I'm somewhat familiar with how this works, so I can maybe explain how some of these ads come about and what you can do to keep them secure.
There are three broad sources of information that people are using to link you with some interest or other specific things to sell you targeted ads
1. The computer you're using
2. The IP address that you're using
3. The Account that you're using on a particular website or other service
The computer gets ads based usually on cookies. ABDL diaper companies are actually pretty good about not surprising you with this sort of thing, but, like, imagine that you decide to browse around the Pampers website, or you're looking up diapers on Amazon or Walmart's sites. They might drop some cookies onto your computer that are effectively storing data about what you were doing, and that later ad services will check as part of an algorithm do decide what ads you should see. Note that this isn't necessarily diaper specific, but if you're browsing Pampers a lot, you'll probably get ads via cookies for diapers, baby clothes, home cleaning stuff, maybe children's cereal and similar. You can deal with stuff on your computer in a couple ways. First, browse your ABDL stuff using a private browsing or incognito browsing setting on your browser and (this is important)
close the browsing window when you're done. This is because most private browsing modes store cookies while you're using the private window, but automatically delete cookies from that session when you close the private browsing window. No cookies, no computer-based ads. You can also manually delete cookies. If you're using Firefox, there's also a neat add-on called
Lightbeam that will show you all the third party cookies being added from sites you visit.
Second is your IP address. IP address is a unique number associated with your internet subscription (but typically not computer by computer). In other words, buy a subscription from Comcast for home Internet and you usually are getting one IP address. When you visit a website, the website owner can see your IP address and store it if they want. Most websites do this because it's useful for site analytics (IP addresses are typically the basis for how people figure out how many visitors their site is getting). A website owner can, if desired, retain information about what a certain IP address is doing and serve you ads based on that behavior. This is usually 1st party only, so, like, this is one of the reasons for everybody's google results being a little different than everybody else's even when private browsing, but it's actually not likely to serve you random diaper ads. If you're paranoid about what your IP is doing being retained by other people, there are IP spoofers and proxy servers that you can use to make yourself appear to come from a different IP. It is worth noting though that hiding one's IP is heavily associated with spammers and there are a lot of websites that just block any IPs that appear to be coming from an open proxy (so, like, if you're routing through a data center in the middle of Chicago to hide your IP, you might just be unable to access some sites, or you can access them but not use their full range of services).
Third, there are things you're doing that are being monitored based on some account you have. For example, for a while, Google was scanning emails that people got in gmail and then serving them, and Amazon saves every search you run while logged into Amazon as part of generating it's product recommendations. This information gets routed into weird places sometimes. For example, if you had a bunch of emails about diaper orders in your gmail account and you were logged in, you might see diaper ads on some random other site whose ads were powered by Google analytics. This one isn't entirely avoidable, but your best bet is to separate out accounts for private stuff. For example, make a new email account for your ABDL orders and communications, and don't stay logged into it on any computer that someone else might be using.
Finally, a general note for good security. Make your passwords long and unique for each site. That way, if anybody happens to get hacked, you'll just have to change one thing, and won't be at risk of having a bunch of your other stuff reverse-engineered.