that domain and set to always open in that container. Then, whitelist in uBlock Origin whatever tracker on that site you need to run things properly. That way, the tracker is isolated to just that domain&#x27;s container.<p>Overall, Firefox&#x27;s Multi-Account Containers are extremely powerful for isolating site cookies and trackers. I wish they would allow you to set different cookie settings per container, so you could by default clear cookies when you close Firefox and add exceptions for specific containers, but even given that deficiency, is still the most powerful browser feature that&#x27;s come out since tabs.

Might not be the best setup, but this gives me minimal issues.<p>1&#x2F; Chrome browser with extensions - Disconnect (<a href="https:&#x2F;&#x2F;disconnect.me&#x2F;" rel="nofollow">https:&#x2F;&#x2F;disconnect.me&#x2F;</a>), Ad blocker, and Anti-Adblock killer script with Tamper monkey.<p>2&#x2F; Cookies disabled by default.<p>3&#x2F; Any sites which refuses to function without them, open in incognito or guest window.<p>This gives me minimal problems. Most of the tracking is out via Disconnect, many ads are blocked automatically, and the remaining ones I block manually. I will definitely be tracked by a few websites and third-parties, but this gives me a better balance than just focusing on complete block.<p>To add to it, google provides you an option for not recording searches and location. Also, keep deleting cookies regularly for the ones you have enabled.

I use that setup + a hosts block file, and i recently started using a pi-hole. I also use stylus to block a few custom elements and change themes for a few sites. I mostly visit news sites and some random sites.<p>The only issues i have had have been on pinterest. What sites do you have issues on?

IMO uBlock Origin in Medium blocking mode is the best &quot;less is more&quot; setup.<p>[1]: &quot;uBlock Origin in Medium mode for Lighter and Stronger Protection, with Less websites breakage and hassle&quot;<p><a href="https:&#x2F;&#x2F;malwaretips.com&#x2F;threads&#x2F;ublock0rigin-in-medium-mode-for-lighter-and-stronger-protection-with-less-websites-breakage-and-hassle.93311&#x2F;" rel="nofollow">https:&#x2F;&#x2F;malwaretips.com&#x2F;threads&#x2F;ublock0rigin-in-medium-mode-...</a><p>[2]: Blocking mode: medium mode<p><a href="https:&#x2F;&#x2F;github.com&#x2F;gorhill&#x2F;uBlock&#x2F;wiki&#x2F;Blocking-mode:-medium-mode" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;gorhill&#x2F;uBlock&#x2F;wiki&#x2F;Blocking-mode:-medium...</a>

Currently using Brave Browser, AdBlock Plus and Privacy Badger. For my daily usage, I only have a few sites I need to whitelist.

I use a slightly customized version of the Energized Protection[1] block list, which acts as a DNS sinkhole but is really just a text file that you paste into &#x2F;etc&#x2F;hosts. Before that I was using Pi-Hole but I found it too cumbersome to maintain properly. (Additionally &#x2F;etc&#x2F;hosts entries are way easier to scan, modify and verify for non-maliciousness IMO.)<p>In my browser I use uMatrix since it gives me fine-grained control over what websites can do. I have very strict default policies that break most sites but you can set them to whatever you want.<p>Additionally I&#x27;ve written my own regex-based request blocker[2] for YouTube midroll- and page ads since I don&#x27;t trust other, more opaque ad blocking solutions that handle those (like AdBlock Plus). It does break all other Google services I&#x27;m aware of however. (Which I could patch but I don&#x27;t really mind.)<p>[1]: <a href="https:&#x2F;&#x2F;github.com&#x2F;EnergizedProtection&#x2F;block" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;EnergizedProtection&#x2F;block</a> [2]: <a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;ytblocker" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;ytblocker</a>

I use a custom built pfSense router running pfBlocker. The web broken, websites that won&#x27;t function without adtracking doesn&#x27;t deserve to be visited.

