[manigandham]

Billions? No single creative is seen by that many. In fact, with dynamic creative optimization (DCO) and all the optimization that happens, you can easily get creatives that are custom generated and only see by a few individuals or even a single person.

[luckylion]

The comment was referencing the parent: Digital ad impressions number in the billions with 10s of millions of ad creatives

[manigandham]

I wrote both comments. There are billions of impressions but a single creative is not seen by that many. The point is that the scale is too large to validate on the publisher side.

[pushpop]

It seems to me there are two solutions to this problem:

* remove the ability for 3rd parties to abuse their automatic powers (ie disable their ability to inject JavaScript)

* or have a human manually vet every creative

The problem here is you neither want to control their access nor take responsibility for monitoring their access. So the blame equally lies with yourselves for not managing an easily exploitable vector of attack.

If this were any other system, eg VPN, security professionals would tear you a new asshole and point out just how irresponsible your lack of management is.

You’re only excuse here is greed and frankly I’m disgusted.

[manigandham]

Major ad networks already vet every creative. The problem is javascript which can change at anytime. Banning javascript in creatives is not a technical problem, it's a business and politics problem. Same with just about every other issue in adtech.

I'm not sure who you think I am or why you're accusing me but none of this is down to a single person.