How This Briefing Works
This dossier opens with key findings, then maps the gap between what Gamned discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Programmatic advertising platform that synchronizes user identities across domains before consent. Captures visitor data, syncs with ad network partners, then uses cross-site profiles for targeting. Primary risk: consent bypass + cross-domain tracking creates GDPR/ePrivacy dual violation with exponential penalty exposure.
What This Means For You
Marketing teams gain ad targeting capability but inherit exponential consent liability (per-visitor × per-sync-partner). Legal teams face GDPR dual violation: consent bypass PLUS unauthorized data transfers to third parties. Budget owners pay for advertising that creates multi-jurisdiction enforcement exposure.
Risk Channel Breakdown
Limited measurement distortion - primarily ad delivery platform. Cookie syncing may affect attribution accuracy but not core analytics.
Cross-domain identity syncing enables audience targeting and retargeting across advertising ecosystem. Visitor behavior on your site feeds competitor targeting capability.
Expands attack surface
Loads tracking and cookie-syncing infrastructure before consent banner interaction, then synchronizes identities with third-party ad networks. Creates per-visitor GDPR violation multiplied by number of sync partners.
Threat Indicators
Runtime-observed (BTI-C)
Identity stitching
Ignoring CMP signals
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Gamned's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →