QA mode · Tier:PUBLIC(override via ?tier=paid | premium)
← All Vendors
identity_resolution
LiveRamp

LiveRamp

Core identity resolution infrastructure powering 92% of the advertising ecosystem — yet deploys Clearbit (competitor identity resolution) and Criteo (retargeting) on their own website. 10 vendors fire pre-consent. Discloses 5 subprocessors while 21+ are detected at runtime.

12 IOCs observed14 detections7% pre-consent12 sites
90
Vendor Risk Score
Tier: HOSTILE
Observation Coverage

BLACKOUT observes runtime behavior in the browser. This dossier reflects browser-side execution, which is one of five vendor data-egress classes. Server-to-server transfers, backend integrations, and offline data flows are outside this observation boundary.

BLACKOUT observes runtime behavior and cites the regulations that address that behavior pattern. Legal determinations are the customer's counsel's call.

How This Briefing Works

This dossier opens with key findings, then maps the gap between what LiveRamp discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.

Key Findings

At a Glance

Detections
14

across 12 sites

Pre-Consent Rate
7%

vendor fires before consent

Disclosure Gaps
4

2 CRIT · 1 HIGH

Claims-vs-Reality Classified
BTI-X01BTI-X02BTI-X04BTI-X05BTI-X08
Summary

Briefing

LiveRamp is a publicly-traded identity resolution and data connectivity platform (NYSE: RAMP), formerly Acxiom, headquartered in San Francisco. As a core infrastructure provider enabling cross-device identity matching and audience targeting across 92% of the advertising ecosystem, LiveRamp occupies a central position in the ad-tech supply chain. Critical finding: LiveRamp deploys Clearbit (a competitor identity resolution vendor) and Criteo (retargeting) on their own website, with 10 vendors firing pre-consent. This represents a significant gap between their stated "consumer privacy is a priority" position and observable runtime behavior. An identity resolution company using rival identity resolution on their own visitors raises serious questions about data practices.

Customer Impact

What This Means For You

If LiveRamp powers your identity resolution and audience targeting, you are trusting the backbone of 92% of the advertising ecosystem. LiveRamp discloses only 5 subprocessors (AWS, GCP, Snowflake, Azure, Cognizant) while 21+ vendors are detected at runtime on liveramp.com — including Clearbit, a competitor identity resolution vendor owned by HubSpot. Under GDPR Art 28, this material subprocessor gap means you cannot verify the full data processing chain. LiveRamp's deployment of Clearbit on their own site means marketers evaluating LiveRamp are being identified by a competing identity platform, raising questions about data practice symmetry. With 600+ advertiser connections, your audience data flows through the largest identity resolution network — any systemic privacy gap has industry-wide implications.

Collapse Engine

Risk Channel Breakdown

Oracle
Truth Collapse
25

LiveRamp sits at the heart of marketing measurement infrastructure - their identity graph connects first-party data to advertising platforms. When their own measurement practices include undisclosed vendors, it raises questions about data leakage to competitors and corrupted attribution chains. Using Clearbit on their own site means visitor intelligence potentially flows to a competing identity vendor.

Broker
Control Collapse
100

As a data connectivity platform that enables audience sharing across 600+ advertisers, LiveRamp has extensive visibility into demand signals. Their use of Clearbit (owned by HubSpot) on their own site potentially exposes intent data about prospective customers to a competitor ecosystem. Marketers evaluating LiveRamp are being identified and potentially retargeted by competing platforms.

Reaper
Safety Collapse
0

LiveRamp processes identity data at massive scale. The disconnect between their compliance certifications (SOC2, GDPR, CCPA) and pre-consent tracking behavior on their own properties creates regulatory exposure for customers who rely on LiveRamps stated compliance posture. If LiveRamp cannot maintain compliant behavior on properties they control, questions arise about their data handling for customer data.

Counselor
Legitimacy Collapse
100

LiveRamp claims SOC2 Type II, GDPR, and CCPA compliance while operating a website that fires 10 vendors pre-consent including identity resolution and retargeting. This creates consent divergence - users who reject tracking via their Ketch CMP may still have data captured by pre-consent vendors. The subprocessor list discloses only 5 infrastructure vendors while runtime shows 21+ third parties receiving data.

BTI Codes

Threat Indicators

Runtime-observed (BTI-C)

BTI-C01
Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06
Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07
Session Recording

Full session replay

BTI-C09
Consent Bypass

Ignoring CMP signals

BTI-C10
Fingerprinting

Device identification

BTI-C14
Identity Resolution

PII deanonymization

BTI-C15
Tag Manager

Container/loader (neutral)

Claims-vs-Reality (BTI-X)

BTI-X01
Undisclosed Party

Not in privacy policy

BTI-X02
Undisclosed Sharing

Hidden data recipients

BTI-X04
Marketing Mismatch

Behavior contradicts marketing

BTI-X05
Compliance Claim Mismatch

False certification claims

BTI-X08
Scope Creep

Collection exceeds disclosed scope

5
BTI Consequences Identified

Per-code narrative explanations of what each detected behavior means for your organization

Available in VIDB Subscription

Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →

Disclosure Gaps

Claims vs. Reality

4
Gaps Observed
2 CRITICAL1 HIGH1 MEDIUM

BLACKOUT analyzed LiveRamp's public claims against observed runtime behavior and identified 4 contradictions.

BTI-X01BTI-X02BTI-X04BTI-X05BTI-X08
Featured Gap
Subprocessor Disclosure
CRITICAL
They Claim

"Subprocessor list shows 5 vendors (AWS, GCP, Snowflake, Azure, Cognizant)"

BLACKOUT Observed

Runtime scan detects 21+ third-party vendors receiving data including Clearbit, Criteo, Marketo, Salesloft, Bizible, Wistia, TrenDemon, Pubrio, Intellimize

3 more gaps — with regulatory citations and evidence pointers — available with subscription.

Available in VIDB Subscription

Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →

Recommended Actions

What To Do

Recommended Actions
10

5 for current users · 5 for evaluators

Negotiation Leverage
5

contractual leverage points

Available in VIDB Subscription

Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →

Ecosystem

Supply Chain & Pairings

Subprocessor Disclosure Gap
0undisclosed

Claims 5, observed 5

Commonly Paired With
10

rubicon, googletagmanager, googleanalytics4

Available in VIDB Subscription

Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →

Profile: liverampFirst Seen: 2026-01-03Last Updated: 2026-01-22