How This Briefing Works
This report opens with key findings, then maps the gaps between what Connexity discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
43 detections across 42 sites2% pre-consent activity
MEDIUM
Pre-Consent Activity
Connexity was observed loading and executing before user consent was obtained on 2% of sites where it was detected.
GDPRePrivacy
HIGH
Consent Disclosure
24 distinct third-party vendors detected on connexity.com
GDPR Art 7ePrivacy Directive Art 5(3)
HIGH
Undisclosed Party
Not in privacy policy
HIGH
Undisclosed Sharing
Hidden data recipients
HIGH
CMP Disclosure Mismatch
CMP vendor list vs runtime
Disclosure Gaps
Claims vs. Observed Behavior
3 gaps
1 HIGH2 MED
Classified:BTI-X01BTI-X02BTI-X10
Consent Disclosure
GDPR Art 7 · ePrivacy Directive Art 5(3)HIGH
They Claim
“CMP states 9 third parties for user consent choice”
Observed Behavior
24 distinct third-party vendors detected on connexity.com
BLACKOUT scan 2026-01-24, ConsentManager banner inspection
Subprocessor Disclosure
GDPR Art 28 · GDPR Art 13MEDIUM
They Claim
“Privacy policy names Google, DoubleClick, Criteo as third parties”
Observed Behavior
20+ additional vendors including LinkedIn, HGinsights, TrenDemon, Versium detected
Runtime detection of third-party scripts and tracking pixels
Pre-Consent Tracking
ePrivacy Directive Art 5(3) · GDPR Art 6MEDIUM
They Claim
“ConsentManager CMP provides consent choice before tracking”
Observed Behavior
GoogleAnalytics4 and LinkedIn fire before consent granted (pre_consent=true)
BLACKOUT detection with pre_consent flag analysis
Customer Impact
What This Means For You
YOUR retail performance data processed through Connexity feeds into a platform that explicitly sells personal information to advertising networks and marketing companies. YOUR customers' purchase records and browsing behavior may be sold to competitors via Connexity's disclosed data sales practices. YOUR CMP configuration for Connexity likely covers only 9 vendors while 24 operate at runtime — YOUR consent mechanism is incomplete. As a Taboola subsidiary, YOUR retail data exists within a native advertising conglomerate with cross-platform targeting capabilities.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Connexity
- →Audit your consent banner to ensure ALL 24 detected vendors are disclosed, not just the 9 shown in CMP
- →Update your privacy policy to name Connexity and its downstream data recipients explicitly
- →Verify pre-consent firing is blocked by testing your implementation against detection data
- →Request contractual restrictions on data sales specifically for your customer records
If You're Evaluating Connexity
- →Understand that Connexity explicitly sells personal data — assess whether this aligns with your privacy commitments
- →Request complete vendor list and compare against CMP coverage before signing
- →Evaluate whether Taboola subsidiary status creates data flow risks beyond Connexity itself
- →Require contractual opt-out from data sales for your customer data as a condition of engagement
Negotiation Leverage
- →Explicit data sales: Connexity admits to selling personal data including identifiers and purchase records — use this to negotiate data sales restrictions for your customer data specifically
- →CMP vendor undercount: 24 vendors detected vs. 9 in CMP — require all vendors to be consent-gated and disclosed as a contract condition
- →Taboola subsidiary risk: Retail data flows within a native advertising conglomerate — negotiate restrictions on data sharing within the Taboola corporate family
- →Purchase record sensitivity: Connexity processes transaction data revealing YOUR customers' buying patterns — negotiate enhanced data protection and restrictions on behavioral inference sales
Runtime Detections
Runtime Detections
5 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C09Consent Bypass
Ignoring CMP signals
BTI-C10Fingerprinting
Device identification
IOC Manifest
IOC Manifest
156 INDICATORS
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.connexity.com/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*www.connexity.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*
Tracking script
TRACK
*www.connexity.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.js*
Tracking script
TRACK
*www.connexity.com/wp-includes/js/jquery/ui/core.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/js/frontend.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.js*
Tracking script
TRACK
*www.connexity.com/wp-includes/js/imagesloaded.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*
Tracking script
TRACK
*www.connexity.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*www.connexity.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/menu-title-keyboard-handler.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/mega-menu.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/mega-menu-stretch-content.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/slides.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/load-more.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/loop.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/nested-carousel.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/ajax-pagination.*.bundle.js*
Tracking script
TRACK
*www.connexity.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.*.bundle.js*
Tracking script
TRACK
www.connexity.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-includes/js/jquery/ui/core.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/lib/swiper/v8/swiper.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-includes/js/imagesloaded.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/js/shared-frontend-handlers.30dc2f9c080845a413a6.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/mega-menu.8008698e9df584aa4337.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/mega-menu-stretch-content.480e081cebe071d683e8.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/menu-title-keyboard-handler.070cb9cb3c4f1f016388.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor/assets/js/text-editor.c084ef86600b6f11690d.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/nested-carousel.776ab95ca4daa003622e.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/slides.c0029640cbdb48199471.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/load-more.8b46f464e573feab5dd7.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/loop.4a16d82b8b5e3e00f25e.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/ajax-pagination.55e86e9100bc317aeb0b.bundle.min.js
Auto-extracted from scan
TRACK
www.connexity.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.a23fbd67486c5bedf26c.bundle.min.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Connexity operates as a retail affiliate marketing network, sitting between retailers (Walmart, Target, Etsy, Wayfair) and publishers who display product ads. As a Taboola subsidiary since 2021, they integrate into a broader content recommendation ecosystem. Connexity loads primarily via indirect methods (tag managers, affiliate pixels) and is detected across 42 distinct sites in BLACKOUT scans. They load multiple downstream vendors including advertising networks, B2B intelligence platforms (HGinsights, Firmable, Versium), and behavioral analytics. Their data flows to advertising networks and marketing companies as explicitly disclosed in their US State Privacy Notice.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
168 detection signatures across scripts, domains, cookies, and network endpoints