What is to stop ad tech companies creating a cryptographically secured reverse proxy device[1] that clients can install in their network between the web server and requests from the internet?
The ad tech company only has to trust that their device is secure and the company that sells their website doesn't have to give up control of their domain or anything else.
They would have to isolate the ad tech device from the rest of the network and only allow it to communicate to the web server inside the network and the ad tech server outside their network. If something goes wrong with the device then it is trivial for the web serving company to bypass it.
-------
As is mentioned in the grandparent comment, this allows anything to be done to the content being served from the website and not only domains cannot be trusted, individual URLS cannot either. Ad blockers will have to rely on examining the content directly even more than they already do. This would make it much less scalable for the ad blockers to deal with, they have to identify ad content individually, by their signatures or page structure in the best case, or examining arbitrary code behaviour in a worse case. Ad blockers may then have to deal with identifying ad content which changes as fast or faster than new ads appear, which is a lot worse than the relatively few(and relatively static) domains, URLS, bits of HTML and Javascript that are there now. Ad blockers may lose eventually due to incomputability, but who knows.
This would have to be a reverse proxy on the AdTech's infrastructure itself to make sure no rewriting is being done after-the-fact, as you can't trust your AdTech customer (the person that owns example.com) to not run a reverse proxy in front of that.
Thanks for making me realise the most obvious thing, that it doesn't stop click fraud if it is on the ADTech customers network as they can connect to the device and pretend to be any device on the internet.
What is to stop ad tech companies creating a cryptographically secured reverse proxy device[1] that clients can install in their network between the web server and requests from the internet?
The ad tech company only has to trust that their device is secure and the company that sells their website doesn't have to give up control of their domain or anything else.
They would have to isolate the ad tech device from the rest of the network and only allow it to communicate to the web server inside the network and the ad tech server outside their network. If something goes wrong with the device then it is trivial for the web serving company to bypass it.
-------
As is mentioned in the grandparent comment, this allows anything to be done to the content being served from the website and not only domains cannot be trusted, individual URLS cannot either. Ad blockers will have to rely on examining the content directly even more than they already do. This would make it much less scalable for the ad blockers to deal with, they have to identify ad content individually, by their signatures or page structure in the best case, or examining arbitrary code behaviour in a worse case. Ad blockers may then have to deal with identifying ad content which changes as fast or faster than new ads appear, which is a lot worse than the relatively few(and relatively static) domains, URLS, bits of HTML and Javascript that are there now. Ad blockers may lose eventually due to incomputability, but who knows.
-------
[1] Using a TPM is one possibility