
A New Wave of Bad Ads Is Hijacking Even Top-Tier Websites (2018) - colinprince
https://www.fastcompany.com/40516897/a-new-wave-of-bad-ads-is-hijacking-even-top-tier-websites
======
fortran77
This is why I block ads. I have nothing against advertising. I wouldn't object
to reading an article in the NY Times and seeing an ad for Ford's new car, or
a new Pixar movie. But I can't take the risk of having malware installed on my
computer, or accidentally clicking somewhere and being fooled, swindled, or
misled.

------
_ph_
It is the same story over and over again. Yes, for a business running a
website of any sorts, it is easy money just to include ads from an independant
(from you) ad provider. By just signing up and including the necessary scripts
into your web site, the money keeps coming without any further effort
necessary. This is also the reason, we have so many new web sites popping up -
just by attracting traffic you can make money.

But the downside - at least for any legitimate business like newspapers - is,
that you are selling out your estate to someone you do not control. And as
experience shows, the ad providers mostly don't deserve the trust which they
are given. As a consequence, ad blocking more and more becomes an act of self-
defense.

What is needed is the return of running ads like printed magazines did - the
inclusion of the ads needs to be part of the editing process and curated by
the publication. They need to take up full responsibility and liability for
the ads they serve. And as a consequence, ads might be actually get looked at
again. Personally, I am much more likely to look at a printed ad and usually
it is much more relevant than the "targetted" crap we get to see on the web.

~~~
kevin_thibedeau
This is the only acceptable ad:

    
    
        <a href="ad.site"><img src="foo.png"></a>
    

I will keep blocking until the industry changes to this.

~~~
JMTQp8lwXL
Don't advertisers need to be able to run JavaScript on the page to ensure the
page hit was actually seen by a user? Otherwise, I could HTTP GET "foo.png"
all day. The advertiser could be paying big dollars, and the website serving
the ad could tell the ad company "yeah, we showed foo.png 10,000" times
without having a way to verify it.

~~~
marcosdumay
You can easily see how many people coming from that ad brought your product.
Why would you care about the origin statistics?

~~~
JMTQp8lwXL
The Origin header can be spoofed. The point is, if advertisers don't have
confidence the number of time an ad is shown is legit, then the site hosting
the ad has all the power.

------
rchaud
I have visited a small soccer message board (roughly 5k users) every day since
2012. They sell their own ads, and every ad is a static banner image, hosted
on that board's domain. I'm happy to keep adblock off on that site. It's about
as old school as it gets.

I can't imagine they make much money at all, but for me, the user, it's nice
to go someplace with a smallish online community where I don't feel like I'm
being tracked or have to put up with the zero-QA dumpster fire that is
programmatic advertising.

~~~
naravara
The interesting part is I feel like sites that do this cultivate a lot more
trust in the products they’re advertising. It’s fewer impressions maybe, but
having a publisher who actually stands by their ad buys does a lot to confer
legitimacy, especially for brands or companies that aren’t well known.

------
bsg75
> Unlike in print or broadcast media, where advertisers and agencies that
> represent them can submit ads directly to publishers for review, online ad
> space is typically bought and sold through complex systems of intermediaries
> and exchanges.

Yes, outsourcing the control of content that appears on your site will likely
result in quality problems.

I'm aware that such practices can benefit small business with ad revenue, but
if the "top-tier" wants to avoid the problem, they have the resources to self
manage it. Provided they are willing to invest in producing quality content
AND relevant, legitimate advertising.

~~~
s3r3nity
As someone that has done consulting in a past life for ad-tech, I think you're
severely underestimating not only the effort involved to keep this type of ad
sales team + ad-operations + ad-tech in-house, but the _significant_ margin
gain for potentially a higher quality experience for the user.* As in, it's a
very non-linear gain for going with an ad-network rather than try to hire and
build that much talent + capital respectively. And that's just for _one_
publisher - imagine if every single publisher had to do this!

*The hypothesis here is that a more targeted ad experience is better for me, as a user, rather than some generic ad that I would see in a newspaper, where everyone sees the same thing (hence your "relevant advertising" note.) If you don't believe this to be true, then some folks on the Executive team at Alphabet would _love_ to talk to you about how Google's whole business model is built on a lie.

~~~
phicoh
The lie is that users like targeted ads.

Most people buying ads believe that targeted ads give better results. But that
doesn't mean that people like to be followed by ads for something they just
bought.

Let alone all the privacy violations where if somebody can see you web
browser, they can see from the ads what you have been doing recently.

------
kabdib
Ironic that the first paragraph or so of that article was unreadable because
of overlying ads.

