Back to articles

Ad blocker extensions reviewed: Stands AdBlocker, Poper Blocker & safer alternatives

Some ad blockers that sell your data are among the most installed on Chrome. LayerX flagged 12 — here's the breakdown of the worst and safer 2026 alternatives.

Maxim Kosterin
8 min read

You installed an ad blocker to stop companies from tracking you. The brutal irony? Some of the ad blockers that sell your data are among the most installed on Chrome — and it's completely legal.

In April 2026, LayerX Security analyzed roughly 9,000 Chrome Web Store extensions with published privacy policies and found 82 that explicitly reserve the right to sell user data. At least 12 of those are ad blockers. Together, the 82 extensions reach 6.5 million users. The disclosures are in the privacy policies — written in legal language that almost nobody reads before clicking "Add to Chrome."

This is a different flavor of privacy threat from the malicious campaign I covered in my earlier piece on browsing history exfiltration. Those extensions stole data covertly. The ones below are doing it with disclosure. The outcome for your privacy is similar, but the mechanism is harder to fight.

Here's the breakdown of the worst ad blockers in LayerX's findings, what the safer alternatives look like, and how to check which category your current setup falls into.


TL;DR

  • LayerX found at least 12 Chrome ad blockers whose own privacy policies explicitly allow selling user data
  • Stands AdBlocker (3M users) collects data for "market analytics purposes," per LayerX's analysis of its privacy policy
  • Poper Blocker (2M users) sells behavioral profiles including inferred health conditions and sexual orientation, per LayerX's research
  • uBlock Origin and AdGuard AdBlocker are open source, have no data monetization, and are better at blocking anyway
  • Both Stands AdBlocker and Poper Blocker have not publicly responded to LayerX's findings as of the time of writing

How ad blockers that sell your data actually work

Ad blockers need broad access to work. To intercept network requests and inject blocking logic into pages, they require either <all_urls> host permissions or the Manifest V3 equivalent — declarativeNetRequest with broad rule sets. That access is legitimate for ad blocking. It's also the same access that makes an ad blocker an ideal data collection tool.

Standard ad blocker permissions give the extension visibility into every URL you visit, every page you load, and the content of those pages. A well-intentioned extension uses this to block trackers. A data-monetizing one uses it to observe your browsing patterns, package them up, and sell them.

The distinction isn't in what they can do technically. It's in what they choose to do with that access.

Stands AdBlocker: 3 million users, "market analytics" sales

Stands AdBlocker is one of the most installed ad blockers on the Chrome Web Store — 3 million users, solid ratings, and a name that shows up on mainstream "best ad blocker" roundups.

According to LayerX's analysis of its privacy policy, Stands AdBlocker explicitly reserves the right to sell user data for "market analytics purposes." That's the phrase to key in on. In practice, it means your browsing behavior — what sites you visit, when, how often, what content you engage with — can be packaged and sold to market research firms, analytics companies, or any other paying customer.

The extension blocks ads. That part works. But there's a second business running on the side, built on your activity.

Stands AdBlocker has not publicly responded to LayerX's findings.

Poper Blocker: behavioral profiles including sensitive categories

Poper Blocker has 2 million users and appears alongside Stands on plenty of ad-blocker recommendation lists. The data practices LayerX found in its policy go further.

Per LayerX's analysis, Poper Blocker's privacy policy covers selling behavioral profiles that can include inferred health conditions and sexual orientation. These are among the most sensitive data categories that exist — the kind many people would consider deeply personal. Finding them in an ad blocker's data monetization clause is not what most people expect when they install a tool that's supposed to protect their privacy.

Again, the extension works as an ad blocker. The issue is what's being sold using the access it already has.

Poper Blocker has not publicly responded to LayerX's findings.

The QVI streaming tracker network

Beyond ad blockers, LayerX identified what they call the "QVI Empire" — 24 extensions belonging to the Quality Viewership Initiative that harvest streaming viewing history from Netflix, Hulu, Disney+, Amazon Prime Video, and HBO Max. These extensions target around 800,000 users. I dug into that network separately in my review of QVI streaming-enhancement extensions.

Most are framed as productivity or viewing utilities. What they actually do is feed your content consumption patterns into a commercial viewership database. If you've installed anything that tracks your watch time or recommends streaming content, it's worth checking whether it's part of this network.

The Chrome Web Store labeling gap

One detail from LayerX's report is worth calling out separately: at least one extension — Dashy New Tab — carries a "does not sell your data" label on its Chrome Web Store listing. Its actual privacy policy says "Sold or Shared: Yes."

This is a direct contradiction between what Google's store displays and what the developer's own policy says. The Chrome Web Store currently relies on developer self-reporting for privacy practice labels. There's no verification. As of the time of writing, Google has not publicly addressed this specific case.

That makes the store's privacy labels essentially untrustworthy for distinguishing data-selling extensions from ones that don't.

The safer alternatives

The good news is that the two most effective ad blockers also have clean data practices.

uBlock Origin remains the security community's go-to recommendation. It's fully open source — every line of code is readable on GitHub — and makes no network requests outside of updating filter lists. There's no data monetization in any form because the business model doesn't require it. uBlock Origin's filter list architecture is also simply more effective at blocking than most alternatives, including the ones that sell your data.

One thing to be aware of: Google is restricting Manifest V2 extensions through 2026, which affects the original uBlock Origin. uBlock Origin Lite is the MV3-compatible version. It's less aggressive by default due to Manifest V3's limitations on dynamic request blocking, but it still doesn't collect or sell anything — and it's actively maintained.

AdGuard AdBlocker is the other solid option. Also open source, actively developed, and with no data selling in its privacy policy. AdGuard has a premium desktop product with a subscription, but the browser extension is free and doesn't monetize your browsing. It handles cross-browser compatibility well and runs on Firefox and Edge without any issues.

Both extensions are the opposite of Stands AdBlocker and Poper Blocker in one fundamental way: their revenue doesn't depend on what you do online.

The framing here is important. These extensions aren't hiding anything from regulators. They disclose the data selling in their privacy policies — the catch is where that disclosure lives.

When you install an extension from the Chrome Web Store, there's a brief privacy summary, but the actual substance is in full-length legal documents. As LayerX noted: "Most policies don't say 'we sell your data' but rather 'we may sell,' which is a legal hedge that means your data can be sold at any time, and you already agreed to it."

You agreed. Most people just didn't know they were agreeing to it.

Interestingly, LayerX's analysis found that 71% of Chrome Web Store extensions publish no privacy policy at all. The data-selling extensions are actually being more transparent than most — they've just made that transparency as hard to find as possible.

How to check your current ad blocker

The fastest route: search for your extension on Extenshi's catalog and check the privacy scan. The catalog flags broad data-collection permissions and surfaces privacy policy metadata for extensions in the index.

If you want to go manual: find your extension's privacy policy, then Ctrl+F for "sell," "share," "third party," "market," and "behavioral." Read every sentence those terms appear in. This takes about five minutes and tells you more than any star rating.

Final recommendation

Ad blockers are supposed to work for you. The 12 that LayerX identified in this research have a second function that works for someone else — specifically, whoever pays for the behavioral data they collect.

If you're currently running Stands AdBlocker or Poper Blocker, switch to uBlock Origin or AdGuard. You'll get better ad blocking and none of the data selling. If you're running something else and you're not sure where it lands, check it on Extenshi before assuming it's clean.

See security reports for ad blockers →


This article is based on publicly available security research and news reporting. Extenshi does not independently verify all claims made by third-party researchers. References to specific companies or products reflect the findings of cited sources and do not constitute accusations of intentional wrongdoing. If you believe any information is inaccurate, please contact us at [email protected].

Related Articles