How This Briefing Works
This dossier opens with key findings, then maps the gap between what Journey discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Journey provides visual customer journey mapping and analytics through JavaScript tracking that captures every user interaction across sessions and devices. Their platform reconstructs complete user paths from anonymous visitor to converted customer, creating granular behavioral profiles that persist indefinitely.
What This Means For You
Product teams discover journey insights appearing in competitor product updates within 60 days. Marketing attributes all conversions to Journey-optimized paths, masking channel effectiveness. Legal inherits GDPR exposure from indefinite behavioral data retention. RevOps loses pricing power as anonymized journey data reveals willingness-to-pay signals.
Risk Channel Breakdown
Journey journey reconstruction corrupts attribution by claiming credit for all touchpoints in conversion paths. Signal corruption reaches 25/100 as organic discovery gets attributed to Journey-tracked sequences.
Journey monetizes anonymized journey patterns to analytics vendors and consultancies, achieving 90/100 CAC subsidization. Your competitive moat data becomes industry benchmark reports.
Expands attack surface
Session recording (C07) combined with fingerprinting (C10) creates 60/100 legal exposure. GDPR Article 5 data minimization violations likely given indefinite journey storage.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Device identification
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Journey's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Claims 0, observed 2
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →