How This Briefing Works
This dossier opens with key findings, then maps the gap between what Ada discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 4 sites
vendor fires before consent
Briefing
Ada deploys sophisticated consent bypass mechanisms that continue behavioral tracking even after explicit user rejection. The platform combines defeat device techniques with cross-domain identity synchronization, creating persistent surveillance infrastructure disguised as conversational AI support.
What This Means For You
Customers visiting sites with Ada face persistent chat tracking that survives consent rejection and cookie deletion. Chat interaction data including questions asked, pages visited during chat sessions, and response patterns are captured and synchronized across domains. This creates behavioral profiles that inform competitor targeting even for users who never completed a purchase or form fill.
Risk Channel Breakdown
Chat interaction data pollutes analytics with bot-driven sessions, creating 40% signal corruption that distorts true customer intent measurement.
Aggressive cross-domain sync feeds chat interaction data to demand generation networks, subsidizing competitor acquisition at 80% CAC impact.
Expands attack surface
Post-rejection tracking combined with biometric capture creates 85% legal tail risk through demonstrable GDPR Article 7 violations and consent theater.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Identity stitching
Ignoring CMP signals
Device identification
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Ada's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →