How This Briefing Works
This dossier opens with key findings, then maps the gap between what Leadiq discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
LeadIQ provides B2B prospecting tools that combine visitor tracking with company database enrichment to identify anonymous website visitors. Their browser extension and tracking pixels capture behavioral signals that get matched against proprietary contact databases, enabling real-time lead identification without user consent.
What This Means For You
Sales teams burn leads through premature outreach triggered by research visits. Marketing discovers prospect lists in competitor CRMs within 30 days. Legal inherits GDPR/CCPA exposure from deanonymization without consent. RevOps loses competitive advantage as visitor intelligence feeds competitor ABM strategies.
Risk Channel Breakdown
LeadIQ deanonymization corrupts funnel metrics by attributing organic research visits as sales-qualified leads. Signal corruption reaches 40/100 as competitive intelligence gathering appears as buyer intent.
80/100 CAC subsidization as LeadIQ sells visitor intelligence to data brokers and competing sales teams. Your website traffic becomes competitor prospecting seed data.
Expands attack surface
85/100 legal exposure from consent bypass (C09) combined with cross-domain sync (C08). GDPR Article 6 violations likely given processing personal data without lawful basis.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Identity stitching
Ignoring CMP signals
Device identification
PII deanonymization
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Leadiq's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →