How This Briefing Works
This report opens with key findings, then maps the gaps between what Global discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Global was observed loading and executing before user consent was obtained on 20% of sites where it was detected.
Claims vs. Observed Behavior
Pending Analysis
“Claims extraction pending”
CDT analysis required for Terms of Service and privacy disclosures
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Global
- →Audit Global CDN Terms for fingerprinting data collection and cross-customer sharing provisions
- →Review privacy policy for CDN fingerprinting disclosures to users
- →Assess consent banner load order vs. first CDN resource request
If You're Evaluating Global
- →Alternative CDN providers with minimal client-side tracking footprint
- →Self-hosted CDN options to eliminate third-party surveillance dependency
- →Resource loading architecture that defers Global CDN until post-consent
Negotiation Leverage
- →Global CDN Terms lack clear restrictions on fingerprinting data retention or cross-customer identity resolution
- →Behavioral tracking embedded in CDN not disclosed in customer documentation, discovered via scanner detection
- →Pre-consent fingerprinting creates liability that standard CDN contract does not address
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Impact: Global CDN scripts employ obfuscation methods to conceal tracking activity embedded within content delivery functions.
Keystroke/mouse tracking
Impact: Captures timing patterns and interaction signatures during resource loading for user profiling beyond CDN performance metrics.
Full session replay
Impact: Records page activity and resource load sequences beyond functional CDN requirements.
Ignoring CMP signals
Impact: Fingerprinting initiates on first CDN request, before consent banner interaction or user authorization.
Device identification
Impact: Collects browser and device fingerprints tied to CDN resource requests, creating persistent identifier across customer sites.
PII deanonymization
Impact: Links device fingerprints across Global CDN customer network, enabling cross-site user tracking under guise of infrastructure.
IOC Manifest
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
76 detection signatures across scripts, domains, cookies, and network endpoints