Because the advertiser wants to track how many times the ad was seen, etc. Ad Servers / 3rd Parties provide the function of being an independent third party.
I'm well aware they want to, and usually do, do that, but they never should have been given that ability in the first place. SO is in a position to take that option off the table. I'm sure there are plenty of companies willing to give SO money to advertise their product with an image and a link, even if it means they have to trust SO to do what they agree to without being able to stick a nanny-cam in their website.
This particular setup can/will leak cookies set on foo.tld to ads.foo.tld which leads to security concerns - only in your specific example though. If you were to use www.foo.tld and ads.foo.tld then you're good to go. While it is possible to carefully setup cookies that do not leak, its something you need to be careful of when recommending. That said, I do agree with your premise and wish native ad hosting like this happened much more often.
jasonkostempski|9 years ago
shostack|9 years ago
the8472|9 years ago
That way there's no cross-domain tracking via cookies and they can still track impressions.
boredprogrammer|9 years ago
Reading material: http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-do...