~~~
inetknght
I didn't have any trouble with that with javascript off and using reader mode.

------
keiru
Seemingly related: "Why is Stack Overflow trying to start audio?"
[https://news.ycombinator.com/item?id=20288768](https://news.ycombinator.com/item?id=20288768)

------
ralphc
The peak of this was Forbes who made you turn off ads & served you malware;

[https://www.extremetech.com/internet/220696-forbes-forces-
re...](https://www.extremetech.com/internet/220696-forbes-forces-readers-to-
turn-off-ad-blockers-promptly-serves-malware)

[https://news.ycombinator.com/item?id=11455031](https://news.ycombinator.com/item?id=11455031)

------
aitchnyu
OpenX and co throws money in the cat and mouse game to police ads that seem
decent but pounces on grandmas in Azerbaijan using a 4 year old Android by a
defunct phone maker on Christmas eve. What is the reason for using Javascript
instead of a dumb img tag? What is the reason for platforms to allow
advertisers to push malware to user instead of their own impression tracking
scripts?

------
HillaryBriss
the complex online advertising system _...allows [malvertizers] to precisely
target ... users who have unpatched operating systems or browsers ..._

I do not find this reassuring.

------
CommieBobDole
From the article:

"But experts say the problem isn’t with lack of discernment on the part of
site publishers but with an extremely complex online advertising system that
makes it hard for publishers involved to detect, let alone weed out,
misleading and malware-laden ads."

Which is crap. It's your site, you're responsible for what you run on it. If I
ran a store, and the guy from the company that cleans the floors occasionally
stabs customers in the face, nobody would accept me shrugging and saying
"well, it's really hard to tell which companies employ face-stabbers so I
guess you're just going to get some face-stabbing every once in a while.
Sorry".

If you go to a site and you get malware from an ad network, it's because the
site owner doesn't care if you get malware from an ad network. Full stop.

~~~
cwkoss
Well said.

If you don't want to be criticized for sending your customers malware... get
better control over the the third party scripts on your site. Trusting a
negligent third-party actor is negligent in itself.

If NYT is willing to sell out it's readers to sketchy internet ad providers,
what assurances do we have that they won't also sell-out readers to
intentional paid propaganda? Slippery slope for an organization rooted in
journalistic integrity. Does management have controls in place for this?

~~~
GoRudy
We've had spam originate from google in the past, honestly they're by far the
best source of good quality demand and even they occasionally have spam get
through.

Better control of third party scripts is a good point, minimize the number of
networks and focusing on quality is important but it's not a guarantee
spammers won't get through.

~~~
cwkoss
Google is negligent in failing to block malware ads. They chose how to build
their system, and they could have build a system without this vulnerability
(but it would be less profitable). Just because they are the biggest certainly
doesn't mean they are ethically innocent here.

They choose to maintain a business model that requires third party scripts -
which is a conscious decision to harm the audience at the expense of their
patrons. Their greed needs to be called out, or else people will continue
using them as a shield against any critical call for improvement in the fraud-
rampant online ad economy.

Google may be the best there is, but that says more about the lack of morals
in the ad industry than Google's high-ground.

------
vanadium
(2018)

------
FerretFred
Luckily uBlock Origin and Privacy Badger blocked 39 trackers in that article!

~~~
ASalazarMX
My god, you weren't kidding! 23 requests blocked just by uBlock Origin alone.
That's not advertising, that's a shotgun.

~~~
cwkoss
I really want an ad-ware fuzzer. Whenever a website makes a request to a third
party script, unless whitelisted, fuzz the contents of the request. Re-fuzz a
several dozen times and resend each to make ~100 entries.

I don't like my data being collected, and my voluntary participation in their
scheme does not preclude poisoning their dataset. Let them filter the crap
out. I wish there was a more adversarial adblocker.

~~~
GonzaloQuero
Isn't that what AdNauseam does? [https://adnauseam.io/](https://adnauseam.io/)

~~~
bsaul
As the original article mentioned, some of those ads actually includes
malware. I wouldn't feel safe using an extension that actually clicks on every
single one of them (even if on the background and dismissing the response).

