[GoToRO]

I'm not sure that ads are the only ones to blame. I think the problem is with the web nature of the... Web. I just looked at a simple Wordpress plugin that implements a Call Now feature for mobile sites (<a href="tel:555555555">Call Now!</a>) and for some reason they include a bunch of scripts from PayPal and what not.

The only solution to this is to have everything on a page come from the same origin.

[biztos]

> have everything on a page come from the same origin

Would that really be so bad?

It's not like you couldn't still hook into an ad network and all that, in fact if I were building something AdSense-like I would love to get API calls from the server instead of worrying about the browser. Things like WordPress could bake that into the server side and nontechnical publishers wouldn't have to even know the difference.

Of course, Google would still "need" to get its Orwellian Cookie somehow, but even that could be trivially done without loading the ads themselves from another origin.

[GoToRO]

It's a problem of trust. If the impressions come from the publisher's server then the publisher is tempted to inflate that number.

[corobo]

> > have everything on a page come from the same origin

> Would that really be so bad?

Yes definitely. Many sites use CDNs and the likes to serve their static files but even if we exclude those with newer technologies (HTTP2 etc) you've still got the big behemoth sites such as YouTube that simply can't serve everything from the same origin. They've got some smart folks over at Google but I'd imagine even they'd have a bit of trouble trying to make that mess work!

[blakeyrat]

Same origin ads can't be independently verified; the ad purchaser would just have to trust the publisher to give them accurate numbers, and publishers have every incentive to exaggerate or just plain lie about their views.

That's basically the reason ad exchanges were created in the first place.