All Vendors
platform

Forager

Forager deploys consent bypass infrastructure with zero operational justification. No Oracle/Broker risk observed, but Counselor violations create strict liability exposure for generic platform tooling.

29 IOCs1 detections100% pre-consent1 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Forager discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

1 detection across 1 site100% pre-consent activity
CRITICAL

Pre-Consent Activity

Forager was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps
Customer Impact

What This Means For You

Engineering teams inherit consent violation liability for generic platform tooling with unclear value proposition. Legal teams must defend privacy violations for infrastructure that likely has compliant alternatives. Budget owners pay for capability that creates risk without documented benefit.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Forager

  • Audit current Forager deployment: what functionality does it provide?
  • Contact vendor for consent-first integration documentation
  • Request technical architecture review: can functionality work post-consent?

If You're Evaluating Forager

  • Demand vendor demonstrate business necessity for pre-consent loading
  • Require contractual liability assumption for all consent violations
  • Identify replacement: what does Forager do that requires privacy violation? Find alternative.

Negotiation Leverage

  • Forager creates consent liability for generic platform functionality with no documented business necessity
  • Vendor must provide consent-first architecture or accept 100% liability for regulatory penalties
  • Generic infrastructure should not require privacy violations - request technical justification or migrate to compliant alternative
  • Current deployment exposes organization to fines for tooling that likely has privacy-safe replacements
Runtime Detections

Runtime Detections

1 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Platform infrastructure loads before user consent opportunity, creating per-visitor liability under GDPR Article 7. Generic tooling amplifies enforcement risk - regulators prioritize violations with no clear business necessity.

IOC Manifest

IOC Manifest

27 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*forager.com/static/js/menu.js*
Tracking script
TRACK
*forager.com/static/js/sub-menu.js*
Tracking script
TRACK
*forager.com/static/js/local-chat.js*
Tracking script
TRACK
forager.com/static/js/sub-menu.js
Auto-extracted from scan
TRACK
forager.com/static/js/menu.js
Auto-extracted from scan
TRACK
forager.com/static/js/local-chat.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Forager operates as platform infrastructure, competing with generic CDN/analytics frameworks. Limited differentiation observed - functionality appears replaceable with privacy-safe alternatives. No unique capability justifying consent bypass risk.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

29 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details