Now web browsers need to work on improving security even more to avoid cross-site content and block suspicious sources even better. This is not only the ordinary cookies or injected ads that are to be considered but also "super-cookies" and cookies/caching of plugin data. Virtualization by default may also be useful - so that each program runs in its own sandbox.
A lot of the stuff isn't even hacking, its abuse of permissions. The other day I had a third party tracker request permissions to turn on my mic, and my understanding is if I said yes, the permission would remain across all sites with their tracker on Chrome. So they could listen to me across the Internet. Similar are browser extensions which request the power to read and change data on all pages.These need to come with clear privacy policies, and some kind of audit process to make sure it works.
The main thing to me is advertising has stopped being advertising: connecting people with products and services they might want - and started being about something else. Since when was "Mad Men" about a wiretap that listens to people in their homes?