Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From a technical standpoint, I don't understand why the adtech companies don't just serve ads via APIs consumed by website owners, and served to clients via the primary domain. This seems like it would obviate current adblocking and third-party cookie blockers.

It would add a bit of technical complexity for site owners, but that seems manageable, particularly for b2b relationships.

Obviously, I hope this doesn't happen, but it seems like an obvious strategy and I don't see the flaw.



"From a technical standpoint, I don't understand why the adtech companies don't just serve ads via APIs consumed by website owners, and served to clients via the primary domain."

I also would like to know why there is so much resistance to this, which was the original model of ads on websites ...

rsync.net stopped advertising, in all venues, about two years ago - mainly because the overlap between "people smart enough to use rsync.net" and "people who don't use an adblocker" is basically zero. Nobody who cares about our product ever saw our ads.

But, of course, we still have some interest in advertising our product and, to that end, I have approached several websites and offered very good money to just insert two lines of plain text on their HTML page. No "network", no code blob, nothing interactive ... no picture ... just an extra line of text, with a bit of it href'd for a link.

Huge pushback on that. No interest. "Impossible".

I really don't understand the responses I've gotten ...


As an example, from LWN.net's FAQ under Advertising

"What happened to text ads? The text ad facility allowed readers to place simple, text-oriented ads on the site. Use of this facility had been dropping over time; when we realized that nobody had bought an ad in over six months, we decided to remove the feature."

LWN would still sell you banner advertising, but they don't do text any more. As with other features that were killed because nobody used them, the interest of a single small buyer won't bring them back because it doesn't make any economic sense.


That's very interesting that you used that example because LWN.net was one of the content providers that we approached.

I figured someone at their organization had the wherewithal to open a regular file in vi and paste in two lines of HTML ... in exchange for money ...

Nope.


> I also would like to know why there is so much resistance to this, which was the original model of ads on websites

My objection to advertising on the net is primarily the tracking that comes with it. I don't use adblockers specifically, but I do block things like Javascript and tracking pixels as much as possible.

Given the nature of modern internet advertising, I would assume that the tracking would be happening regardless of whether the ads were being relayed through the host website or not, and it wouldn't change my security stance.

It would make me much more suspicious of the website, though, as I'd wonder if the site were sharing its log and other data with the ad network. This is pure speculation, but I wonder if websites might be nervous about bringing that cloud of suspicion over them.

I know that if I were asked to include a barebones ad (I assume that it's text-only and doesn't link to an image you host) like you describe on my websites, I'd decline.


"Given the nature of modern internet advertising, I would assume that the tracking would be happening regardless of whether the ads were being relayed through the host website or not, and it wouldn't change my security stance."

I think I'm not describing the proposition I made - it was, literally, paste this line into a page:

<a href="https://rsync.net">rsync.net</a> - Cloud Storage for Offsite Backups

No tracking. No engagement. No stats. No performance tracking. Nothing. Open up a regular file in 'vi' and paste that line into it.

Impossible.


I fear that I didn't make my point very clear. I apologize. I was speculating that perhaps the resistance you're receiving from websites is about a fear of what the website's users may perceive rather than anything wrong with what you're really doing. That's why I would decline the offer on my websites.


If ad-blocking really takes off I expect this to become the norm. It is technically more complicated than just adding adding an adwords element to a web page or something like that, but I do think it'd be considerably more resilient to ad-blocking.

I once had the idea of delivering ads by dynamically injecting them into a video stream. As in, when you load a youtube video it prepends the ad into the same video stream as the main content. Ideally the transition from ad to main content is between key frames so that the ad-blocking software can't fully strip out the ad without screwing with the stream itself.


I figure for your one line of advertising, there's going to be campaign design work, setup effort, teardown plans, ongoing owners, monitoring, coordination internal to the business and external, legal and compliance... Much of that is fixed costs whether they go banner or one-liner.


My guess is to prevent ad-fraud by website owners. It's a lot harder to detect fraudulent clicks/impressions if all data are routed through website.

The cost of potentially blocked by ad blockers is finite (A percentage of total revenue), but the cost of ad-fraud is not bounded.


>My guess is to prevent ad-fraud by website owners. It's a lot harder to detect fraudulent clicks/impressions if all data are routed through website.

Isn't the solution to that problem a flat rate fee (similar to how advertisements on tv, newspapers and magazines work)?

Instead of a pay-per-click it could be a simple $X dollars and your ad will be visible for Y days/weeks.


I don't see how that would work. If my site gets zero traffic, would I still get paid a flat rate to 'serve' ads? Pay per impression/click works to pay proportionally to individual site traffic and the extent of a campaign.

The current solution is effectively a flat rate as far as an ad campaign is concerned: impressions/$


People would either (a) pay to place ads on sites they knew had a decent amount of traffic just from reputation, or (b) would hire ad-buying companies which made it their business to know what different sites' ad space is worth.

Needless to say, this could be inconvenient for the adwords-make-me-five-bucks-a-month scale sites. It'd work out OK for the New York Times-es of the world though.


What would happen if browsers simply didn't allow cross domain referencing? Would the web break (and would it be worse than NoScript)?


I've thought about this before, since NoScript is too disruptive for me. One issue is that it's common for scripts to served from assets.whateverwebsite.com. I also thought of allowing anything from the same second-level domain (so anything on .whateverwebsite.com), but that would allow anything on .co.uk. ¯\_(ツ)_/¯ in Chrome I trust, for now.


Sounds like a job for the public suffix list.


Ooh, cool, hadn't heard of that before! TIL.

But even with the added complexity of regularly pulling in the public suffix list, the problems keep going: e.g., facebook.com's scripts are all served from static.xx.fbcdn.net.


In the same vein: I've never seen a video site that tried to defeat adblockers by inserting ads directly into the video stream. It seems like an obvious tactic; it could even use JS to prevent fast-forwarding the ads, and that would be a difficult thing for adblockers to detect and remove.

The main problem I can see is that you would have to choose between CDN caching and targeted ads. If the video was uniquely generated for each user with new targeted ads, it couldn't be cached.

I know that some podcasts use a technique like this, modifying the audio stream at download time to insert recent ads, even if the podcast being downloaded is old.


Twitch recently started doing something like that, albeit by manipulating the HLS playlist rather than the video files themselves:

https://github.com/streamlink/streamlink/issues/2357


If I'm not mistaken, the reason the YouTube app ads can't be blocked even with something like Pi-hole, is that they do exactly what you're talking about.


I have never seen an ad on YouTube that was not put there by the channel owner "this video is sponsored by PushStuff".


Do you use the YouTube app or the website?


Good question! I forgot there is an app.

I suppose it's much more a hassle to get rid of the ads from the app.


That does exist, it’s called server-side ad injection (more like cancer injection).


This is coming. There's already a couple of startups doing this. A lot of them operate in "stealth" so they don't attract the attention of ad blockers.

There's no API needed, all they require is for the website to set up a CNAME record. They're usually random and rotated often.

If you're familiar with the current arms race in ad fraud, there's a coming arms race for ad blocking.


Indeed. This is one of the reasons why I recently realized that I can actually see the day coming when I won't be using the web anymore. That was a weird realization that only a couple of years ago would have been unthinkable for me.


Right--it could work at the DNS level. Yuck.


> This seems like it would obviate [...] third-party cookie blockers.

Wouldn't this do the exact opposite? Ads that did this wouldn't be able to track clients across different domains, even for clients that allow third-party cookies.

But I think the main issue is the jump in technical complexity, which is more than "a bit"—many, many websites are built by non-coders who can copy and paste a bit of HTML & CSS, perhaps using a CMS or blogging tool like WordPress or Moveable Type, and who can paste in a script tag, but no way could they write even the 3 lines of PHP it would take to reverse proxy for an ad script. Maybe if this approach became popular enough, there would be a standard WordPress plugin or something, but what adtech company would want to be the first to require it?


I block third-party Javascript quite aggressively (for fear of malware). I am much less strict for first-party JS. If this becomes the norm I'd block first-party just like third-party.

As well, obviously the owner of the website becomes directly responsible for malware served through an ad network.

Finally, advertisers prefer third-party to fight ad fraud (by the site owner).



Hmm, good point. Though it's not like we're headed in a particularly appealing direction as it is...


That is what yandex does, but unofficially.


It makes it WAY too easy to generate fake clicks/views.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: