1. 17

  2. 4

    This is why I recommend everyone use an ad blocker. Not privacy, not a categorical opposition to advertising, but because the ad networks have terrible quality control. They let nonsense like JavaScript injection, coin miners, and simple fraud through all the time.

    Television advertisements have legal and network-wide controls in place to ensure that the ads don’t lie. This isn’t from a place of the goodness of their hearts, but rather because if people don’t trust ads to live up to even a minimal amount of truth (“puffery” is okay, but claiming to relieve headaches without clinical trials, or simply eating your money and riding off into the sunset, are not), then they won’t actually buy anything.

    Internet ads, on the other hand, are as likely to deliver fake antivirus products and phishing attacks as non-advertised sites are, and they get mixed in with sites that are otherwise good. I’m never going to intentionally click a banner ad, because I don’t trust them, and they’re not as relevant as the organic results are. So why would you want to see them?

    1. 4

      It’s also an amazing distribution channel for malware. You can programmatically select by multiples criterions like geography, browser and platform type.

      Say for example you target only devices which you’ve seen the weekend at mar-a-lago and the week at Washington and selectively distribute your Javascript 0 day there. All you need is an Apple IFA and hope that someone plays any game with a viewport embedded.

      It enables any actor to run Javascript on virtually any browser.

    2. 2

      There’s a poor’s man technique to avoid auditing. The third-party ad-tracker (which google don’t control) is configured to have geolocation dynamic dispatching. If the request comes from California/New York (or from a google network block), the tracker forwards to the legitimate site. Otherwise you get to the bad actor site.