How This Briefing Works
This dossier opens with key findings, then maps the gap between what Enrichley discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Enrichley operates as a visitor identification platform that captures behavioral telemetry and cross-references it against proprietary databases to resolve anonymous web traffic to named individuals and companies. The service creates detailed visitor profiles combining behavioral patterns, device characteristics, and external data enrichment. Core threat lies in the black-box nature of identification methodology and post-consent tracking capabilities.
What This Means For You
Marketing teams deploying Enrichley gain short-term visibility into anonymous traffic but inherit three critical liabilities: (1) Measurement corruption as deanonymization false positives pollute attribution models, (2) Competitive intelligence leakage as visitor data feeds the broader identification network, (3) Regulatory exposure from behavioral biometrics and consent bypass creating per-violation fine risk. The platform's black-box methodology makes it impossible to audit identification accuracy or data sharing practices.
Risk Channel Breakdown
Enrichley introduces measurement distortion by attributing conversions to deanonymized visitors that may not represent genuine purchase intent, corrupting funnel analytics and attribution models.
Every visitor unmasked by Enrichley generates a data asset that feeds competitor intelligence systems. The platform's data sharing ecosystem means your traffic becomes competitive intelligence for other customers in the network.
Expands attack surface
Behavioral biometrics collection (mouse movements, keystrokes, scroll patterns) combined with session recording and consent bypass creates massive GDPR/CCPA exposure. The platform's ability to identify individuals without explicit consent violates controller transparency requirements.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Identity stitching
Ignoring CMP signals
Device identification
PII deanonymization
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Enrichley's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →