<script type="text/javascript"> google_ad_client = "pub-7777777777777"; google_ad_slot = "777777777777"; google_ad_width = 468; google_ad_height = 60; </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>In general
show_ads.js
does the following tasks:
- script collects all available information about browser and OS (see: Browser fingerprint). This information includes: browser window size; display size; monitor color depth; plug-ins list; java version; checks if window has parent window; referrer;
- imports another 2 JS files - they are quite complicated to read because of obfuscation, but the main task they serve - make results more unpredictable and hard to mimic.
- creates IFRAME, which has main parameters (1) in URL - thus sending valuable espionage information back to Google.
- in the loaded IFRAME there are some scripts also, which IMHO are anti-bot watchers - they counts every mouse move over ads and then send this info to Google if ads link is clicked. I presume this helps detecting click-fraud bots.
Well, definitely principal weaknesses exist in the online ads model itself, allowing to perform "perfect" (i.e. undetectable) click-fraud attack, but implementation is quite tricky and expensive and bottlenecks are traffic to MFA sites and payouts.
Actually, advertisment networks may perfectly track users — every time you visit website with ads browser sends a little string - "cookie" to an advertisment server, next page — the same cookie, thus ad networks follow you. But don't think you are genious if you clear cookies (or restrict them in browser) — remember fingerprints while surfing internet.