[alexbock]

Intentionally disabling security settings for your entire application just to allow advertising from companies who haven't upgraded their infrastructure seems quite user-hostile. Google is a big supporter for HTTPS, strong certificates, etc., but apparently only when it doesn't affect their bottom line. If Google told their advertising networks that they need to be using HTTPS or they won't be available for iOS users they would probably get secure connections up and running pretty quickly.

[dijit]

I'm going to copy my comment from below verbatim because that one is being downvoted and this one isn't despite saying the same thing.

---

[Google] are first, and foremost, the worlds largest advertising company. This is how they make their bottom line and it will come at the detriment of anything else. however, they value reputation too- so it's likely this will be fixed in future. But let's not throw exaggerations around. Google are not "for the people" but they're not against them either. Google are the new lawnmower[0] except they generally do things we like right now. [0] https://youtu.be/-zRN7XLCRhc?t=2084

[uxp]

At my last job, we did something similar to what iOS 9 is now doing, where we migrated a survey engine to serve all forms over https. There was high fiving and champagne all around the engineers desks, while media was freaking out that their impressions took the sharpest reverse-hockey-stick in the world. Ad networks are seriously the worst when it comes to https traffic. Given the dozens of redirects and pixel injections and iframes slapped into a media page, it's nearly impossible to serve secure traffic since it only takes one network to downgrade the https request to http and then the page is "broken".

[acqq]

> Given the dozens of redirects and pixel injections and iframes slapped into a media page, it's nearly impossible to serve secure traffic since it only takes one network to downgrade the https request to http and then the page is "broken".

You mean, then the specific ad is broken, as long as its ad router isn't fixed to use https?

[fein]

Ever worked with affiliate ad funnels before? Everything looks like it was coded by the bosses 14 year old son. Pages served under https containing tracking pixels under http, iframes sourcing http endpoints, various obscure analytics setups without any semblance of ssl...

And when all your impression pixels are refused because of insecure content warnings (because your server is serving over https), your impressions stats dive harder than a lead zeppelin.

What's broken is the total lack of standardization for any of these companies, which makes sense given that most of these guys are slinging diet pills and brain supplements to the LCD; Great devs don't usually gravitate to industries like that.

[wlesieutre]

Right, the browser gives you an "Only secure content is displayed" notice and the page works fine.

[alanh]

Who or what exactly do you refer to as “media”? Is this what this company called their advertising division?

[uxp]

The people who monetize content and the viewing of content. Generally for places where impressions and traffic sourcing/funneling to a site is a higher stream of revenue than selling or marketing to customers. Think of Gawker, not Uber.