Before: A Browser Full of Trackers

Back when I was still using Chrome with zero extensions, I thought privacy was something I handled by clearing my browsing history every few weeks. Seemed sensible enough. I would delete everything, watch the little progress bar finish, and feel like I had done my part. Clean slate. Fresh start. Nobody tracking me. I had no idea how wrong that was.

The wake-up happened during a work call. I was sharing my screen with a colleague in Hyderabad, and he noticed I had no ad blocker running. He told me to install something called uBlock Origin just to see what it does. I figured it was one of those tech-person hobbies, but I installed it during lunch. Opened the Times of India website. The little counter on the extension icon showed 94. That number represents individual tracking scripts, ad network calls, and data collection requests that tried to load when I opened a single news page. Ninety-four invisible programs, all running the moment the page loaded, all watching what I did.

I started checking other sites. Flipkart had over a hundred. NDTV had about 70. Even the login page for my daughter's school in Pune showed 23 trackers trying to load. I went to 1mg to look up a cough medicine dosage and watched the counter climb past 40. These were not pop-up ads or banners I could see. They were invisible scripts buried in the page code, and they had been running on every website I visited for years without me knowing.

My first reaction was to clear cookies again. But it turns out cookies are just one small part of the tracking system. Fingerprinting scripts can identify your browser by combining your screen size, your installed fonts, your timezone, your operating system version, and dozens of other small details into a profile that is nearly unique. No cookie needed. Tracking pixels are tiny invisible images embedded in web pages and emails that ping a remote server the moment the page loads, confirming you visited. Cross-site trackers follow you from one website to the next, building a running log of your interests, your shopping patterns, what health conditions you search for, what financial products you look at. Clearing history does nothing against any of these while they are active.

I spent that entire evening reading about browser tracking. The profile advertising networks build about each user can include hundreds of data points. Age range, income bracket, parental status, health interests, travel habits, political leanings. All inferred from browsing patterns. All assembled without you filling out a single form or giving anyone permission. A friend in Mumbai who works at a digital marketing agency told me that these profiles get sold and resold between ad networks, data brokers, and analytics companies. By the time you visit a shopping site, dozens of companies may already know you were looking at health supplements ten minutes ago. That feeling of “how did they know?” when you see a weirdly specific ad is not a coincidence. That is the tracking working exactly as designed.

The thing that hit hardest was how boring my browsing actually is. I read the news. I check Naukri for job listings. I buy things on Amazon and Myntra. I look up recipes. There is nothing secret about any of it, and yet over a hundred companies per website had decided they needed to monitor it. That gap between how ordinary my browsing was and how intensely it was being watched bothered me in a way I had not expected.

“I thought clearing my history handled everything. It was like mopping the floor while the ceiling was leaking.”

So I started looking for solutions. Not one magic fix, because I had already learned there was no single thing causing the problem. I needed a few tools, each doing a different job. The next couple of weeks became an accidental education in browser privacy, and the before-and-after difference was so big that I still get annoyed thinking about the years I spent browsing without any protection at all.

Laptop screen showing browser extension store with privacy tools highlighted

Four Extensions That Changed Everything

The first extension I installed was uBlock Origin. Not uBlock, which is a different and less trustworthy project. Not AdBlock Plus, which has a program called Acceptable Ads where advertisers pay to get their ads whitelisted. Specifically uBlock Origin, built by Raymond Hill, fully open-source, funded entirely by donations, with no advertising company money involved at any stage.

uBlock Origin works as a broad content blocker. When a web page tries to load tracking scripts, ad network calls, known malware domains, or other unwanted resources, uBlock Origin stops them before they finish loading. The page still works. The article still appears. The images show up. But all the invisible garbage that was loading alongside the real content gets cut off. The immediate result on Indian news websites was shocking. Pages that used to take six or seven seconds to load finished in two or three. On my Airtel 4G connection at home, the difference was obvious. On the limited Jio recharge plan I use when travelling, the data savings were noticeable within the first week because the browser was no longer downloading megabytes of advertising code with every page.

