As long as my browser doesn't load anything from different domains other than the website's domain I don't mind. If that exists, every single website needs to adapt such practice. Anything else is a waste of breath.
In terms of technical details, I request that the publisher send me:
- How many ads they want on the page
- The client IP address (at least within a /20 of it)
- The client user agent (they can strip hex/numbers at the end that are added by some US-based Internet providers)
- Some keywords/topics (if they want contextually-targeted ads)
- A cookie they have dropped for the purposes of ad retargeting/blocking if they've obtained a preference from the user to do so.
In return, I send them a list of objects containing:
+ a title for the ad (supplied by the advertiser), no HTML permitted
+ a "description" for text ads (also supplied by the advertiser). <a> and <b> tags permitted, but no other HTML.
+ an image for the ad (also supplied by the advertiser) delivered as a data URI. I verify that it's actually an image (jpeg or png)
+ a "click through url" that points at a domain that the publisher has given me (usually something like ads.mysite.com) that I host -- they have to point the NS for this domain at my name servers
+ a preference url that indicates that the user didn't like this ad. This can be called server-to-server.
I still believe in content sponsorship, even though some mega-ad networks like Google have screwed publishers and consumers hard, and it's nice to see moderated consumer views here: There's a lot of people on HN against any form of advertising on the grounds of some kind of "eyeball rape"
I'm still trying to figure out all the commercials, so I'm not yet focusing on inbound traffic (i.e. website) but if you reach out via email, we can see if we can do something together.
How would you deal with one of your customer faking ad views?
That's the main reason I hear from people why server-to-server ads won't work reliably, since the ad network "needs" more data to verify legitimate views
KYC: I don't accept customers that I can't reach or traffic I don't believe.
I don't actually pay on "ad views"[1] directly. If an advertiser wants to buy brand awareness (CPM/CPV) then I need to understand how they're measuring the ROI on that brand awareness. Once I understand that, I can test traffic -- basically mix it in -- on each of my publishers to see if they are generating that ROI. This takes time for brand awareness since good tests usually take months, but for CPA/CPR/CPL deals are faster, so I end up doing more of that.
Nevertheless, if I thought someone had figured out a way to cheat me, I'd stop their traffic; I'd talk to them, and explain my thinking. Maybe they can convince me I'm wrong.
Interesting you allow <b> but not <strong>. Can you give the names of some of your clients? I'd like to check out how it looks in action. I understand if you can't though.
I'm not opposed to other styling but I need to really think through the implications and understand the impact.
If you reach out (my contact details are on my HN profile), we can talk through how I might be able to help. I'm happy to introduce some of my clients in the process.
> As long as my browser doesn't load anything from different domains other than the website's domain I don't mind
So you don't care about the content, only the source? There's nothing stopping the website from simply routing malicious JS from the ad network. Even worse, it would be much harder to block it this way.
> EDIT: Having a process integrating ads internally will also give the operators of websites the opportunity to vet the ads for potentially malicious advertising campaigns, aka fake ads, etc.
If you let inline malicious code inside your website then you're doing it wrong.
The quote I argued against didn't specify anything regarding your particular ad network. My argument was pretty simple: the content is more important than the origin.
> Since my ad network doesn't serve any JS from an advertiser
That's about content.
> As long as my browser doesn't load anything from different domains
That's about the origin.
Just because your network doesn't serve malicious JS, doesn't mean all networks do. And just because it comes from the same origin, doesn't mean it's safe.
