> There's no point to client-side JavaScript: The baddies just write JavaScript that rewrites basic objects using Object.defineProperty so that document.visibilityState always says so (and so on), or that lie to the visibility sensor. Or they just make a whole fake web browser that runs on a Server. You are in an arms-race, and verification companies simply can't/don't do a very good job.
I agree it's an arms race, but why do you think it favors the attacker? Bot/spam detection is incredibly important, and the folks I've worked with in spam detection are really good at what they do.
(Disclosure: I work on ads at Google, though not in spam. Speaking only for myself.)
I agree it's an arms race, but why do you think it favors the attacker? Bot/spam detection is incredibly important, and the folks I've worked with in spam detection are really good at what they do.
(Disclosure: I work on ads at Google, though not in spam. Speaking only for myself.)