Also an IT professional here. Google is among the less unsavory players in the ad space, but it’s a cesspool overall. Malicious ads seem to be one of the easiest ways to get that crap in front of a huge number of users. In practice I don’t see “reputable” providers directly serving malware: rather it’s generally a chain of redirects either implemented by the site they land on (that presumably behaves itself under indexing/due diligence), or by exploiting the ads on the landing site to cause a redirect. Ultimately lands either on an attacker-controlled site or just a site running an ad network that gives zero fucks or outright caters to cybercrime.
That said I made up my mind on this a while ago and I’ve been blocking substantially all ads and analytics for 5+ years. The game of cat and mouse may well have moved on.
I have definitely caught AdSense serving those super dishonest software download ads that pretend to be the download button on file sharing and software sites…
As far as you core concern, are you actually causing significant harm with your work, I really doubt it. Google has a decent incentive to crush bad actors lest govt. step in and kill their cash cow, and just getting the industry at large to match the mediocere level of ethical standads Google is upholding would still be a huge win. Ads suck as a solution and cause a fair amount of preventable harm, but harm reduction is a legitimate thing to work on. Bonus points when you can pressure competitors to shape up and not be too evil.
Also an IT professional here. Google is among the less unsavory players in the ad space, but it’s a cesspool overall. Malicious ads seem to be one of the easiest ways to get that crap in front of a huge number of users. In practice I don’t see “reputable” providers directly serving malware: rather it’s generally a chain of redirects either implemented by the site they land on (that presumably behaves itself under indexing/due diligence), or by exploiting the ads on the landing site to cause a redirect. Ultimately lands either on an attacker-controlled site or just a site running an ad network that gives zero fucks or outright caters to cybercrime.
That said I made up my mind on this a while ago and I’ve been blocking substantially all ads and analytics for 5+ years. The game of cat and mouse may well have moved on.
I have definitely caught AdSense serving those super dishonest software download ads that pretend to be the download button on file sharing and software sites…
As far as you core concern, are you actually causing significant harm with your work, I really doubt it. Google has a decent incentive to crush bad actors lest govt. step in and kill their cash cow, and just getting the industry at large to match the mediocere level of ethical standads Google is upholding would still be a huge win. Ads suck as a solution and cause a fair amount of preventable harm, but harm reduction is a legitimate thing to work on. Bonus points when you can pressure competitors to shape up and not be too evil.