Google Chrome ad features checklist

For all Google Chrome users

• Turn off third-party cookies, under chrome://settings/cookies. Select Block third-party cookies.

  This setting makes Google Chrome’s behavior similar to that of other browsers, so shouldn’t break anything on the normal web. (Some corporate applications will break, so if you have those applications at your company or organization, you can share the links in the desktop system administrators section with your IT department and they can configure Google Chrome to do the right thing.)

• Below the third-party cookie setting, turn off Allow related sites to see your activity in the group (This is third-party tracking for sites that claim they’re related in some way—but the groups don’t get an independent check.)

• Go to the in-browser ad features, at chrome://settings/adPrivacy or chrome://settings/privacySandbox and turn off at least Ad topics which is the really problematic one, and any of the others you want to. This stuff is all new, and sites don’t depend on it, so you can safely turn it off without breaking anything.

For Google Account holders

If you have a Google Account for services like YouTube or Gmail, go to https://myadcenter.google.com/home and set Personalized Ads to Off. (This should cover downstream processing of your data, not what happens in the browser.)It’s not about the cookies or specific tracking technologies. Personalized advertising is unavoidably risky, and so-called privacy-enhancing technologies just make it worse.

For Android users

Consumer Reports has an up to date set of instructions that should work across Android versions. See Workout 4 at CR Data Bootcamp

If you use an ad blocker or content blocker

If you choose to run an ad blocker or a content-blocking privacy extension, pick one that is honest and currently maintained.

• Privacy Badger - Chrome Web Store A simple, effective privacy extension that blocks most web ads as a side effect.

• uBlock Origin - Chrome Web Store A full-featured extension that blocks tracking, ads, and annoyances.

Please don’t recommend an ad blocker to other people. When people search for ad blockers on search engines or browser extension directories, they’re likely to find malware, adware, scams, extensions that block visible ads but not tracking, and extensions that participate in a paid allow-listing scheme. If you recommend an extension, make sure to give a specific name and link.

The functionality available to extensions in Google Chrome is being reduced, so running Google Chrome with an ad blocker does not look like a long-term solution. But either of the above two should work for now. (If you do switch browsers, be sure to turn off advertising features in Firefox.)

For desktop system administrators

If you manage Google Chrome centrally, you can turn off third-party cookies for all users. See https://chromeenterprise.google/policies/#BlockThirdPartyCookies. Some Intranet and SaaS applications still require third-party cookies. Test this option thoroughly, especially if you have web applications that are known to only work on Google Chrome.

There are also several settings to turn off in-browser ad features, at https://chromeenterprise.google/policies/#PrivacySandbox. Read the descriptions carefully. (This is not just a privacy thing. We’re still unclear on the performance impact of running an entire in-browser ad stack, especially on older PCs, so it’s likely to extend desktop system life and reduce user complaints.) All of this stuff is new, so can be turned off safely without breaking any legacy web applications.

Recommended secure configuration guidelines for Google Chrome are available from the Center for Internet Security: CIS Google Chrome Benchmarks (The current version covers cookies, but does not yet include recommended settings for the Privacy Sandbox ad features. TODO: update when new version of the CIS documents are available)

For web developers

Data on your web visitors can be collected using a third-party script. Some third-party scripts are already being extended to do this. Fortunately the fix is something that looks like a good idea anyway: setting Permissions-Policy.

• If you run a site with no third-party JavaScript or iframes, and you know you will never add them: you should technically be good, just don’t put any third-party JavaScript or iframes on it. (That includes embedded Twitter tweets, embedded YouTube videos, Imgur photo widgets, third-party fonts, all that stuff.)

• If your site has third-party JavaScript or iframes, or someone might add one in the future: Check your Permissions-Policy HTTP header to make sure it includes browsing-topics=(). As I write this, a good header is:

Permissions-Policy "accelerometer=(),autoplay=(),browsing-topics=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"

See permissions-policy.conf in the h5bp project. If your site requires some of these permissions in order to work, you can always turn some of them back on. More info in the Permissions Policy article on MDN.

For WordPress sites

The WordPress plugin Disable Topics API by Roy Tanck will set the Permissions-Policy header for you.

Related

A Post-Google World It was as if every night Google could break into the offices of the Wall Street Journal and take its subscriber list, and then go to its own advertising clients and tell them that it could sell them access to Wall Street Journal readers for much cheaper rates when those readers opened Google owned and operated properties, like Gmail, YouTube, search, and so forth. In doing so, Google gained the ability to direct ad revenue away from third party publishers to itself. (My personal main reason for fixing these settings in Google Chrome is not to protect my own privacy, but to avoid having the browser, which should be working for me, participate in Google’s criminal enterprise instead.)

turn off advertising features in Firefox Firefox has some similar functionality, co-developed with Meta, so just a browser switch is not enough. Every mainstream browser has something you need to check and turn off. Memo to self: look up Vivaldi and Microsoft Edge

turn off advertising measurement in Apple Safari (just one setting, but it’s buried under Advanced)

Block AI training on a web site covers three ways to tell AI crawlers not to use your site content.

remove AI from Google Search on Firefox, with links to instructions and extensions for other browsers

CIS Benchmarks

More privacy tools and settings to check for other programs and devices: effective privacy tips