Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't see why it's hard. You screen admission of an ad to the auction "floor". Shady javascript/links? You don't get to compete.

Admittedly, this means you need an army of ad moderators, but that's not a hard problem. Social media giants already use an army of underpaid moderators for moderating their platforms, so seems like it's just table stakes for running a platform. Screening ads should be a cakewalk compared to moderating social media.



That's not how it works. It's hierarchical. Someone with an ad to show doesn't send the ad to the web site that wants to show the ad. Instead it just tells that web site "I'll pay $.005 if you show my ad", then if it wins it serves the ad it wants to show. There's no time at that realtime auction to do analysis. The ad doesn't even need to exist as a fixed thing. It can be dynamically generated tailored to the specific user (think of "Come back and shop with us" ads where they show you things you've looked at).


There is a lot more middlemen involved... and at any point they could make a rule that you can only use a certain set of HTML tags and image formats for your ads (none of which include scripts of course).

That would prevent not only most exploits (especially once you re-encode the images), but also simple badly written ads that drive up CPU usage. But it's easier, and allows more middlemen, to simply allow the next party to hand you arbitrary code that may or may not be put into an iframe that may or may not be sandboxed.


> Someone with an ad to show doesn't send the ad to the web site that wants to show the ad

In fact, they do. Creative review is part of most ad platforms. Contextual categorization isn't possible without knowing what the ad is about (and the content it's going to), to various degree.


Google (and others) do screen ads; I think most of the insecure ads are served by smaller, less scrupulous ad networks.


If you want to make money on display advertising, you will grasp for whatever pennies you can get

Google Adsense is not always the highest-paying option for a given impression

There are entire companies that do nothing but figure out quietly, without the publisher's having to do anything, what will pay most at a given moment


I agree with what you're saying, but want to clarify that you're talking about 'AdSense' (the display advertisements), not 'AdWords' (the search ads).


Oops.

I had already edited my post to change "DoubleClick" to "Google Adwords" and I got the product name wrong!


Google serves ton of malware ads, they seem to consider it the responsibility of the users to report them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: