Honestly, I don't understand this reluctance to name wrongdoers, especially for something like this where verifying the wrong is trivial (e.g. load up a client site and find the offending code in source).
It seems to me that the harm is greater not naming names - reputation is important and if you take steps to invade user's privacy then your reputation can and should suffer for it.
"Witch hunt" generally refers to persecution of someone without any regard to whether they're innocent or guilty, so I presume the comment was intended to admonish against guessing which ad companies may be using this technique.
Who are these ad companies is a question that addresses the wrong topic. VP for Internet Explorer effectively said[1] that the vulnerability in Internet Explorer would not be an issue if nobody exploited it.
