THE TAKE
They keep taking after users say stop.
//TECHNICAL_DESCRIPTION
Opt-out mechanisms that fail to stop data collection. User clicks 'Reject All' or opts out via GPC/DNT, but vendor scripts continue collecting, transmitting, and processing data. The opt-out is theater.
//ESCALATION_CONTEXT
How This Escalates BTI-C Findings
Escalates consent bypass (C09) into a deliberate violation. If the vendor provides an opt-out that doesn't work, the consent bypass is not a bug — it's by design.
//RELATED_ADVISORIES
Related Advisories
No published advisories reference this code yet.
Investigations are ongoing.
Blackout uses security frameworks to protect AGAINST vendors, not FOR them. We do not notify vendors. We do not provide remediation windows. If you're using a vendor flagged by this code, the advisory is your evidence.
Permanent URL: deployblackout.com/bti/codes/X07