This essay will describe the history of Internet advertising at Google. I will also talking about the ethical issues of some of the kinds of ads that Google produces, and why Larry/Sergey didn’t consider them for example. Of course, it is worth noting that Google isn’t the only one involved in the ad bubble.
The first kind of ads that Google did was AdWords, dating back to 2000. AdWords was based on search keywords, and the text ads was displayed at the top of the search results (labelled as ads) and was relatively simple. Typically the highest bidder was shown, and the advertiser paid Google when the user clicked on the ads. AdWords involved relatively little tracking at least initially and will not be mentioned much here. At this time Google was taking a stand against popup ads.
Google bought DoubleClick in 2008. DoubleClick was invented in 1995. It made more sophisticated ad tracking via cookies and the like famous (which was often called “retargeting”), and the problems will be described here. DoubleClick themselves called its product “Dynamic Advertising Reporting and Targeting” at one point for example. Initially DoubleClick was mostly banner ads, and many users developed so called banner-blindness from these ads.
One of the problems of ads is malware. Typically advertisers take the highest bidder of ads and fill as much space as possible with ads, making malware like exploit kits difficult to prevent. To make things worse, companies can only spend a limited amount of money on ads, so sites often have to take the highest bidder and sometimes websites even use multiple ad networks. Flash was famous for many exploits for example, and these days in general plug-ins are dying off (Java was even worse for example). Of course, there are browser exploits too like in Firefox and Chrome.
Though the vast majority of exploits in kits are typically already patched, sometimes unpatched zero day exploits get delivered by ads like in the case of https://www.trendmicro.com/vinfo/us/security/news/zero-day-exploit. There is a market for exploit kits in general, and zero days are particularly valuable.
One of the most famous of ads that contain malware was at Forbes, where the Angler exploit kit was served via pop-under ads after the site asked users to turn off ad blockers. Of course, asking users to turn off ad blockers or otherwise fighting against them is not a good idea in the first place.
Of course, users often has little control and benefit over storage of user data and ad retargeting by trackers too, especially when many parties are involved. Of course, some provides more control than others.
So why didn’t Larry/Sergey consider the issues when buying DoubleClick for example?
One reason I assume is that no one cared as much about security when AdSense added Flash ads for example, with exploits not as common as now.
Google’s ad blocking involves annoying ads, but don’t fix the issues described here. Apple’s ad blocking targets retargeting, but does not make ads less annoying.