Besides disabling JavaScript you can put hosts file blocklists. This is much faster.<p>Simple corporation block list (e.g. Facebook, Google) <a href="https:&#x2F;&#x2F;github.com&#x2F;jmdugan&#x2F;blocklists&#x2F;tree&#x2F;master&#x2F;corporations" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jmdugan&#x2F;blocklists&#x2F;tree&#x2F;master&#x2F;corporatio...</a><p>&quot;Someone Who Cares&quot; list <a href="http:&#x2F;&#x2F;someonewhocares.org&#x2F;hosts&#x2F;" rel="nofollow">http:&#x2F;&#x2F;someonewhocares.org&#x2F;hosts&#x2F;</a><p>Ultimate Hosts Blacklist: 1 million blocked domains (once in a while you might need to unblock something) and also a bonus known hacking IP blocklist (prevents common hacking sources). <a href="https:&#x2F;&#x2F;github.com&#x2F;mitchellkrogza&#x2F;Ultimate.Hosts.Blacklist" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mitchellkrogza&#x2F;Ultimate.Hosts.Blacklist</a><p>If you have iOS device install an ad blocker app like AdBlock Fast, this plugs to practically all web sessions in the phone.

Cookiebro is a great cookie manager since it supports both blacklist and whitelist and can even block single cookies. It also has a built-in Cookie Editor and Cookie Log for monitoring which sites are trying to set cookies.<p><a href="https:&#x2F;&#x2F;nodetics.com&#x2F;cookiebro&#x2F;" rel="nofollow">https:&#x2F;&#x2F;nodetics.com&#x2F;cookiebro&#x2F;</a>

at home, <a href="https:&#x2F;&#x2F;pi-hole.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;pi-hole.net&#x2F;</a> on the go, i use some combination of ublock, noscript, and their equivalents

pi-hole over ZeroTier so I can get it wherever I am and latest Firefox with the most secure custom privacy setup. Nothing seems to break but I don&#x27;t use things like Facebook and Twitter so wouldn&#x27;t know about them (seems pointless to try to stay private if you&#x27;re on them anyway.)

PiHole + Little Snitch + JSBlocker on macOS Mojave<p>JSBlocker is cranked up to to the max - no inline JS, or frames or videos, etc. Then as I go about info surfing I progressively enable services that are vetted like some content delivery services, common JS frameworks, etc.<p>Makes the web actually tolerable.

I posted this somewhere else before, so I will just repost as the answer did not change that much.<p>I use Safari with JS and cross-tracking disabled on macOS and iOS, Firefox with a custom user.js on elementaryOS. I enable JS only when necessary — looking at you, Help Scout.<p>For actual blocking, I run a Pi-hole on a VPS that connects to multiple DNSCrypt servers that I control, which block everything I want while improving privacy. Planning on replacing Pi-hole with AdGuard Home for DNS over HTTPS and DNS over TLS, since I want to have this server public at some point, for others to use.<p>If anyone is interested in testing, shoot me an email at root@jamespond.co. No logging, DNSSEC, disk encryption, Canonical Livepatch, 24&#x2F;7 monitoring and completely open source.<p>:)

I&#x27;m using that exact setup and I can&#x27;t remember when it broke anything. Now uMatrix breaks everything, but that may be for the best. If the modern web is working, you&#x27;re the product.

Check out the no script Firefox add on. If u go to a website that pops up a big screen saying disable ad block u can right click the screen blocking and remove it and bam website works perfect

AdGuard for Android works fairly well. I may spring for the premium version.<p>Elsewhere I use LittleSnitch on my Mac, followed by Firefox (w&#x2F;associates plugins like everyone else).

Cookie Autodelete is a good one. Simple to configure what cookies you want. Doesn&#x27;t get in the way while still deleting the cookies you don&#x27;t opt to keep.

I use a Pi-Hole and on top of that uBlock Origin. Seems a pretty nice combination. For privacy though, you need to know what level of privacy you&#x27;re aiming for. At a certain point, adblockers and tracking protectors won&#x27;t help and you&#x27;re better of with something like Tor. For like, general daily use though, I very much recommend a Pi-Hole + uBlock Origin. Oh, and Firefox, not Chrome, for obvious privacy reasons.

