On Sun, May 3, 2026 at 6:34 PM Carlton Samuels <carlton.samuels@gmail.com> wrote:

"To many people, myself included, the use of digital fingerprinting and tracking of personal details across different websites is as abusive as phishing and almost as abusive as malware sites."

 

Which explains the hard trek to meaningful change emerging at the platform level, resulting in the drive to mutate end users from passive taker to active the [self] defender Evan is suggesting At-Large should be promoting.


In the interest of keeping expectations low for Mohibul's project, I'll be happy if we can merely be supported by ICANN in calling attention to these options. The leap from education to advocacy can wait until we get that far.
 

Proactive control preventing connections to fingerprinting infrastructure and reduce the exposure of user metadata before it ever reaching the browser valorize public DNS resolvers such as Cloudflare (1.1.1.1), Control D and AdGuard.


Important note: Although it is best known for its unique IP address, Cloudflare (1.1.1.1) does not protect against malware, tracking or ads. Its primary benefits over the use of ISP resolvers are in speed and (for providers of Internet services rather than consumers) heightened DDoS resilience. It has a free tier but most usages of this service are paid.

More appropriate here is Cloudflare's 1.1.1.1 for Families, a free service. To use this one would point at 1.1.1.2 to block malware or 1.1.1.3 to block malware and adult content. Critically, none of the Cloudflare services block ad or tracking servers. Another popular service that does this (block malware but not ads or tracking) is the Swiss nonprofit Quad9 (unsurprisingly, 9.9.9.9).

To block ads and trackers one needs to go to services such as AdGuard and NextDNS. Both are paid services but the NextDNS free tier will work for those who do fewer than 300,000 queries per month. Control D appears to be the only one that offers ad and tracker blocking for free (though paid tiers enable more-detailed configuration). There is also a solution based on adding a Raspberry Pi to your home network but it requires serious geek zen and is somewhat rudely named.

SSAC 127 also makes mention of blocking capabilities built into most browsers (section 2.1) that don't require any user configuration at all. While all of the mainstream browsers have basic malware protection they are less comprehensive and less current than using the public-DNS method. And just as SSAC 127 avoids mentioning use of personal DNS blocking to thwart tracking and invasive ads, it makes no mention of browser-based approaches to this issue either. Ublock Origin is one of the most-popular extensions for Firefox, though its Chrome version is neutered because ... Google.

While not in the mainstream, Brave and Vivaldi (and a number of good but lesser-known browsers) come with ad and tracker blocking built in.

This is all information I believe belongs in any At-Large education program. We don't need to advocate it, just letting the public know that such options exist would be achievement enough at this stage. And we could likely get support (if not sponsorship) from some of the DNS providers mentioned above.

- Evan