All Vendors
dsp

Livedata

Livedata DSP platform deploys cross-domain synchronization and consent bypass mechanisms in programmatic advertising infrastructure.

82 IOCs38 detections11% pre-consent36 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Livedata discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

38 detections across 36 sites11% pre-consent activity
MEDIUM

Pre-Consent Activity

Livedata was observed loading and executing before user consent was obtained on 11% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

programmatic_tracking

HIGH
They Claim

Unknown - requires claims extraction

Observed Behavior

C08+C09 detected - cross-domain DSP with pre-consent execution

Customer Impact

What This Means For You

Advertisers using Livedata inherit cross-domain tracking and consent-timing liability. Privacy audits revealing identity synchronization and pre-consent execution create dual compliance exposures. Programmatic targeting built on non-consented cross-domain data produces legally questionable media buying.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Livedata

  • Audit Livedata cross-domain sync scope - map all domains participating in identity coordination
  • Enforce consent gate before Livedata DSP initialization
  • Document consent timestamp vs platform execution for compliance records
  • Verify programmatic bidding works with delayed post-consent loading

If You're Evaluating Livedata

  • Request Livedata technical documentation of cross-domain sync and consent integration
  • Evaluate contextual programmatic platforms eliminating identity tracking
  • Consider supply-path optimization to reduce identity resolution dependencies
  • Investigate DSP alternatives with consent-first architecture

Negotiation Leverage

  • Livedata deploys C08 cross-domain sync + C09 consent bypass - vendor must explain identity coordination
  • Demand disclosure of all domains participating in identity synchronization
  • Require consent-aware initialization capabilities - no pre-consent DSP execution
  • Negotiate opt-out of cross-domain sync if contextual targeting sufficient
  • Establish liability terms for cross-domain tracking and consent violations
Runtime Detections

Runtime Detections

2 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

57 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

EXFIL
*www.livedata.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs-fs/hub/*/file-*.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/cta/cta/current.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/hsstatic/HubspotToolsMenu/static-1.432/js/index.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/hsstatic/content-cwv-embed/static-1.*/embed.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js*
Data collection endpoint
EXFIL
*www.livedata.com/hubfs/hub_generated/module_assets/1/*/*/module_Mod_-_Animated_Hero_Banner.js*
Data collection endpoint
EXFIL
*www.livedata.com/hubfs/hub_generated/template_assets/1/*/*/template_ld19-script.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/scriptloader/*.js*
Data collection endpoint
EXFIL
*www.livedata.com/hs/cta/ctas/v2/public/cs/cta-loaded.js*
Data collection endpoint
EXFIL
www.livedata.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs-fs/hub/201659/file-29062521.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/cta/cta/current.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js
Auto-extracted from scan
EXFIL
www.livedata.com/hubfs/hub_generated/template_assets/1/10471740091/1740654654649/template_ld19-script.min.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Auto-extracted from scan
EXFIL
www.livedata.com/hubfs/hub_generated/module_assets/1/10475725252/1740956766167/module_Mod_-_Animated_Hero_Banner.min.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/scriptloader/201659.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/hsstatic/HubspotToolsMenu/static-1.432/js/index.js
Auto-extracted from scan
EXFIL
www.livedata.com/hs/cta/ctas/v2/public/cs/cta-loaded.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Operates within programmatic advertising infrastructure. Cross-domain capabilities suggest integration with ad exchanges and identity resolution networks coordinating across publisher ecosystem.
Loads (1)
Hubspot
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

82 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details