Madington | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Madington discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

1 detection across 1 site100% pre-consent activity

CRITICAL

Pre-Consent Activity

Madington was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

ad_biometrics

HIGH

They Claim

“Unknown - requires claims extraction”

Observed Behavior

C06+C09 detected - behavioral advertising surveillance

Customer Impact

What This Means For You

Publishers and advertisers using Madington inherit behavioral surveillance liability. Biometric tracking in advertising context creates consent and disclosure requirements beyond basic ad serving. Pre-consent execution compounds compliance exposure. Ad intelligence derived from non-consented behavioral surveillance produces legally questionable insights.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Madington

→Audit Madington behavioral biometric scope - document interaction patterns captured
→Enforce consent gate before Madington initialization to address C09 bypass
→Verify if behavioral capabilities can be disabled while maintaining core ad delivery
→Assess regulatory classification - does biometric tracking constitute special category data?

If You're Evaluating Madington

→Request Madington technical documentation of behavioral monitoring purposes
→Evaluate advertising platforms without behavioral biometrics
→Consider contextual advertising eliminating behavioral tracking
→Investigate if Madington offers privacy-preserving deployment mode

Negotiation Leverage

→Madington deploys C06+C09 - vendor must explain behavioral surveillance in advertising platform
→Demand complete disclosure of behavioral biometric monitoring purposes and data retention
→Require consent-first operation - no pre-consent advertising surveillance
→Negotiate opt-out of behavioral features if not essential to ad delivery
→Establish liability terms for biometric surveillance and consent violations

Runtime Detections

2 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

53 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*madington.com/_next/static/m3JqoSIFqmYWyh0QEiLdt/_buildManifest.js*

Tracking script

TRACK

*madington.com/_next/static/m3JqoSIFqmYWyh0QEiLdt/_ssgManifest.js*

Tracking script

TRACK

*madington.com/_next/static/chunks/pages/index-*.js*

Tracking script

TRACK

*madington.com/_next/static/chunks/webpack-*.js*

Tracking script

TRACK

*madington.com/_next/static/chunks/pages/_app-*.js*

Tracking script

TRACK

*madington.com/_next/static/chunks/main-*.js*

Tracking script

TRACK

*madington.com/_next/static/chunks/framework-*.js*

Tracking script

TRACK

*madington.com/js/script.local.outbound-links.js*

Tracking script

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/index.json*

Data collection endpoint

TRACK

*madington.com/_next/static/chunks/pages/%5B...slug%5D-*.js*

Tracking script

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/audience/publisher.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/audience/advertiser.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/articles.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/station.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/articles/madington-station-dco-cutting-production-time.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/articles/how-ai-and-attention-are-shaping-madington-station.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/articles/a-new-chapter-at-madington.json*

Data collection endpoint

EXFIL

*madington.com/_next/data/m3JqoSIFqmYWyh0QEiLdt/projects/cut-carbon.json*

Data collection endpoint

TRACK

madington.com/_next/static/chunks/webpack-329ae59307e5a5ed.js

Auto-extracted from scan

TRACK

madington.com/_next/static/chunks/framework-fae63b21a27d6472.js

Auto-extracted from scan

TRACK

madington.com/_next/static/chunks/main-6e8c691bc5052a2a.js

Auto-extracted from scan

TRACK

madington.com/_next/static/chunks/pages/_app-a450570bcc935624.js

Auto-extracted from scan

TRACK

madington.com/_next/static/chunks/pages/index-dbc49f524b057ed8.js

Auto-extracted from scan

TRACK

madington.com/_next/static/m3JqoSIFqmYWyh0QEiLdt/_buildManifest.js

Auto-extracted from scan

TRACK

madington.com/_next/static/m3JqoSIFqmYWyh0QEiLdt/_ssgManifest.js

Auto-extracted from scan

TRACK

madington.com/js/script.local.outbound-links.js

Auto-extracted from scan

TRACK

madington.com/_next/static/chunks/pages/%5B...slug%5D-28db236b0e051f88.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Operates within digital advertising delivery infrastructure. Behavioral capabilities suggest advanced attribution or fraud detection, but deployment creates privacy implications beyond standard ad serving.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

62 detection signatures across scripts, domains, cookies, and network endpoints