Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

>At least with server-side insertion on the site/apps own servers it gives them more control (and forces them to take responsibility). If they serve a malware ridden ad from their own resources then they are responsible, no one else, and had the control to not do it. They are no longer trusting a 3rd party to be safe without having any audit rights to make sure they are.

You're greatly overestimating how much publishers care about security. If they're already willing to embed arbitrary scripts from ad networks (which has full access to the page), why wouldn't they go one step further and proxy it from their servers? It's not like it's giving additional access. I also don't buy the "additional responsibility" aspect. At the end of the day, it's still an ad network, and unless they're manually approving each ad, the risk of malware/scams isn't going to change, and if they happen to display such an ad, they can still deflect blame to the ad network.



> they can still deflect blame to the ad network

Agreed. But it is at least far easier to definitively prove that they are the reason the malware was delivered to a given user. It is perhaps a naive hope, but maybe that and the threat of potential bad publicity (or just being more likely to be included in popular "bad host" block-lists) will encourage a little more due diligence.

> You're greatly overestimating how much publishers care about security.

Oh, my expectations are low. I think more that I'm looking for/at things that might force them to care more than they currently do.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: