I'm glad someone else already commented on the $M is 0 as well.
I don't expect ad networks to be completely free of malware but I do expect a much better response when problems do happen. Page Fair claims the cost due to ad blocking to be at $22 billlion. But the question is where is all that money to take responsibility and legitimize the paradigm? Even just 10% of that set aside to help pay for services to clean up a malware ad campaign would go a long ways. Instead, the ad network value their own legitimacy at $0 when it comes time to pay for malware removal. It is just an empty apology, a statement that the ad network is taking steps to stop it from happening yet again and the cost is passed on to the end users.
If you want to go to a real world example of a child not eating by ads being blocked, then maybe we should take that example to the logical conclusion. For this example, let us say there is a community seeking to have a city block a bill board from being put up. The bill board company seeks community support by saying their company gives back to the community and without the bill board the children that are fed by their community out reach will not get food.
From how the ad company puts their stance, it seems really simple. But what if I told you this is more like Sohpie's Choice where it just a matter of which child fails to get food instead of a clear win-win if the bill board returns. What information would it take for you to side with the community to keep the bill board from going up?
(1) What if I told you the location the bill board is supposed to go previously had a bill board that fell onto a highway and caused a multi-car accident?
(2) What if I told you this isn't the first time the bill board has fallen onto the highway and the company has already claimed they would take steps to make sure it didn't happen again?
(3) What if I told you the bill board company offered nothing in compensation to the victims?
(4) What if I told you the bill board company claimed it couldn't compensate the victims because it didn't know who they are. However, the same company promoted that the billboard had cameras to collect the make, model and license plate numbers of all the cars to go by so they could produce aggregate data of those that saw it?
(5) What if I told you as the resulting of the cost to some of the victims of yet another billboard accident that some of the victims had children that had to go without food?
How many facts of the case need to be provided before the simplified story that bill boards feed children just is no longer enough to legitimize this business practice?
We have seen repeated misuse of ad networks. Both Google and Yahoo have made the news for having their ad networks used for "malvertising campaigns" but neither have been reported as paying victims to assist in the cost of clean up. Yahoo's June/July 2015 malvertising was the largest ever to date and still wasn't large enough to justify taking responsibility for reaching out to the impacted users. So if the ad networks themselves put a $0 value on how legitimate they are, who am I to argue with that?
At some point, if you are going to demand the "right" way to access your content requires doing it in the high-crime ghetto district of the city, you should expect either someone will offer a way to move the content to a safe area to consume or people will just abandon accessing it. Ad networks have proven themselves to be part of the ghetto of the internet and should expect to be blocked.
Some might say that malware shouldn't be a factor to people blocking ads on iOS. They will eventually be proven wrong. The recent vulnerability of iOS "effective. Power" and Android Stagefright show that short specially crafted messages to either smartphone system can have negative effects. Given enough time, the impact of these type of vulnerabilities will increase.
Both computers and smartphones are devices we have grown increasingly dependent on. Having problems with performance/reliability issues due to malware has a real world cost. Having our data held by ransomware also has a real world cost. That cost may not be $22 billion, but it also isn't $0. An industry "worth" $22 billiion that has $0 of responsibility will have it's worth re-evaluated to match the value of how responsible it is.