I wrote both comments. There are billions of impressions but a single creative is not seen by that many. The point is that the scale is too large to validate on the publisher side.
It seems to me there are two solutions to this problem:
* remove the ability for 3rd parties to abuse their automatic powers (ie disable their ability to inject JavaScript)
* or have a human manually vet every creative
The problem here is you neither want to control their access nor take responsibility for monitoring their access. So the blame equally lies with yourselves for not managing an easily exploitable vector of attack.
If this were any other system, eg VPN, security professionals would tear you a new asshole and point out just how irresponsible your lack of management is.
You’re only excuse here is greed and frankly I’m disgusted.
Major ad networks already vet every creative. The problem is javascript which can change at anytime. Banning javascript in creatives is not a technical problem, it's a business and politics problem. Same with just about every other issue in adtech.
I'm not sure who you think I am or why you're accusing me but none of this is down to a single person.
* remove the ability for 3rd parties to abuse their automatic powers (ie disable their ability to inject JavaScript)
* or have a human manually vet every creative
The problem here is you neither want to control their access nor take responsibility for monitoring their access. So the blame equally lies with yourselves for not managing an easily exploitable vector of attack.
If this were any other system, eg VPN, security professionals would tear you a new asshole and point out just how irresponsible your lack of management is.
You’re only excuse here is greed and frankly I’m disgusted.