All Vendors
advertising

Lgads

Lgads advertising platform deploys behavioral biometrics, session recording, and consent bypass in ad delivery infrastructure.

71 IOCs4 detections100% pre-consent3 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Lgads discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

4 detections across 3 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Lgads was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

ad_surveillance

HIGH
They Claim

Unknown - requires claims extraction

Observed Behavior

C06+C07+C09 detected - advertising surveillance beyond standard ad serving

Customer Impact

What This Means For You

Publishers and advertisers using Lgads inherit behavioral surveillance liability. Session recording in advertising context creates consent and disclosure requirements beyond basic ad tracking. Pre-consent execution compounds compliance exposure. Ad intelligence derived from non-consented comprehensive surveillance produces legally questionable insights.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Lgads

  • Audit Lgads behavioral and recording scope - verify surveillance extent
  • Document session recording on ad placements and landing pages
  • Enforce consent gate before Lgads initialization to address C09 bypass
  • Verify if behavioral/recording capabilities can be disabled while maintaining core ad serving
  • Assess regulatory classification - does recording constitute special category data?

If You're Evaluating Lgads

  • Request Lgads technical documentation of surveillance capabilities
  • Evaluate advertising platforms without behavioral biometrics or session recording
  • Consider contextual advertising eliminating behavioral tracking
  • Investigate if Lgads offers privacy-preserving deployment mode

Negotiation Leverage

  • Lgads deploys C06+C07+C09 - vendor must explain surveillance in advertising platform
  • Demand complete disclosure of behavioral monitoring and session recording purposes
  • Require consent-first operation - no pre-consent ad surveillance
  • Negotiate opt-out of behavioral/recording features if not essential to ad delivery
  • Establish liability terms for surveillance capabilities and consent violations
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

65 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/combobox.js*
Tracking script
TRACK
*lgads.tv/wp-content/plugins/search-filter-pro/assets-v1/frontend/app.js*
Tracking script
TRACK
*lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/date-picker.js*
Tracking script
TRACK
*lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/checkbox.js*
Tracking script
TRACK
*lgads.tv/wp-includes/js/jquery/jquery-migrate.js*
Tracking script
TRACK
*lgads.tv/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*lgads.tv/wp-content/plugins/search-filter-pro/assets-v1/frontend/components/range.js*
Tracking script
TRACK
*lgads.tv/wp-content/themes/lgads/assets/js/scripts.js*
Tracking script
TRACK
*lgads.tv/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*lgads.tv/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
*lgads.tv/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
lgads.tv/wp-content/plugins/search-filter-pro/assets-v1/frontend/app.js
Auto-extracted from scan
TRACK
lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/combobox.js
Auto-extracted from scan
TRACK
lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/checkbox.js
Auto-extracted from scan
TRACK
lgads.tv/wp-content/plugins/search-filter/assets-v1/frontend/components/date-picker.js
Auto-extracted from scan
TRACK
lgads.tv/wp-content/plugins/search-filter-pro/assets-v1/frontend/components/range.js
Auto-extracted from scan
TRACK
lgads.tv/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
lgads.tv/wp-includes/js/jquery/jquery-migrate.min.js
Auto-extracted from scan
TRACK
lgads.tv/wp-content/themes/lgads/assets/js/scripts.js
Auto-extracted from scan
TRACK
lgads.tv/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
lgads.tv/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
lgads.tv/cdn-cgi/challenge-platform/h/b/scripts/jsd/7f3d2ee44814/main.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Operates within digital advertising delivery infrastructure. Behavioral and recording capabilities suggest advanced attribution or fraud detection, but deployment creates privacy implications beyond standard ad serving.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

71 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details