How This Briefing Works
This report opens with key findings, then maps the gaps between what Hithorizons discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Hithorizons was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
Claims vs. Observed Behavior
pending
“Unknown”
Requires claims extraction via CDT
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Hithorizons
- →Demand contractual transparency on enrichment data sources and matching methodology
- →Require data processing agreement explicitly prohibiting contact data sharing across customer base
- →Implement consent-first deployment where behavioral enrichment only occurs after explicit opt-in
- →Configure CRM integration to log all enrichment data sources for GDPR Article 15 subject access requests
If You're Evaluating Hithorizons
- →Request third-party audit of consent bypass mechanisms and cross-domain tracking practices
- →Evaluate alternative enrichment providers with first-party data sources and documented consent flows
- →Consider whether enrichment accuracy (after correcting for probabilistic matching errors) justifies competitive intelligence leakage
- →Assess GDPR compliance posture with legal team before renewal given identity resolution without consent
Negotiation Leverage
- →Hithorizons VRS 80 = Broker (100) + Counselor (95) threat. Contact data sharing = competitive intelligence leakage. Demand exclusive data processing.
- →Identity resolution (BTI-C14) without consent violates GDPR transparency requirements. Contacts must be notified of enrichment; request technical remediation.
- →Cross-domain sync (BTI-C08) enables tracking across properties. Require documentation of all cookie syncing domains and data flows.
- →Behavioral biometrics (BTI-C06) appended to contact records = special category data risk. Minimize behavioral enrichment fields to reduce exposure.
- →Data cooperative model means your contact intelligence improves competitor enrichment. Negotiate data minimization or seek alternatives.
- →Ask: What enrichment data is shared across customers? How are match rate false positives handled? What is the data source documentation for GDPR compliance? Expect vague answers.
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Keystroke/mouse tracking
Impact: Mouse tracking and interaction patterns captured across web properties feed behavioral enrichment fields appended to contact records.
Identity stitching
Impact: Cookie syncing across multiple domains enables contact tracking across unrelated websites, violating privacy expectations and ePrivacy requirements.
Ignoring CMP signals
Impact: Contact enrichment continues without explicit user consent, violating GDPR transparency obligations and creating per-record violation liability.
PII deanonymization
Impact: Anonymous visitor linking to known contacts enables persistent tracking and profiling that individuals cannot detect or control.
Container/loader (neutral)
Impact: Client-side tag deployment creates third-party script execution environment enabling comprehensive contact activity capture.
IOC Manifest
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
54 detection signatures across scripts, domains, cookies, and network endpoints