Why can't Google come up with an AMP for ads? That will transpile a restricted javascript (or whatever) into a runtime that just doesn't do these things?
This would get rid of the greasy ads, and Google could focus on making tools that allow site owners to filter by "features used in ad", and ad developers could actually return to delivering ads, rather than collecting fingerprints?
"Caja uses an object-capability security model to allow for a wide range of flexible security policies, so that your website can effectively control what embedded third party code can do with user data."
This would get rid of the greasy ads, and Google could focus on making tools that allow site owners to filter by "features used in ad", and ad developers could actually return to delivering ads, rather than collecting fingerprints?