Once upon a time Google used few and non-intrusive ads. The ads were soo well-placed and relevant, that they almost seemed like a service to the user, rather than being forced upon you. Some of us even added exceptions for Google ads in our ad blockers, so we would not miss out.

I miss those days.

No

Sure. But that does not make it unethical.

That is a very interesting research area.

What he means is, your security considerations here must come from some perceived threat. What kind of threat do you forsee that requires this high level of security?

Usually when you consider security you start with a threat model, describing the scenarios you want to protect your systems from. And based on that you decide the necessary technical security measures that are relevant.