Shameless self-promotion of my master's thesis on third-party tracking follows; see full PDF for numbers backing up claims. A paper based on the thesis also got published by IEEE.

I'm uncomfortable being "monitored" and "logged" -- but worry less about visible advertisements, and more about either hidden web beacons or visible (but desirable) content served by known tracker organizations. Adblockers can block most visible ads, and you'll notice if one slips through -- but fewer care about less blinky-flashy tracking.

Google is the king here; they have embedded fonts, videos, maps, analytics scripts -- and own one or more ad networks. Google alone has resources present and loaded from 85%+ of global top sites. That includes domains protected by HTTPS, which doesn't actually protect against "active tracking." Among others, these numbers dwarf those of Facebook and Twitter -- and any other ad/tracker network that I know of; see Table C.14 for some Google services such as DoubleClick, Analytics, Maps, Youtube, Fonts, APIs.

For my master's thesis (2014-2015) I asked a similar, but broader, question: how prevalent are third-party resources on websites/domains? Turns out most domains in Alexa's top 10.000 sites have some kind of resource (image, script, video, fonts, ads, and so on) from another domain (internal/external CDN, content provider, advertising network, etcetera). Downloaded the front page of some 150.000 domains to compare; the pattern continues across other sets of domains. See Appendix C in the PDF for lots of numbers and graphs.

My personal tips: if you're stubborn, use uMatrix to block/unblock resources per origin domain and resource type. If you're even more stubborn, edit the settings to blacklist all non-first party resources and only whitelist what you'd like to see -- but expect a steep learning curve. Your boss is probably more comfortable with uBlock Origin.

Happy to see ESR using crowdfunding, and I seriously think that more developers should consider refocusing to work on open source full-time. Let's say that a company might build DRM-ridden software to make money only on the most popular OS/platform, but a crowdfunded developer might be able to work on a non-DRM alternative that works on all systems. By this I mean that while commercial companies use, as well as build and directly sponsor, open source software, what gets sponsored might not be the best "for the greater good". Staying independent might avoid some of the inherent conflicts of interests in sponsored development. Now, making a decent living only/mostly programming open source software "for the greater good" offers quite the hurdle -- 9-5 work is the easiest choice for most, hopefully at least with some degree of open source contributions.

Shameless plug: I figure that ESR has about 25 more years of open source contributions than I, but last night I joined Patreon to see if there's even the slightest chance to make the switch from primarily closed income to primarily open source income. Feedback appreciated! patreon.com/joelpurra

Sorry for using the same words in different ways that close to each other; in this case I meant that the forking seems messy. uBlock origin was created and is maintained by the original author, but the fork marketed as simply uBlock on ublock.org is not (at least not anymore).

I'm not involved in the development of uMatrix nor Disconnect.me, I just used Disconnect.me's blocklist for scientific third-party/tracker research.

• Ghostery uses a blacklist, so it's always running behind tracker companies. Plus, Ghostery itself is owned by an marketing company.
• uBlock was created by the same guy who created uMatrix, Raymond Hill (gorhill), but Matrix is much more fine-grained for advanced users. (Block has been forked, and it looks a bit messy.)
• ScriptSafe looks like a limited and messy version of uMatrix, and also seems to use some code written by Raymond Hill (gorhill). Haven't tried it though.

Basically, I would replace these with uMatrix.

Disconnect.me uses a blacklist based on known tracker domains. Given that this blacklist based blocking only detects about 10% [1] of global top web sites' resources from third party domains (loosely defined as "not the same domain, nor a subdomain"), using heuristics like Privacy Badger is probably better. Either way, they can work together. Blacklists are convenient but easy to get around for tracker companies (for example by buying a new domain). Shared whitelists are convenient, but will invariably add too many or too broad exceptions too please more users, allowing tracker companies to sneak past (for example by using, by disconnnect.me, whitelisted cloudfront.net and other CDNs for easy forwarding/domain masking). Having a personal whitelist that you maintain yourself to your own needs is a good way to go. I personally use Matrix for resource whitelisting, with a stricter ruleset blocking all third-party domains by default. It's easy to whitelist specific resource types per domain (like css and images, but not javascript), I understand that most people don't care enough to bother though. https://github.com/gorhill/uMa... [1] I have researched third party resource usage and blocking specifically using disconnect.me's blacklist, so go ahead and check it out. [/shameless plug] http://joelpurra.com/projects/...