How This Briefing Works
This dossier opens with key findings, then maps the gap between what Koddi discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Koddi provides white-label DSP technology for travel and e-commerce verticals, operating real-time bidding infrastructure that processes behavioral signals across millions of auctions daily. Their platform captures granular user intent data from bid stream participation, creating persistent profiles that inform competitor targeting strategies.
What This Means For You
Media buyers lose competitive advantage as bid strategies leak through auction participation. Data teams discover targeting segments in competitor campaigns within hours. Legal inherits maximum GDPR/CCPA exposure from bid stream data sharing. CFO faces direct revenue leakage as every auction subsidizes competitor intelligence gathering.
Risk Channel Breakdown
Koddi bid stream participation corrupts attribution by exposing user intent signals to all auction participants. Signal corruption reaches 40/100 as competitor bids reveal your targeting strategies.
Perfect 100/100 CAC subsidization as every Koddi auction exposes user behavioral data to competing bidders. Your targeting intelligence becomes competitor lookalike model training data.
Expands attack surface
Maximum 100/100 legal exposure from consent bypass (C09) combined with cross-domain sync (C08). GDPR Article 6 violations certain given bid stream data sharing without user awareness.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Identity stitching
Ignoring CMP signals
Device identification
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Koddi's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →