Don't use Adblock Plus. Use uBlock Origin. Adblock Plus has a strange design flaw that they would have to rewrite the script over. Basically it uses one giant CSS document to strip out the ads, and it uses the same CSS document on all websites you view. It can cause some serious performance issues with your browser. uBlock Origin uses the same blocklists, yet splits it up into smaller chunks of relevant CSS for each website. It has all the same features and then some, and also has major performance gains. Honestly if you really want to lock down your browser, Ghostery isn't the solution either. uBlock's default deny mode is for the really insane (IE: me). Mix that with NoScript and you don't need any additional blockers, and in theory you don't even need NoScript.
The problem with NoScript is you have to know what you're doing if you want to keep your browser compatible with... anything. The minute you have a form or an external request, NoScript kills the shit out of it until you spend a lot of time training it. Ghostery, for its part, runs most stuff out of the box... and when it doesn't, you can pause or whitelist and things get magically better.
uBlock Origin on default deny requires much more training than NoScript. Here's slashdot.org without training on uBlock default deny (left) and NoScript without training (right): Default deny basically requires you to train every website you visit individually, and it does it for not just Javascript, but also CSS, images, and other static external content. So NoScript will have you allow a domain but you are allowing it on every website. For instance, if it pulls jQuery's code from jquery.com and you allow it on Site A, Site B which you've never visited will end up running Javascript from jQuery as well. So basically, all I had to do with slashdot was pretty simple, I added fsdn.com which is slashdot's content distribution domain and it displays the same as the right. In most cases this is pretty easy and quick to do, but it many cases I don't even bother since the page ends up loading 20 times faster without the ridiculous CSS overhead that they end up pushing. It's not necessarily that the web is requiring more overhead because technology itself requires it, but because web developers are getting lazier at optimizing their code and also that more and more people are using heavy external libraries. The reason that this matters in terms of tracking is readily apparent after using default deny mode. It's amazing what percentage of the internet uses Akamai, Amazon, CloudFlare and the like to serve simply their CSS. It's also incredible how many major websites will not host their own copies of jQuery, but pull from jquery.com directly, or how many websites use ajax.googleapis.com. Even if you block the Javascript tracking of Facebook like buttons, the image might still get pulled off their servers. There are many other cases of this, but basically every major website now has your browser pull from some sort of shared domain that a large portion of the internet uses. So basically, in order to track and monitor you, all that needs to happen is they monitor the HTTP requests on these bottlenecks or these bottlenecks end up selling your data to advertisers. You can use all the Javascript based tracking blockers you want, and none of those will block this form of invisible passive tracking. Ghostery will not protect you from this, and nothing that is blacklist based can either because the web is semi-unusuable without manual intervention for this type of blocking. As I said, it's for the completely paranoid and insane like myself :). I also run Firefox in multiple SELinux sandboxes, and you really don't want to know the amount of scrubbing that image above had to go through before I'd post it, so really it's not a good thing to use me as a benchmark of practical internet use.
Honestly, once you hit the internet, from a tracking point of view, you are fucked. Your ISP is tracking you, connecting your modem with behavior. So you would need to use free wifi and change locations... except then we only need to connect times and security camera footage. This should be its own thread as running down the paranoia hole is fun and creepy. You use adblockers and script blockers not to stop tracking, but to prevent malware and virus infections. And reducing exposure to advertising in general makes you happier in the long run.The reason that this matters in terms of tracking is readily apparent after using default deny mode. It's amazing what percentage of the internet uses Akamai, Amazon, CloudFlare and the like to serve simply their CSS. It's also incredible how many major websites will not host their own copies of jQuery, but pull from jquery.com directly, or how many websites use ajax.googleapis.com. Even if you block the Javascript tracking of Facebook like buttons, the image might still get pulled off their servers. There are many other cases of this, but basically every major website now has your browser pull from some sort of shared domain that a large portion of the internet uses.
I appreciate all this, but I spent two weeks trying to get NoScript to behave and 10 minutes replacing ABP with UO. NoScript was hands-on and tedious while UO was utterly transparent. It's entirely possible that I'm running a different level of paranoia than you... but I guess that's kind of my point. At the level of paranoia most users operate at, UO is a lot less of a hassle. What level of paranoia we should all be at is a whole 'nuther discussion...