[wlesieutre]

Not just arbitrary JavaScript, arbitrary JavaScript where they can’t easily even see where it came from! Sheesh.

Could we require advertisers to sign their ad code to have a trail of where it came from, prevent tampering, and make it easier to pull the plug on bad actors?

The people bearing the costs of the internet ad economy aren’t the people in any position to do anything about it. So there’s very little pressure to fix anything.

Maybe if the US government started threatening to enact something like GDPR unless the a democratic industry gets its shit together.

[manigandham]

Large adtech demand/sell side platforms do not want to remove these bad actors because they make money on percentage of spend. They are incentivized to increase volume and ad spend at all costs, and there is no regulation to stop them from doing otherwise by continuing to deal with shady companies and known malware techniques.