How This Briefing Works
This report opens with key findings, then maps the gaps between what Digitalremedy discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Digitalremedy was observed loading and executing before user consent was obtained on 20% of sites where it was detected.
Pending Analysis
6 BTI behavioral codes detected across 15 deployments. Full claims extraction required for gap analysis.
Claims vs. Observed Behavior
Pending Analysis
“Claims analysis pending”
6 BTI behavioral codes detected across 15 deployments. Full claims extraction required for gap analysis.
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Digitalremedy
- →Deploy fingerprint detection tools alongside cookie scanners — standard cookie audits will miss Digital Remedy entirely
- →Verify your CMP blocks Digital Remedy's scripts before consent, not just cookies
- →Request complete documentation of Digital Remedy's identity resolution methodology and all cross-domain data flows
- →Audit your DPA for coverage of fingerprint-based tracking and cross-domain identity sharing
If You're Evaluating Digitalremedy
- →Require Digital Remedy to disclose their complete fingerprinting methodology and data retention practices
- →Demand contractual restrictions on cross-domain identity syncing of your audience data
- →Assess whether 24 scripts are proportionate to the measurement value received
- →Compare Digital Remedy's cookieless approach against alternatives that achieve measurement without fingerprinting
Negotiation Leverage
- →24 scripts with zero cookies confirms deliberate cookieless tracking architecture — demand full technical disclosure of fingerprinting methodology and legal basis documentation
- →Cross-domain sync (C08) means your audience data is shared across the network — negotiate contractual prohibition on cross-client identity sharing
- →Fingerprint-based tracking cannot be cleared by users — this undermines consent validity under GDPR, creating controller liability that should be indemnified by Digital Remedy
- →6 BTI behavioral codes on a performance advertising platform — use as leverage to negotiate data minimization commitments and restrict processing purposes
- →Identity resolution converts your anonymous visitors into Digital Remedy's identity graph assets — negotiate ownership and deletion rights for all resolved identities
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Impact: Evasion infrastructure in Digital Remedy's deployment may alter behavior during compliance audits, making it difficult to verify the true scope of data collection in testing environments.
Keystroke/mouse tracking
Impact: Behavioral tracking captures interaction patterns that constitute biometric data under BIPA and emerging privacy frameworks. On an advertising platform, this data feeds audience modeling that extends beyond campaign measurement.
Identity stitching
Impact: Identity stitching across domains means Digital Remedy links your visitors' behavior on your site to their activity on other sites in the network. This creates a cross-site behavioral profile that you did not authorize and cannot control.
Ignoring CMP signals
Impact: 20% pre-consent firing combined with cookieless architecture means even post-consent tracking uses methods (fingerprinting) that users cannot clear or meaningfully opt out of — undermining the validity of collected consent under GDPR recital 42.
Device identification
Impact: Zero cookies with 24 scripts confirms fingerprint-based identification. Device fingerprinting creates persistent identifiers that survive cookie deletion, browser clearing, and privacy mode — making user opt-out mechanically impossible.
PII deanonymization
Impact: PII deanonymization on an advertising platform means your anonymous site visitors are being resolved to identifiable individuals and fed into ad targeting infrastructure. This transforms your website into a data source for Digital Remedy's identity graph.
IOC Manifest
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
143 detection signatures across scripts, domains, cookies, and network endpoints