What sets uBlock Origin apart from other blockers is its efficiency. Independent testing shows it uses 50 to 70 percent less memory than AdBlock Plus while blocking more content. On my six-year-old HP laptop, the kind that is still common in offices across India, the browser went from feeling slow and heavy to feeling normal. Out of the box, uBlock Origin blocks known trackers using regularly updated filter lists. I turned on the regional “IND: ABPindo+EasyList” filter, which targets ad networks specific to Indian websites that the global lists sometimes miss. There is also an Annoyances filter list that removes cookie consent pop-ups and newsletter sign-up overlays. I turned that on after the fifth website in one day asked me to subscribe to something I would never read. Browsing immediately felt calmer.

The second extension was Privacy Badger, built by the Electronic Frontier Foundation. Where uBlock Origin blocks trackers based on a list of known bad domains, Privacy Badger takes a learning approach. As you browse normally, it watches which third-party scripts appear across multiple unrelated websites. When the same script shows up on three or more different sites, Privacy Badger identifies it as a tracker and starts blocking it. This catches the smaller, obscure tracking networks that might not be on any predefined list. Indian e-commerce websites, job portals, and news sites use a lot of these regional ad networks that global filter lists do not always cover. After about ten days of regular browsing, Privacy Badger had flagged and blocked dozens of tracking domains that uBlock Origin had missed. The two tools working together caught more than either one alone.

Third was Bitwarden, a password manager. I had been using the same password on almost every website I had an account on. It was my daughter's nickname followed by a year. I knew this was dangerous. Everyone knows reusing passwords is dangerous. But keeping track of different passwords for SBI Online, Gmail, Amazon, Myntra, LinkedIn, Naukri, Swiggy, Zomato, IRCTC, and at least twenty-five other accounts felt impossible without writing them all down in a notebook, which is its own security problem. Bitwarden solved this entirely. The browser extension recognises login pages, fills in saved credentials automatically, and generates long random passwords whenever you create a new account. Within two weeks, every account I cared about had a unique, strong password stored in an encrypted vault that I unlock with one master password. The free plan covers everything a single person needs. The paid plan costs about 750 rupees a year and adds features like emergency access and a built-in authenticator, but most people will never need those.

The fourth extension was Cookie AutoDelete. Cookies are small data files that websites store on your computer. Some of them keep you logged in, which is genuinely useful. Others are tracking cookies placed by ad networks that follow your browsing across dozens of websites for weeks at a time. That experience of looking at a product once and then seeing ads for it everywhere for the next month? That is tracking cookies at work. Cookie AutoDelete wipes all cookies from a website the moment you close the tab for that site. You can whitelist specific sites where you want to stay logged in. I whitelisted Gmail, my bank, Amazon, and a few other sites I use daily. Everything else gets cleaned the moment I close the tab. The tracking cookies that advertisers rely on now last only as long as I have that tab open. Combined with Bitwarden handling all my logins, there is no downside to aggressive cookie removal because I never need a cookie to remember my password.

One thing to watch for: uBlock Origin occasionally blocks parts of a website that mixes real content with advertising code. If a page looks broken or a button does not work, click the uBlock Origin icon in the toolbar and press the big blue power button to turn it off for that one site. Do not turn it off globally. I have had to do this twice in four months, once on an airline booking page and once on a government portal. Both times, the temporary disable fixed the problem immediately.

Installing all four took under ten minutes. I did uBlock Origin first for the immediate speed improvement, then Bitwarden to start migrating my passwords, then Privacy Badger to catch what the filter lists missed, and finally Cookie AutoDelete once I had figured out which sites to whitelist. HTTPS-Only Mode, which forces encrypted connections on every website, did not need an extension at all. In Firefox, you turn it on under Privacy and Security settings. In Chrome, the equivalent is under Privacy and Security, then Security, then Always use secure connections. On my phone, I switched from Chrome to Firefox for Android because Firefox on Android supports uBlock Origin, Privacy Badger, and Bitwarden, while Chrome on Android does not support extensions at all. That single fact was enough to make the switch.

The before and after difference was striking. My tracker count on the Times of India went from 94 to about 5 or 6 that slipped through. Flipkart went from over a hundred to roughly 8. Pages loaded faster. I stopped seeing ads that seemed to know what I was thinking. Products stopped following me across the internet. And I had unique passwords on every site without having to remember any of them. All free. All installed in one sitting.

