How This Briefing Works
This report opens with key findings, then maps the gaps between what LiveIntent ID Exchange discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
LiveIntent ID Exchange was observed loading and executing before user consent was obtained on 59% of sites where it was detected.
Claims vs. Observed Behavior
identity_coordination
“Unknown - requires claims extraction”
C09+C13+C14+C15 detected - comprehensive identity graph infrastructure
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use LiveIntent ID Exchange
- →IMMEDIATE: Audit complete LiveIntent ID Exchange scope - catalog identity resolution capabilities
- →Map all identifier types synchronized - email, cookies, device IDs, other
- →Verify tag manager injection scope - what can LiveIntent deploy autonomously?
- →Enforce strict consent gate - identity synchronization must not occur pre-consent
- →Document persistence mechanisms across channels and devices
If You're Evaluating LiveIntent ID Exchange
- →Evaluate newsletter monetization without identity graph participation
- →Consider contextual advertising eliminating identity resolution
- →Investigate first-party email advertising without cross-publisher identity coordination
- →Prepare LiveIntent removal plan - comprehensive identity tracking may exceed acceptable risk
Negotiation Leverage
- →LiveIntent ID Exchange deploys C09+C13+C14+C15 - vendor must explain comprehensive identity infrastructure
- →Demand complete technical disclosure of identity resolution methodology and identifier types
- →Require consent-first operation - no pre-consent identity synchronization
- →Negotiate removal of tag manager injection capabilities - require explicit approval for capability changes
- →Establish absolute liability for identity tracking violations - vendor accountability is non-negotiable
- →Consider contract termination - identity graph scope may exceed acceptable compliance risk
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Ignoring CMP signals
Long-lived identifiers
PII deanonymization
Container/loader (neutral)
IOC Manifest
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
83 detection signatures across scripts, domains, cookies, and network endpoints