How This Briefing Works
This dossier opens with key findings, then maps the gap between what Jungroup discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
1 HIGH
Briefing
Jun Group operates a video advertising and engagement platform detected across 28 deployments on 25 sites. BLACKOUT identified 7 distinct behavioral threat codes including defeat device infrastructure (C01), behavioral biometrics (C06), session recording (C07), consent bypass (C09), fingerprinting (C10), identity resolution (C14), and tag management (C15). The combination of identity resolution with an advertising network is particularly notable — ad impressions become identity collection events. With a 14% pre-consent firing rate and maximum scores for both CAC subsidization and legal tail risk, Jun Group represents significant exposure for any site deploying it.
What This Means For You
If Jun Group is deployed on your site, your visitors' behavioral data — including biometric signals and session recordings — is being collected through what appears to be a standard video ad unit. Identity resolution means your visitors are being deanonymized and that identity data potentially flows across Jun Group's 25-site network. With a 14% pre-consent firing rate, you face per-pageview consent violations for every visitor in GDPR jurisdictions. Your privacy policy likely does not disclose the full scope of data collection occurring through Jun Group's ad technology.
Risk Channel Breakdown
Signal corruption score of 25 reflects Jun Group's behavioral biometrics and session recording capabilities distorting the boundary between ad engagement measurement and user surveillance. Engagement metrics become contaminated with identity-linked behavioral data.
Maximum CAC subsidization score (100) indicates Jun Group's identity resolution capability (C14) combined with cross-site advertising presence creates a channel for competitive intelligence leakage. Ad engagement data enriched with resolved identities flows through Jun Group's network across 25 observed sites.
Expands attack surface
Maximum legal tail risk (100) driven by 14% pre-consent firing rate, consent bypass (C09), and fingerprinting (C10). Identity resolution within an ad network creates consent obligations under GDPR Art. 5(1)(a) and ePrivacy Directive that are nearly impossible to satisfy through standard ad consent flows.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Identity stitching
Ignoring CMP signals
Device identification
PII deanonymization
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Jungroup's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 4 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →