Since everyone is throwing suggestions:
I use RequestPolicy Continued. It blocks all external links. This
practically removes all ads and blocks all spy services, like Google
Analytics and many-many others.
It works by you specifing which domains the site is able to make requests to.
You can see the attempted request when you visit a site.
It requires more maintenance, since you have to explicitly set allow domains.
I find it a good compromise, because it gives complete control. It stops
getting so much in the way after browsing a bit and setting allow rules
around.
When you install it, just make sure to set it to block everything by default
and remove all "Subscriptions" (predefined white lists).
I believe that's how the web should work actually. Web sites shouldn't be
making requests to other web sites in the name of the visitor, without
asking. Unfortunately, since that's how things are now, it takes work to
protect your privacy as a visitor. If you are a web developer - please make
standalone sites.
