LinkedIn Ads | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what LinkedIn Ads discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

340 detections across 217 sites1% pre-consent activity

MEDIUM

Pre-Consent Activity

LinkedIn Ads was observed loading and executing before user consent was obtained on 1% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

professional_network_tracking

HIGH

They Claim

“Unknown - requires claims extraction”

Observed Behavior

C06+C07+C09+C13 detected - comprehensive LinkedIn advertising surveillance

Customer Impact

What This Means For You

B2B advertisers using LinkedIn Ads inherit multi-vector surveillance liability. Behavioral and recording capabilities combined with professional identity linkage create amplified privacy exposure. Pre-consent execution compounds compliance risk. Campaign intelligence derived from non-consented comprehensive tracking produces legally questionable attribution. Professional audience surveillance creates reputational risk beyond regulatory exposure.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use LinkedIn Ads

→Audit LinkedIn Ads behavioral and recording scope on your properties
→Map persistence mechanisms - cookies, LinkedIn identity linkage, fingerprinting
→Verify session recording extent for LinkedIn-sourced traffic
→Enforce consent gate before LinkedIn pixel/tracking initialization
→Document consent timestamp vs LinkedIn Ads execution for compliance

If You're Evaluating LinkedIn Ads

→Request LinkedIn technical documentation of surveillance capabilities
→Evaluate if behavioral/recording features can be disabled while maintaining conversion tracking
→Consider LinkedIn Campaign Manager server-side conversion tracking
→Investigate alternative B2B advertising with less surveillance infrastructure

Negotiation Leverage

→LinkedIn Ads deploys C06+C07+C09+C13 - requires disclosure of comprehensive surveillance capabilities
→Demand technical documentation of behavioral biometrics, session recording, persistence mechanisms
→Require consent-first operation - negotiate delayed pixel initialization
→Establish liability allocation - LinkedIn as processor must share compliance responsibility
→Negotiate opt-out of advanced tracking while maintaining basic conversion measurement

Runtime Detections

8 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C10Fingerprinting

Device identification

BTI-C13Persistence Mechanisms

Long-lived identifiers

BTI-C14Identity Resolution

PII deanonymization

IOC Manifest

61 INDICATORS

Indicators of compromise across 6 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/artdeco.min.LIHASH*.js*

Tracking script

TRACK

*business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/runtime/runtime.min.LIHASH*.js*

Tracking script

TRACK

*business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/foundation/foundation.min.LIHASH*.js*

Tracking script

TRACK

*business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/vendor/vendor.min.LIHASH*.js*

Tracking script

TRACK

*business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/app/app.min.LIHASH*.js*

Tracking script

TRACK

*platform.linkedin.com/litms/utag/microsites-other/utag.js*

Tracking script

TRACK

*platform.linkedin.com/litms/utag/microsites-other/utag.282.js*

Tracking script

TRACK

*platform.linkedin.com/litms/utag/microsites-other/utag.238.js*

Tracking script

TRACK

*platform.linkedin.com/litms/vendor/bing/bat.js*

Tracking script

TRACK

snap.licdn.com/li.lms-analytics

Tracking script

TRACK

business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/artdeco.min.LIHASHb6f952127c6c3b30b363e4b4880add19.js

Auto-extracted from scan

TRACK

business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/runtime/runtime.min.LIHASHcd96c3cf64d9704211aa991d0e58e6d4.js

Auto-extracted from scan

TRACK

business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/foundation/foundation.min.LIHASHb399fbb2846fd09e5c5b6a0d7beb7e08.js

Auto-extracted from scan

TRACK

business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/vendor/vendor.min.LIHASH36cf8fb69b0b185206dd80ea7c2495d0.js

Auto-extracted from scan

TRACK

business.linkedin.com/etc.clientlibs/settings/wcm/designs/gandalf/embed/app/app.min.LIHASHcc4e88c46b5687f96b851fffad32f201.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Operates within LinkedIn advertising and professional network infrastructure. Integration with LinkedIn identity graph creates professional profile linkage. Persistence mechanisms suggest cross-device or cross-session correlation capabilities.

Commonly Deployed With

Googletagmanager Googleanalytics4 Doubleclick Metapixel Hubspot Bing Ads Clarity Twitter Pixel Google Ads Onetrust

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

64 detection signatures across scripts, domains, cookies, and network endpoints