>Fraud? Malware? What does this have to do with adtech?
A lot, actually. There are many vectors in which adtech and fraud/malware intermingle:
> XSS Attacks:
When your website loads HTML into a page without encoding it first, someone can insert HTML script tags that your browser will parse successfully, allowing arbitrary Javascript to execute in your browser. Malicious actors will then usually redirect you to further unsafe pages that will initiate more downloads or (depending on circumstances) compromise your active user session or credentials. All you need is an ad network that didn't take precautions for a malicious ad and you're serving malware to all downstream users.
>True Clickbait with a malware payload:
Less common nowadays in the sense I mean: Ads that are literally designed for you to click on them, giving the same result as above. We're talking things like "Punch out Osama Bin Laden!" from the early 2000s or "Click here to win a prize!" affairs, where there's no reason a user ought to be clicking on the ad except that they were, quite literally, baited into doing so.
>Normal Clickbait with a malware payload
Create some "interesting content", that just happens to also do all of the above. Miracle cures, "BIG cost savings", poorly vetted porn-ads, and so on. A lot of internet chum is of this type, and there's a great article analyzing it [1]
>Literal Scams:
Many ads presented on websites prey on low information individuals, the elderly, or the young, all of whom are less likely to know any better.
My point is, all of the above is served, with some regularity, over many ad networks today. This means in some sense, many ad networks are responsible for the ads they serve and the damage they cause their users; if not legally, at least morally.
Safe frames are not the general solution that you make them out to be.
First, site owners have to actively choose to use safeframes. My personal opinion, just based on people I've spoken with about this, is that most businesses and individuals who run websites treat their ads as a black box and their security as an afterthought. This means any solution for security that isn't by-default and that non-technical site owners have to turn on themselves, with near total certainty, isn't going to be protecting users.
Plus, not all ad networks support it as of June 2017 [1]. In my view, it's less a solution than a "literally-crafted-by-the-ad-industry" [2] externalization of responsibility for users getting hacked due to poor network policing.
A lot, actually. There are many vectors in which adtech and fraud/malware intermingle:
> XSS Attacks:
When your website loads HTML into a page without encoding it first, someone can insert HTML script tags that your browser will parse successfully, allowing arbitrary Javascript to execute in your browser. Malicious actors will then usually redirect you to further unsafe pages that will initiate more downloads or (depending on circumstances) compromise your active user session or credentials. All you need is an ad network that didn't take precautions for a malicious ad and you're serving malware to all downstream users.
>True Clickbait with a malware payload:
Less common nowadays in the sense I mean: Ads that are literally designed for you to click on them, giving the same result as above. We're talking things like "Punch out Osama Bin Laden!" from the early 2000s or "Click here to win a prize!" affairs, where there's no reason a user ought to be clicking on the ad except that they were, quite literally, baited into doing so.
>Normal Clickbait with a malware payload
Create some "interesting content", that just happens to also do all of the above. Miracle cures, "BIG cost savings", poorly vetted porn-ads, and so on. A lot of internet chum is of this type, and there's a great article analyzing it [1]
>Literal Scams:
Many ads presented on websites prey on low information individuals, the elderly, or the young, all of whom are less likely to know any better.
My point is, all of the above is served, with some regularity, over many ad networks today. This means in some sense, many ad networks are responsible for the ads they serve and the damage they cause their users; if not legally, at least morally.
[1] https://www.theawl.com/2015/06/a-complete-taxonomy-of-intern...