All Vendors
advertising

Amazon Advertising

Amazon Advertising is an advertising vendor with a VRS of 80. Deploys comprehensive behavioral tracking and session recording to feed Amazon DSP targeting, creating direct competitor subsidization.

36 IOCs16 detections100% pre-consent15 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Amazon Advertising discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

16 detections across 15 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Amazon Advertising was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Customers visiting sites with Amazon Advertising face surveillance infrastructure that directly feeds their purchase intent to Amazon Retail competitors. Behavioral data including product views, cart additions, and price sensitivity signals are captured and synchronized across Amazon properties. This creates competitor targeting where Amazon marketplace sellers bid on your qualified visitors using your own intent data.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Amazon Advertising

  • Audit Amazon Attribution implementation to verify no data sharing with Amazon Retail or marketplace sellers
  • Disable Amazon DSP audience sync and require contractual prohibition on intent data sharing
  • Implement strict first-party cookie restrictions to prevent Amazon ID persistence across properties
  • Review Amazon Tag Manager rules to eliminate post-rejection pixel firing
  • Establish conversion data redaction to prevent product-level intent capture by Amazon systems

If You're Evaluating Amazon Advertising

  • Request Amazon Advertising deployment without DSP integration or audience network data sharing
  • Require contractual guarantee that advertising data does not feed Amazon Retail category managers or marketplace sellers
  • Verify Amazon pixels do not capture product-level interaction data (SKUs, cart values, category browsing)
  • Assess alternative advertising platforms (Google Ads with restricted audience sharing, Facebook without Conversions API) for comparison
  • Demand pricing concessions reflecting restricted deployment without Amazon Retail data sharing

Negotiation Leverage

  • VRS 80 classification with 90% CAC subsidization justifies 50% discount if Amazon Retail data sharing is contractually prohibited
  • 100% legal tail risk demands indemnification for session recording consent failures and biometric data processing violations
  • Require quarterly attestation that your advertising data does not feed Amazon marketplace seller targeting or retail category management
  • Request product-level data redaction (no SKU capture, no cart value tracking) to prevent direct competitor intelligence
  • Negotiate data retention limits (7 days maximum) and right to audit Amazon DSP audience graphs for your domain
Runtime Detections

Runtime Detections

6 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Amazon advertising pixels continue firing after consent rejection via backup tracking mechanisms embedded in CloudFront delivery.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse tracking and scroll depth capture feed Amazon product recommendation algorithms and DSP engagement models.

BTI-C07Session Recording

Full session replay

Impact: DOM capture enabled for Amazon Attribution customers, recording product views and cart interactions for competitor targeting.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Amazon advertising IDs persist after cookie rejection via localStorage and AWS edge cache coordination.

BTI-C10Fingerprinting

Device identification

Impact: Browser fingerprinting used to reconnect visitors across Amazon properties (Retail, AWS, Alexa) for cross-platform targeting.

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Amazon Tag Manager deploys tracking infrastructure that coordinates advertising pixel drops with AWS infrastructure persistence.

IOC Manifest

IOC Manifest

19 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Amazon Advertising sits at the intersection of advertising measurement and retail marketplace competition. Deployments typically include Amazon Attribution (conversion tracking), Amazon DSP (programmatic bidding), and Amazon Retail integration (product targeting). This creates direct competitor subsidization as customer intent data feeds Amazon marketplace sellers and retail category managers.
Loads (1)
Sell Amazon
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

36 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details