<a href="https:&#x2F;&#x2F;someonewhocares.org&#x2F;hosts&#x2F;" rel="nofollow">https:&#x2F;&#x2F;someonewhocares.org&#x2F;hosts&#x2F;</a> and AlgoVPN

I use Brave browser plus adguard dns. They support dnscrypt and I&#x27;ve got it enabled on my OpenWrt router. Adguard does break the internet a little bit because they block those tracking links that quickly redirect you to the website that you wanted to go to. I think that the Pi-hole is a better option if you need or want to do any personalized customization to your block list.

I&#x27;m not that paranoid and I don&#x27;t really care about blocking ads, just the most egregious tracking. So I use Disconnect and rarely see ads or &quot;please disable your ad blocker&quot;, and when I do see ads, I just shrug it off.<p>I don&#x27;t know how efficient it is for tracking, but at least I have the moral high ground of going after blocking tracking, not ads in general ...

so, this isn&#x27;t for everyone, but I like the uBlock Origin + uMatrix combo.<p>This will break a lot at first, but uMatrix allows you to build a whitelist easily, and slowly over time website won&#x27;t be broken half as much, and it&#x27;ll be exceptionally rare for you to have to disable the whole extension whenever you want things to get working again.

I&#x27;m using Firefox with uBlock Origin (+ social network blocking lists), Decentraleyes and Firefox Multi Account Containers.<p>I put every &quot;big data&quot; collector (Google, FB, etc.) in a single container using FMAC.<p>(And to be honest: I tried uMatrix but it was too work intensive.)

Pihole unfortunately doesn&#x27;t block YouTube ads anymore. Anyone found a solution for that?

UBlock Origin on Mac and 1Blocker X on iOS. Pretty happy, only have to whitelist occasionally. But it’s usually a surprise and I struggle until I realize one of my blockers is interfering with a site I want access to.

Pihole on a raspberry pi ZeroW and ublock origin for desktop and Adblock plus for mobile.<p>I love ublock’s ability to easily block individual elements of a page such as distracting video or moving crap.

What are the sites that are not &quot;working&quot; with your setup?

I use uBlock Origin and disable JavaScript by default, then instead of enabling those things when sites break, I choose to be more discerning about the websites I visit instead.

The following doesn&#x27;t break my everyday browsing:<p>uBlock Origin, Decentraleyes, httpseverywhere, DNS over HTTPS (currently Cloudflare, but plan to use my own resolver soon)

I honestly get relatively little site breakage; so I&#x27;m just fine with that. But if you&#x27;re having issues I would suggest reek anti-adblock killer.

Setups which are data sinks giving minimal info about end users are the best.<p>If you outsource processing&#x2F;filtering, that data has commercial value eventually.

I use Pi-hole on the network level, then 1Blocker as a content blocker. It blocks add and analytics trackers, and works on macOS and iOS.

z_open&#x27;s setup is really good. Very similar to mine. A site that has helped me learn enormously about this is privacytools.io. I designed my config based on their suggestions. There are a tons of privacy conscious alternatives to everyday software.<p>Many of the configs you are going to see here can be reasoned through the suggestions at their site.

&gt; What&#x27;s the best setup these days for ad-blocking + privacy&#x2F;tracker-blocking that doesn&#x27;t break the web?<p>If one doesn&#x27;t want to break the web, they shouldn&#x27;t block ads since most of the web is free <i>thanks</i> to ads.<p>I use a blacklist approach and only block ads on those websites which clearly have no consideration for usability (popups, autoplaying videos, ...) or for privacy.<p>I have found that Unlock Origin is great for this approach.

I use PolicyControl in Chrome and it works great. I can have fine grained control over each site.

PiHole with Cloudflare DNS

I just use DuckDuckGo’s privacy plugin, that seems to kill most ads.

Pi-Hole at the Home Router.<p>1Bocker for Safari.<p>uBlock Origin for Chrome.

I have a multi-tiered adblocking environment at home and abroad.<p>At home, I have AdGuardHome installed in a VM acting as my home network&#x27;s DNS. It&#x27;s pretty effective and is an alternative to PiHole. This is a first-tier filter I have while at home for all my devices. <a href="https:&#x2F;&#x2F;github.com&#x2F;AdguardTeam&#x2F;AdGuardHome&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;AdguardTeam&#x2F;AdGuardHome&#x2F;</a><p>On the web browser, I have the AdGuard Firefox extension. <a href="https:&#x2F;&#x2F;adguard.com&#x2F;en&#x2F;adguard-browser-extension&#x2F;firefox&#x2F;overview.html" rel="nofollow">https:&#x2F;&#x2F;adguard.com&#x2F;en&#x2F;adguard-browser-extension&#x2F;firefox&#x2F;ove...</a><p>For my mobile phone, it&#x27;s a little obtuse but relatively straightforward. I have a non-rooted Android phone. I&#x27;ve installed AdGuard for Android there as well. The way it works is it runs a local VPN on my phone, so all device traffic goes through a localhost proxy, which filters the DNS and unencrypted TCP traffic. For HTTPS filtering, it installs a local TLS CA to perform re-signing of websites (you can configure it to ignore EV certificates, as I have, which are more common with online banks and more secure sites). It works pretty well with exception to apps that have built-in ad platforms like Instagram. It blocks 100% of ads in apps like Wunderground, Reddit, and Firefox. <a href="https:&#x2F;&#x2F;adguard.com&#x2F;en&#x2F;adguard-android&#x2F;overview.html" rel="nofollow">https:&#x2F;&#x2F;adguard.com&#x2F;en&#x2F;adguard-android&#x2F;overview.html</a>. There&#x27;s also an iOS version of the app on their website.<p>I have a Google Play Music subscription which comes with YouTube Premium. However, more and more YouTubers are diversifying their revenue, and have gone to completely sponsored videos with embedded ads. For sponsored clips in YouTube, SponsorBlock extension: <a href="https:&#x2F;&#x2F;github.com&#x2F;ajayyy&#x2F;SponsorBlock" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;ajayyy&#x2F;SponsorBlock</a><p>Decentraleyes [sic] is another extension that I use primarily on my phone, but also at work. It allows the web browser to use local versions of CSS&#x2F;JS frameworks and fonts that would otherwise have to load from CDNs that track your requests. Things like jQuery, Bootstrap, AngularJS, FontAwesome, etc. are all loaded from local copies through this extension. This benefits the user by saving bandwidth and page load time as well as stopping unwanted tracking from the remote party. <a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;decentraleyes&#x2F;" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;decentraleyes...</a><p>Don&#x27;t Fuck With Paste. This extension prevents websites from disabling pasting in form fields. Extremely useful when you are using a password manager to enter form data or just copying and pasting from another location. Websites that break paste are just as bad as websites that serve ads in my book. <a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;don-t-fuck-with-paste&#x2F;" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;don-t-fuck-wi...</a> (it&#x27;s also available for Chrome).<p>If you know someone or you yourself actually still use Facebook, I also highly recommend Social Fixer. Not only does it block Facebook ads and other page elements, but it lets you keep track of other events like who unfriends you. It has a lot of options and I&#x27;ve been using it for years. <a href="https:&#x2F;&#x2F;socialfixer.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;socialfixer.com&#x2F;</a><p>Worth checking out are NoScript extension, PiHole, and UBlock Origin. I don&#x27;t use these but I&#x27;ve heard good things about them and everyone seems to recommend them.

Nobody mentioned Waterfox?

step one is definitely to get off chrome<p>cli or FFX + ublock origin, ABP, FB container

privacytools.io

Use Brave :)

For Apple folks: Ka-Block! for Safari, both iOS and Mac, second Firefox Focus&#x27;s content blocker on iOS. Always on VPN mobile and desktop. Always Private browsing mode everywhere. Kills 99% of germs :)

I don&#x27;t mess with browser extensions anymore, I just use Brave: <a href="https:&#x2F;&#x2F;brave.com" rel="nofollow">https:&#x2F;&#x2F;brave.com</a>