Picking Extensions Without Getting Scammed

I almost made a bad mistake before getting to the right extensions. A friend had forwarded a WhatsApp message recommending Hola VPN as a “free privacy tool.” I was about thirty seconds from installing it when I decided to search for reviews first. Turned out Hola VPN had been exposed years ago for routing other people's internet traffic through its users' connections. If you installed Hola, your home internet connection became an exit node for a paid proxy service that Hola sold to commercial customers. Strangers' web traffic was passing through your connection. You had no idea. That is not a privacy tool. That is the opposite.

The more I looked into browser extensions, the more horror stories I found. Web of Trust, a website reputation tool with millions of users worldwide, was caught selling detailed browsing histories that included user names, locations, and every URL visited. Stylish, a popular extension for customising how websites look, was secretly logging every single web page its users opened and sending that data to the company's servers. The Great Suspender, a tab management extension on Chrome, was sold to an unknown buyer who pushed a malicious update that turned it into spyware. These were not obscure tools. They were popular, well-reviewed extensions that millions of people trusted.

For Indian users, the risk is compounded by the number of fake “antivirus” and “cleaner” browser extensions that appear in WhatsApp forwards and Facebook groups. These extensions ask for permission to read and change all data on every website you visit, which sounds alarming but is actually a normal permission for legitimate ad blockers. The danger comes when a fake cleaner tool asks for the same level of access and then uses it to inject ads into your browsing, track your activity, or redirect your searches through their own affiliate links. I saw several of these being recommended in Indian tech groups on Telegram.

A few guidelines that kept me safe. First, only install extensions from the official stores: Chrome Web Store, Firefox Add-ons, or Microsoft Edge Add-ons. Never install an extension from a downloaded file or a random website. Second, check the permissions. An ad blocker needs broad access to web pages because it has to scan page content to block trackers. A calculator extension or a colour picker asking for that same level of access is suspicious. Third, keep your extension count low. Every extension has some degree of access to your browser data. Four or five targeted tools are enough. I have seen people with fifteen or twenty extensions installed, several of which overlap and some of which are borderline questionable. More extensions means a larger attack surface. Fourth, be wary of extensions that ask you to create an account when there is no logical reason for one. Bitwarden needs an account because it syncs your passwords across devices. A cookie cleaner does not need an account for anything. If it asks, something is off.

One more thing I learned the hard way. When a well-known extension gets sold to a new company, pay attention. Companies buy popular extensions specifically because they come with a large user base, and some of those buyers have pushed malicious updates after the acquisition. The Great Suspender is the most famous example, but there are others. If you get a notification that an extension you use has changed its developer or been acquired, look up what happened before you accept the next update. A quick search takes thirty seconds and could save you from handing your entire browsing history to a data broker.

Firefox versus Chrome is also worth addressing. Chrome is made by Google, which earns over 80 percent of its revenue from advertising. Firefox is made by Mozilla, a non-profit with no advertising business. Firefox ships with Enhanced Tracking Protection that blocks third-party cookies, cryptominers, and fingerprinting scripts by default. It has a feature called Total Cookie Protection that isolates each website's cookies so they cannot share information with each other across sites. And Chrome's Manifest V3 extension framework has limited what content blockers can do, which is why the full version of uBlock Origin no longer works on Chrome. Raymond Hill had to build a stripped-down version called uBlock Origin Lite for Chrome users. On Firefox, the full version runs without restrictions.

I switched from Chrome to Firefox in about two minutes. Firefox has a built-in import tool that brings over your bookmarks, saved passwords, and history from Chrome automatically. Every Indian website I use works identically. SBI Online, Aadhaar services, DigiLocker, Flipkart, Swiggy, Zomato, IRCTC. The idea that certain websites only work in Chrome is mostly outdated now, at least for consumer sites in India. If you have to stay on Chrome because your office IT department requires it, the four extensions I described still help significantly. But if you have a choice, Firefox with these extensions is the strongest privacy setup you can get in a mainstream browser without spending a rupee.

My Setup Now vs Six Months Ago

Six months ago, I was browsing the internet with Chrome, no extensions, no ad blocker, no password manager, and the same password on every website. I cleared my cookies once a month and thought that was enough. I had no idea how much data was being collected every time I opened a web page. Every shopping search, every health query, every job listing I looked at was being logged and profiled by dozens of companies I had never heard of.

Now I use Firefox with uBlock Origin, Privacy Badger, Bitwarden, and Cookie AutoDelete. The tracker count on most websites sits in the single digits instead of the double or triple digits. Pages load noticeably faster. I have not seen a targeted ad that felt eerily specific in months. Every account I use has a unique password that I do not have to remember. And I did not spend a single rupee on any of it.

I set up the same configuration on my wife's laptop and on my mother's computer during a trip back to Chennai. My mother is not comfortable with technology. She has not noticed the extensions at all, which tells you something about how well they work. They run silently. They do not demand attention. They do not throw pop-ups asking you to upgrade to a premium version. They just block things quietly in the background.

I also installed Firefox with uBlock Origin and Bitwarden on my father's phone, replacing Chrome. He had been using Chrome for years. After I showed him the tracker count on Cricbuzz, which was over 70, he agreed to try Firefox. That was three months ago. He has not once said anything feels different or complained about a website not working. The only thing he noticed was that pages seem to load a bit faster, which he attributed to Airtel improving the network in his area. I did not correct him.

The total time investment for setting up four people across five devices was about an hour. Most of that was migrating my own passwords into Bitwarden. For my mother and father, the setup took five minutes each because they were starting fresh with fewer accounts. The cost across all five devices was zero rupees. That number still surprises me, given how much the antivirus and security industry charges for products that often do less than these free browser extensions.

Browser with privacy extension icons in toolbar actively blocking trackers

Problems I Still Have Not Solved

I do not want to give the impression that installing four extensions made everything perfect. It did not. There are tracking methods that no browser extension can fully stop.

Fingerprinting is the big one. Even with Privacy Badger and uBlock Origin running, sophisticated fingerprinting scripts can still identify my browser with reasonable accuracy based on hardware characteristics, canvas rendering, WebGL data, and audio processing fingerprints. Firefox's Enhanced Tracking Protection blocks some known fingerprinting scripts, but new ones appear constantly. I have tried the Tor Browser, which is specifically designed to defeat fingerprinting by making all users look identical, but it is too slow for daily use, especially on Indian internet connections. Using it for general browsing with sites like Flipkart and Swiggy is not practical.

Mobile tracking is another area where extensions can only do so much. Apps on my phone bypass the browser entirely. When I open the Swiggy app or the Amazon app, uBlock Origin cannot touch the tracking that happens inside those apps. The only way to limit in-app tracking on Android is through the system-level privacy settings, which Google has been slowly improving but which still give apps significant room to collect data. On iOS, Apple's App Tracking Transparency framework is better, but I use Android, so that does not help me directly.

Login-based tracking is the hardest to avoid. When I log into Google, Facebook, or Amazon, those companies can track everything I do on their platforms regardless of what extensions I run, because I have identified myself by logging in. Google knows every search I make while signed in. Amazon knows every product I view. Facebook knows every interaction on its platform. Extensions block third-party trackers on other websites, but they cannot do anything about first-party data collection on the platforms you are actively using. The only solution is to not use those services, which is not realistic for most people.

Email tracking is still a nuisance. Marketing emails from Indian e-commerce sites almost always contain tracking pixels that report back when you open the email, what device you opened it on, and sometimes your approximate location. I have not found a great solution for this in Gmail's web interface. Disabling image loading in emails blocks the pixels but also breaks the layout of every email. Some people use email clients like Thunderbird with remote content disabled by default, but that is more friction than I am willing to add to my daily routine right now.

And then there is the simple reality that my ISP, whether it is Airtel or Jio or BSNL, can see every website I connect to even if they cannot read the content of encrypted pages. A VPN would hide that, but good VPNs cost money, and free VPNs are almost universally terrible for privacy. I have been looking at Mullvad and ProtonVPN, both of which have strong reputations, but I have not committed to paying for one yet. That is probably my next step.

The trackers have not disappeared. They are still on every website, still trying to load, still logging what they can. But the difference between running a bare browser and running one with three good extensions is massive. Not perfect. But massive.