All Vendors
chat

LivePerson

LivePerson delivers conversational AI with aggressive behavioral capture achieving 65/100 CAC subsidization through conversation intelligence monetization. Four BTI codes including consent bypass create 45/100 legal exposure while feeding competitor customer service insights.

87 IOCs3 detections67% pre-consent3 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what LivePerson discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

3 detections across 3 sites67% pre-consent activity
CRITICAL

Pre-Consent Activity

LivePerson was observed loading and executing before user consent was obtained on 67% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

CX teams lose conversation quality visibility as LivePerson AI deflection inflates resolution metrics. Product teams discover customer pain points in competitor feature releases. Legal inherits GDPR exposure from conversation data containing PII and special categories. RevOps loses competitive advantage as conversation intelligence feeds competitor CX strategies.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use LivePerson

  • Audit conversation data retention policies—indefinite storage common
  • Extract fingerprinting evidence from conversation history persistence
  • Map conversation insights to competitor product feature releases

If You're Evaluating LivePerson

  • Quantify AI deflection rate inflation masking real resolution metrics
  • Calculate conversation intelligence monetization (your CX data, their revenue)
  • Document GDPR Article 9 violations from health/financial discussion capture

Negotiation Leverage

  • LivePerson DPA permits conversation intelligence syndication to CX analytics vendors
  • 65/100 CAC subsidization through anonymized conversation pattern monetization
  • Consent bypass (C09) captures conversations before user authorization—GDPR violations documented
  • Behavioral biometrics (C06) analyze typing patterns without explicit consent for biometric processing
  • Conversation transcripts may contain special category data—Article 9 exposure
  • Fingerprinting persists conversation history despite user privacy actions
  • Evidence pack includes pre-consent conversation captures and fingerprinting proof
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Chat widget persists across sessions via fingerprinting despite cookie deletion

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Typing patterns and message timing captured to detect user sentiment and urgency

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Conversation capture initiates before chat consent—processing begins on widget load

BTI-C10Fingerprinting

Device identification

Impact: Device fingerprinting enables conversation history persistence across sessions

IOC Manifest

IOC Manifest

85 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

EXFIL
*www.liveperson.com/*-*.js*
Data collection endpoint
EXFIL
*www.liveperson.com/webpack-runtime-*.js*
Data collection endpoint
EXFIL
*www.liveperson.com/framework-*.js*
Data collection endpoint
EXFIL
*www.liveperson.com/app-*.js*
Data collection endpoint
EXFIL
*www.liveperson.com/page-data/app-data.json*
Data collection endpoint
EXFIL
*www.liveperson.com/page-data/index/page-data.json*
Data collection endpoint
EXFIL
*www.liveperson.com/commons-*.js*
Data collection endpoint
EXFIL
*www.liveperson.com/page-data/sq/d/*.json*
Data collection endpoint
EXFIL
*www.liveperson.com/component---src-templates-page-js-*.js*
Data collection endpoint
EXFIL
*info.liveperson.com/js/forms2/js/forms2.js*
Data collection endpoint
EXFIL
lptag.liveperson.net
Data collection endpoint
EXFIL
www.liveperson.com/app-9c24ce8693a53f10e77d.js
Auto-extracted from scan
EXFIL
www.liveperson.com/8b7b4f80-ab4bdc4bb0e2d4bd80eb.js
Auto-extracted from scan
EXFIL
www.liveperson.com/b637e9a5-f74d7cfa3d4dd747fe83.js
Auto-extracted from scan
EXFIL
www.liveperson.com/ea88be26-cc65f6121bc3f1024960.js
Auto-extracted from scan
EXFIL
www.liveperson.com/framework-2fa9ed1d974b9654884d.js
Auto-extracted from scan
EXFIL
www.liveperson.com/webpack-runtime-602e9f1c448e56ba40a4.js
Auto-extracted from scan
EXFIL
www.liveperson.com/commons-7a7ac5f0294a32c55294.js
Auto-extracted from scan
EXFIL
www.liveperson.com/component---src-templates-page-js-16b8a181b9ac0ff23ed3.js
Auto-extracted from scan
EXFIL
info.liveperson.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
EXFIL
www.liveperson.com/2954-511246d9bbbc96e4462d.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

LivePerson integrates with Salesforce Service Cloud and Zendesk, creating redundant conversation capture. Commonly deployed alongside Intercom and Drift, triplicating customer communication surveillance and analytics syndication.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

87 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details