All Vendors
platform

Docs Google

Google Docs (collaboration platform) exhibits behavioral biometrics (C06), cross-domain sync (C08), and consent bypass (C09) when embedded. 65% Broker risk reflects Google ecosystem data pooling.

24 IOCs31 detections48% pre-consent31 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Docs Google discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

31 detections across 31 sites48% pre-consent activity
HIGH

Pre-Consent Activity

Docs Google was observed loading and executing before user consent was obtained on 48% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown - requires claims extraction via CDT

Observed Behavior

Runtime evidence shows C06/C08/C09 patterns when embedded

Customer Impact

What This Means For You

Embedded Google resources = third-party data controller relationship. Visitor data on your site feeds Google advertising business. GDPR requires separate consent for Google data processing; most implementations violate this.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Docs Google

  • Audit embedded Google resources (Docs, Forms, Maps, Fonts)
  • Confirm consent before Google resource loads
  • Review DPA: Google is separate controller, not processor

If You're Evaluating Docs Google

  • Test page load: do Google embeds load pre-consent?
  • Check privacy policy: is Google data sharing disclosed?
  • Verify consent banner explicitly lists Google as third party

Negotiation Leverage

  • Embedded Google Docs = cross-domain sync with advertising ecosystem. Is this disclosed to visitors?
  • C09 consent bypass: Google resources load before banner interaction. How do you prevent this?
  • Google is controller, not processor. Do you have controller-to-controller agreement for GDPR compliance?
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

13 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Google ecosystem integration. Embedded docs/forms connect to Google Analytics, Ads, YouTube tracking graph. Visitor data feeds unified Google profile for cross-platform targeting.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

24 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details