|
|
|
|
|
|
by Cthulhu_
3604 days ago
|
|
|
I can think of a few simple tricks already. One: Host from the main facebook.com domain, either inserting it in the basic html page response from the server, or from an API / content location that cannot be predicted. (ad calls should be indistinguishable from 'normal' content calls). Two, do the same with content locations, so no 'div id="ad"' or anything like that. Should be easy enough. |
|
|
If true I believe that this would actually be an important improvement. This removes some plausible deniability regarding malware and other abuse; Facebook (or whomever else adopts this scheme) must guard more carefully against abuse when the content is coming from their own domains, as opposed to some third party.