How This Briefing Works
This dossier opens with key findings, then maps the gap between what AdobeLaunch discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 21 sites
vendor fires before consent
Briefing
Adobe Launch serves as the command-and-control layer for Adobe Experience Cloud surveillance. While tag managers are typically neutral infrastructure, Adobe Launch actively participates in consent bypass through embedded Adobe ECID coordination, session recording orchestration, and persistent tracking library initialization that survives consent rejection.
What This Means For You
Customers visiting sites with Adobe Launch face tag manager infrastructure that actively subverts consent controls. Launch rules execute tracking libraries before consent acceptance, establish persistent Adobe ECID identifiers, and coordinate session recording across properties. This creates comprehensive surveillance that persists after consent rejection through embedded Adobe infrastructure rather than neutral tag execution.
Risk Channel Breakdown
Tag execution sequence pollution creates 25% signal corruption as Adobe Launch fires analytics beacons before consent acceptance, contaminating conversion attribution.
Launch library coordinates Adobe Audience Manager pixel drops that feed visitor segments to demand networks, creating 100% CAC subsidization as competitors bid on your qualified traffic.
Expands attack surface
Embedded consent bypass mechanisms create 100% legal tail risk through GDPR Article 7 violations, as Launch rules continue executing tracking libraries after explicit rejection.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Ignoring CMP signals
Device identification
Long-lived identifiers
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed AdobeLaunch's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
5 for current users · 5 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
ensighten, googletagmanager, perimeterx…
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →