As much as Advertisers want to be able to use their own domains to be able thwart fake clicks, this approach leaves them open to ad blocking. At what point with the wish to deliver ads outweigh the want to measure user engagement? Once ads are slipstreamed, adblockers are going to have to get a lot more aggressive, more like antivirus scanning for code signatures.
Thanks to the team (and especially Ray) for keeping us free of performance bogging, malware delivering scripts.
That wouldn't be the worst future though. In my head, once the adverts are being hosted on the website domain, there'd be a lot more incentive to a) NOT deliver malware, and b) NOT have those wearisome video/sound/flashing/js-heavy adverts.
Think of the impact if the site is blocked by the browser's red malware warning UI (Google's safe browsing or smartscreen in IE) because a compromised file was hosted on the main domain.
It is much harder to get the site whitelisted once it has been compromised since it is on the same domain.
In my job, we had a site domain that was falsely flagged as malware-infected and it took about a few days before it was confirmed as removed (it is not automated apparently). It was never made clear why it was flagged in the first place but it scared us and we had to isolate any downloadable files (installer, ads, etc) away from the main domain as much as possible.
> At what point with the wish to deliver ads outweigh the want to measure user engagement?
It could be argued that self selection from advertisements makes ad campaigns more cost effect per impression/click. If a person wants to block ads they might be less influenced/willing to purposefully click on adverts.
The other end of the stick is that website owners cant be trusted to self report metrics which influence payout.
Thanks to the team (and especially Ray) for keeping us free of performance bogging, malware delivering scripts.