How This Briefing Works
This dossier opens with key findings, then maps the gap between what Adgoji discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Adgoji provides advertising attribution via session recording and identity resolution. Links anonymous ad interactions to known visitor identities for conversion tracking. Deploys session replay and identity matching pre-consent. Primary risks: GDPR consent violations, visitor identity data sold to competitive intelligence platforms, identity resolution converting pseudonymous to personal data.
What This Means For You
For security teams: Identity resolution links ad engagement to employee accounts, revealing organizational structure and job functions to surveillance platforms. For legal: Every identity-matched session becomes a GDPR data subject access request requiring complete reconstruction with linked CRM data. For marketing: Identified visitor lists sold to competitors enable targeted outbound to your warmest ad-engaged prospects. For sales: Ad engagement signals leaked before your SDRs can act - competitors reach identified accounts first.
Risk Channel Breakdown
Distorts attribution data
Adgoji identity resolution reveals which known accounts engage with your ads. Every matched visitor becomes a tradeable signal - competitors buy lists of accounts showing ad engagement, enabling targeted outbound campaigns to your warmest prospects.
Expands attack surface
Identity resolution without explicit consent violates GDPR Article 6. Linking anonymous sessions to email addresses or CRM records converts pseudonymous data to personal data, triggering full GDPR obligations retroactively. Session recording creates data breach notification requirements.
Threat Indicators
Runtime-observed (BTI-C)
Full session replay
Ignoring CMP signals
PII deanonymization
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Adgoji's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →