Ad buyers are pointing the finger at Google, Amazon, and brand safety firms like Integral Ad Science and DoubleVerify after a report from research firm Adalytics claimed that ads for top brands like Sony, Pepsi, and the NFL appeared on ibb.co or imgbb.com—sites that have been flagged by the National Center for Missing & Exploited Children for hosting child sexual abuse material (CSAM).

Google and Amazon don’t provide enough data

On Friday, Senators Marsha Blackburn (R-TN) and Richard Blumenthal (D-CT) criticized Google and Amazon for obscuring ad placement data, preventing advertisers from seeing the exact URLs where their ads appeared on imgbb.com.

Neither company typically provides full URL-level reporting to advertisers, multiple sources told ADWEEK. 

Instead, most ad buyers receive domain-level reports, which reveal the broader website but not the specific webpage—preventing them from knowing, for example, whether their ads appeared next to a reputable article or on a subpage with objectionable content. 

Without access to exact URLs, senators said, advertisers can’t ensure their messages aren’t appearing next to illegal or policy-violating content.

Media executives at two different consumer brands whose ads appeared on ibb.co via Amazon’s demand-side-platform each confirmed to ADWEEK that Amazon provided them only with domain-level data about ad buys—and that multiple requests for URL-level data were not fulfilled. 

ADWEEK reviewed a recent email sent to one exec in which an Amazon representative said that the company cannot provide full URL-level reporting.

Tech Leaders’ Quotes From the Contentious Child Safety Senate Hearing

A spokesperson for Amazon did not respond to a question from ADWEEK about whether URL-level data is available to advertisers.

A Google spokesperson, however, said: “Advertisers can access campaign reporting in the Google Ads UI about where their ads run. This may include site and URL-level reporting depending on the ad inventory and campaign type.”

Both Amazon and Google told ADWEEK that they’ve blocked the site in question.

Two ad buyers at agencies and two at brands said they paid vendors including IAS and DoubleVerify for brand safety technology, and those vendors marked impressions on ibb.co or imgbb.com as entirely brand-safe. 

IAS and DoubleVerify are under fire

IAS and DoubleVerify are the biggest firms that sell brand safety tech, with market caps of $1.73 billion and $3.67 billion respectively.

“Their tech quite simply does not do what they say it does,” said one of the buyers who spoke to ADWEEK on the condition of anonymity.

“The blame lies … with any verification company that even pretends to offer brand safety products that could [allow ads to] appear on something so horrific,” said Jay Friedman, CEO of independent media agency Goodway Group, who reviewed an advance copy of Adalytics’ report. 

The industry bodies that certify vendors’ ad verification and safety practices are also being blamed. Both DoubleVerify and IAS have the TAG Brand Safety Certified Seal, signaling compliance with brand safety standards in digital advertising, as well as MRC certifications for meeting specific brand safety and suitability criteria. 

Letters published Friday by Senators Blackburn and Blumenthal, written in response to Adalytics’ report, called out the certification organizations’ failures to protect advertisers’ interests and uphold their own standards: “TAG has failed to enforce its standards and investigate non-compliance, resulting in the continued funding of CSAM and other criminal activity for years.”

“A lot of the blame here is on MRC and TAG, who are certifying these vendors,” said Arielle Garcia, chief operating officer of adtech watchdog Check My Ads, who advised the lawmakers. “I cannot fathom that any advertiser would expect a certified vendor to allow their ads to serve on a site that hosted CSAM, and not at least notify them of the risk.” 

Garcia believes TAG and MRC are complicit in the monetization of CSAM on imgbb.com and ibb.co.

TAG CEO Mike Zaneis said in a statement: “We have not been allowed to review this report, so we cannot comment on the accuracy of any claims made in it.”

MRC declined to comment on the record, but confirmed that IAS and DoubleVerify are only accredited for ad verification based on text and keywords, but not based on whether ads appear next to appropriate content.

Easy steps could prevent bad placements

Brand safety firms missed some obvious red flags that could have prevented ad buying on imgbb.com and ibb.co. For instance, the imgbb.com domain had been flagged by NCMEC.

“Brokers and ad network operators who onboard websites wanting to monetize web traffic can engage in much more robust KYC [Know Your Customer] practices when onboarding a website or platform,” said Jacques Marcoux, the director of research and analytics at the Canadian Centre for Child Protection. 

While the opacity of the adtech ecosystem makes it difficult to see the full scope of CSAM monetization, Garcia said “it’s fairly simple” to gauge the extent to which NCMEC-flagged websites are hosting advertising. 

She hopes that might serve as a starting point for future research and help the ad industry work toward resolving the inadvertent funding of CSAM on the internet.

Update Feb. 7, 4:25pm ET: DoubleVerify has issued a statement in response to the Adalytics report.