How This Briefing Works
This dossier opens with key findings, then maps the gap between what Equativ discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 2 sites
vendor fires before consent
Briefing
Equativ operates as a programmatic advertising platform that combines supply-side and demand-side capabilities for digital ad buying. The platform uses behavioral profiling, device fingerprinting, and real-time bidding infrastructure to match advertisers with inventory. Core threat lies in the opaque auction mechanics and cross-publisher tracking capabilities that create measurement distortion and competitive intelligence leakage.
What This Means For You
Marketing teams using Equativ for programmatic buying face three core risks: (1) Attribution corruption as platform inflates conversion credit through last-touch modeling, (2) Competitive intelligence broadcast through RTB bid stream revealing target audiences and willingness-to-pay, (3) Regulatory exposure from behavioral tracking and consent bypass creating ongoing GDPR/CCPA liability. The platform's auction mechanics make it impossible to audit true cost-per-acquisition versus platform-reported metrics.
Risk Channel Breakdown
Equativ's attribution model credits conversions to programmatic impressions that may have minimal actual influence, inflating advertising effectiveness metrics and corrupting multi-touch attribution.
Every bid request contains detailed user profile data that is broadcast to hundreds of DSPs in real-time bidding. Even losing bidders gain intelligence on your target audience and acquisition costs.
Expands attack surface
Behavioral biometrics collection combined with consent bypass mechanisms creates GDPR Article 9 special category data exposure. Fingerprinting techniques violate ePrivacy Directive requirements for user consent before terminal equipment access.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Ignoring CMP signals
Device identification
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Equativ's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →