They lied about what they take.
Marketing claims contradicted by observed behavior. The vendor's website says "privacy-first" or "cookieless" while their scripts deploy fingerprinting, pre-consent tracking, or cross-domain syncs. The marketing is the cover story.
How This Escalates BTI-C Findings
Transforms any BTI-C detection into a deception finding. A vendor doing C10 (Fingerprinting) while marketing as "cookieless" is not a technical issue — it's fraud.
Related Advisories
No published advisories reference this code yet.
Investigations are ongoing.
Blackout uses security frameworks to protect AGAINST vendors, not FOR them. We do not notify vendors. We do not provide remediation windows. If you're using a vendor flagged by this code, the advisory is your evidence.
Permanent URL: deployblackout.com/bti/codes/X04