When I browse the web on my Android phone, I get redirected to spam every 10 pageviews or so. And no, it's not a problem of the phone. It's a known issue that ads can break out of their iframe:
I agree fully. I think part of the issue is that the folks submitting ads want to collect a lot of data. They probably don't use that data (or if they do, not well), nor do I trust them to not collect very invasive and unsafe data, but I suspect for many folks that having their own JS payload makes or breaks a possible ad network.
Given concerns about Monero mining, redirects, and other hijinks, removing JS from ads is even more critical now. I think the compromise will be to give ads some kind of network provided hook to get data back to "home" eventually, though then the issues above only shift from the ad provider to the ad network provider.
That combined with requiring all of the assets to be hosted on the ad-network's servers would greatly improve the experience. (mainly because ad-networks are larger companies that the host website has a direct relationship with, so when users complain the site can talk to the ad-network, and the ad network can instantly do something about it)
Sadly, they have no incentive to do that, as those ads would be more expensive to create, most likely make less money, and most users that block ads block all of them regardless of how invasive they are. Adblockers treat all ads the same, and so now advertisers are faced with the choices of:
1. make more shitty invasive ads
2. make "better" ads (better for the user) and make less money while spending more and having users still block them anyway.
This is why I really believe that the "better ads" thing from google and others is a really good idea, because it helps re-align the incentives back with the user in some ways. If that works, shitty ads will be blocked much more widely, while good ads will get more views and more users.
That is a perfect example of the definition of transpiler!
There's also the VPN option. PIA, for example, comes with its own system ad-blocker (MACE) although it's nowhere as good as Adguard Pro (which allows you to use custom DNS server).
I very seldomly watch live ad supported video. I have ad free Hulu. For the two networks that aren't on Hulu - CW and CBS, I watch VOD from them via Plex. Because of the way that the Plex channels work, they skip the ads.
Putting the ad in an iframe without the allow-top-navigation sandbox permission could prevent that. Or if the ad naturally consists of an iframe then a browser extension could intercept the iframe load and add the equivalent CSP rule. Or google could do that themselves.
I think they would still be allowed to open in a new tab.
I was... rather surprised. One of AMP's huge value props is preventing that type of garbage.
I'm also surprised that the publisher did that, I hope that'd be a good way to get blacklisted from the higher search ranking placement.
And now I have FF and uBlock Origin on my phone.