All Vendors
dsp

Equativ

Equativ is a DSP (demand-side platform) with a VRS of 80, representing moderate Oracle threat (25), high Broker risk (65), and moderate Counselor exposure (45). The platform employs defeat devices, behavioral biometrics, consent bypass, and fingerprinting to optimize programmatic ad delivery and audience targeting.

16 IOCs4 detections50% pre-consent3 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Equativ discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

4 detections across 3 sites50% pre-consent activity
CRITICAL

Pre-Consent Activity

Equativ was observed loading and executing before user consent was obtained on 50% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Marketing teams using Equativ for programmatic buying face three core risks: (1) Attribution corruption as platform inflates conversion credit through last-touch modeling, (2) Competitive intelligence broadcast through RTB bid stream revealing target audiences and willingness-to-pay, (3) Regulatory exposure from behavioral tracking and consent bypass creating ongoing GDPR/CCPA liability. The platform's auction mechanics make it impossible to audit true cost-per-acquisition versus platform-reported metrics.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Equativ

  • Demand transparency on attribution methodology and implement independent conversion tracking via first-party analytics
  • Configure privacy-preserving audience targeting using contextual signals rather than behavioral profiles
  • Require contractual limits on bid stream data sharing and audience segment resale
  • Implement consent-first deployment where tracking only activates after explicit user opt-in

If You're Evaluating Equativ

  • Request third-party audit of consent bypass mechanisms and fingerprinting practices
  • Evaluate alternative programmatic platforms with documented privacy-first architectures (e.g., contextual targeting DSPs)
  • Consider direct publisher relationships to eliminate RTB competitive intelligence leakage
  • Assess incremental ROAS of programmatic versus direct buys after correcting for attribution inflation

Negotiation Leverage

  • Equativ VRS 80 = Broker (65) + Counselor (45) threat. RTB bid stream = competitive intelligence broadcast. Demand data minimization commitments.
  • Consent bypass (BTI-C09) + fingerprinting (BTI-C10) = ongoing GDPR violation risk. Request technical remediation or consider contract exit.
  • Attribution methodology opacity creates measurement corruption. Negotiate SLA on conversion tracking accuracy with third-party verification.
  • Behavioral biometrics (BTI-C06) for audience modeling = special category data processing. Require explicit legal basis documentation.
  • Ask: What user data is included in bid requests? How long are audience profiles retained? What is the opt-out mechanism? Expect evasive answers.
  • Programmatic efficiency gains must be weighed against competitive intelligence leakage and regulatory risk. Demand cost-benefit analysis with legal review.
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Tag behavior varies based on detection of privacy tools or regulatory environments, presenting compliant facade while conducting full tracking in permissive contexts.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse tracking and interaction patterns feed audience models used for cross-site targeting, creating persistent user profiles that survive cookie deletion.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tracking pixels and fingerprinting continue after consent rejection, creating per-violation GDPR liability and undermining consent management platform investments.

BTI-C10Fingerprinting

Device identification

Impact: Browser and device fingerprinting creates stable identifiers used for ad frequency capping and attribution across domains, violating user privacy expectations and regulatory requirements.

IOC Manifest

IOC Manifest

14 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Equativ participates in the programmatic advertising ecosystem alongside Google DV360, The Trade Desk, and Xandr. Real-time bidding infrastructure means every impression generates bid requests to dozens of competing DSPs, creating systematic competitive intelligence leakage. Header bidding integrations create client-side data exposure before server-side auction logic executes. Equativ likely shares audience segments across advertisers to improve match rates.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

16 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details