Minerva | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Minerva discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

5 detections across 3 sites60% pre-consent activity

CRITICAL

Pre-Consent Activity

Minerva was observed loading and executing before user consent was obtained on 60% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN

They Claim

“Unknown”

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Marketing teams operate under false precision illusion where Minerva-resolved identity attribution masks actual customer journey complexity and multi-touch dynamics. Revenue operations teams inherit massive consent liability from behavioral biometrics collection and cross-domain tracking that privacy policies fail to disclose. Security teams face expanded attack surface from identity synchronization infrastructure that creates single points of failure across customer data ecosystem. Legal teams confront regulatory exposure from GDPR/CPRA violations inherent in consent bypass and undisclosed biometric data processing. The platform creates permanent CAC inflation by feeding your first-party behavioral intelligence into competitor demand platforms through identity graph partnerships.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Minerva

→Conduct legal review of C06 behavioral biometrics collection against state biometric privacy laws (IL BIPA, TX, WA)
→Audit cross-domain tracking (C08) against privacy policy disclosures and CPRA third-party sharing obligations
→Query vendor: provide complete data flow diagram showing all identity graph partnerships and data cooperative arrangements
→Model consent bypass impact: quantify percentage of behavioral data collected before CMP initialization

If You're Evaluating Minerva

→Demand contractual prohibition on sharing resolved identities with third-party identity graphs and data cooperatives
→Require monthly transparency reports listing all downstream consumers of customer behavioral and identity data
→Negotiate data deletion guarantees: all behavioral profiles must be purged within 30 days of customer opt-out request
→Replace with privacy-preserving analytics (server-side implementations) that eliminate client-side identity resolution entirely

Negotiation Leverage

→Minerva identity resolution capabilities trigger GDPR DPIA requirements and CPRA sensitive PI protections. Behavioral biometrics (C06) likely violate state biometric privacy laws. Legal exposure: Our privacy counsel requires written confirmation of compliance with IL BIPA, GDPR Article 35, and CPRA 1798.121 opt-out mechanisms.
→Cross-domain tracking (C08) and consent bypass (C09) create FTC deception liability. Privacy policies disclose analytics not comprehensive identity resolution and behavioral surveillance. Regulatory risk: Provide complete list of domains where visitor behavioral data is synchronized and legal basis for processing without explicit consent.
→CAC inflation is measurable and permanent. Your identity graph partnerships sell our first-party customer intelligence to competitors. Quantify impact: What is the contractual mechanism to prohibit sharing resolved customer identities with any third-party vendors or data cooperatives?
→If vendor refuses to eliminate identity graph data sharing, demand complete platform replacement. The compliance risk from undisclosed behavioral biometrics and consent bypass mechanisms exceeds any customer experience optimization value delivered by the platform.

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures typing patterns, mouse movements, scroll behaviors, and interaction rhythms to create unique behavioral fingerprints that persist across sessions and enable identity resolution

BTI-C07Session Recording

Full session replay

Impact: Records complete interaction sessions including form inputs, navigation paths, and page engagement to build comprehensive behavioral profiles linked to resolved identities

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Synchronizes identity profiles across multiple organizational domains and third-party properties to create unified tracking infrastructure that follows users across web properties

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Loads identity resolution infrastructure before consent management platforms initialize, capturing behavioral signals regardless of user privacy choices

BTI-C14Identity Resolution

PII deanonymization

Impact: Deanonymizes website visitors by linking behavioral signals to email addresses, CRM records, and third-party identity graphs without explicit user knowledge or consent

IOC Manifest

350 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*www.minerva.com/_next/static/chunks/main-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/webpack-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/framework-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/*-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/_app-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/273-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/*/_buildManifest.js*

Tracking script

TRACK

*www.minerva.com/_next/static/*/_middlewareManifest.js*

Tracking script

TRACK

*www.minerva.com/_next/static/*/_ssgManifest.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/index-*.js*

Tracking script

TRACK

*www.minerva.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*

Tracking script

TRACK

*www.minerva.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/contact-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/saved-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/signin-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/help/%5Bslug%5D-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/910-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/cart-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/help-*.js*

Tracking script

EXFIL

*www.minerva.com/_next/data/*/saved.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/signin.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/cart.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/help.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/contact.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/help/terms-of-use.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/index.json*

Data collection endpoint

TRACK

*www.minerva.com/_next/static/chunks/pages/post/%5Bid%5D-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/hashtags/%5Bhashtag%5D-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/mp/%5BcurrencyCode%5D-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/profile/%5B...id%5D-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/306-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/666-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/490-*.js*

Tracking script

TRACK

*www.minerva.com/_next/static/chunks/pages/craft-club-*.js*

Tracking script

EXFIL

*www.minerva.com/_next/data/*/craft-club.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Minerva%2BTV.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Minerva%2BExclusive%2BSewing%2BKits.json*

Data collection endpoint

TRACK

*www.minerva.com/_next/static/chunks/*.*.js*

Tracking script

EXFIL

*www.minerva.com/_next/data/*/profile/*.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/290/My%2BLove%2BAffair%2Bwith%2BSewing.json*

Data collection endpoint

TRACK

*www.minerva.com/_next/static/chunks/pages/people-*.js*

Tracking script

EXFIL

*www.minerva.com/_next/data/*/profile/*/Hey%2BHey%2BCrochet.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Epicureanbb.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Totally%2BPinnable.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Geneva%2BGirl.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Rachel%2BSew%2BExperiment.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/The%2BQuirky%2BKiwi.json*

Data collection endpoint

TRACK

*www.minerva.com/_next/static/chunks/pages/mp/%5BcurrencyCode%5D/%5BshopId%5D/%5B...code%5D-*.js*

Tracking script

EXFIL

*www.minerva.com/_next/data/*/profile/*/Sue%2B.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/mp/USD/1/705MICB5CX60-M/705MICB5CX70.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/mp/USD/1/SDGD601-M*.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/sheilawhosews.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Looking%2Bfor%2Bthe%2Bnext%2Bproject.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/profile/*/Calcedonia%2BSewing.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/mp/USD/1/JLC*-Beige-M/JLC*-LtGrey.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/mp/USD/1/H105-M/H105.70.json*

Data collection endpoint

EXFIL

*www.minerva.com/_next/data/*/mp/USD/1/SCHD251-M*.json*

Data collection endpoint

TRACK

www.minerva.com/_next/static/chunks/webpack-7b6ed2dd07c44a8e.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/framework-3eae47c2d001ba8d.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/main-14f85a257fd34f04.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/_app-63e5405f7ad4fe42.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/1bfc9850-332c066d9243a21e.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/a37681c8-517bd38fbfee051f.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7c423974-4b98c6530189c298.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7194-24870ef889ac7cbf.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7136-38606a629f19edd5.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7134-295a0df6a4fd2855.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/5664-01987fda9de16901.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/9291-a6661fa97fe283c7.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8769-66e240a49d8b291e.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/4091-54788e03cb8f736c.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/273-7b1bc0542a65f235.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/3752-09b188a91710261e.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8339-60f7bb2cef7059a2.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/3582-da37cf6d345c02e1.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8097-ddc8bff9289c2f81.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/6640-82bf7b132b8190ac.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8695-148204270cf16935.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/5382-2e1333502c5fb484.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/9302-a4cd5dd57fa2c205.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/3683-105f86c6a24bef00.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/5755-b6e75c7f1c55330c.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/5590-43e01bc4917445f7.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/3409-b423707f0a328613.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/index-d8c607d3f72ba928.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/a145fb6e/_buildManifest.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/a145fb6e/_ssgManifest.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/a145fb6e/_middlewareManifest.js

Auto-extracted from scan

TRACK

www.minerva.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Auto-extracted from scan

TRACK

www.minerva.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/d251aa49a8a3/main.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/contact-612fb3c32efa8859.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/signin-5ee07a4a4053460d.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8521-4ccc2e359bb686a0.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/help/%5Bslug%5D-93c2a3b4a6d6db39.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/help-643b284c6e56185d.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/4321-18ed9a98beebad1c.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/6733-6e0144c859975d85.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7790-5ba5153780780133.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/cart-e82d2da03c2bc036.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/2983-21dcf34b29592690.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/910-4fac563778c960e5.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/4630-c703f1218670ca87.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/saved-9088efcfe67b5d92.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/post/%5Bid%5D-f89ea68e2b77fdb1.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/hashtags/%5Bhashtag%5D-6c7f44fb3cfb0175.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/2221-a392f6748c6c1829.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/7963-9e95df4bc24362db.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/mp/%5BcurrencyCode%5D-7feaea3acc06f094.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/666-98260abb8adcd29c.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/306-fc860a2ffdff3276.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/profile/%5B...id%5D-31adc0e103aefcd1.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/490-0d0c5e287b4548fa.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/craft-club-91bed4120253233a.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/6142.bf2f82e834a164e7.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/5066.da18deb1b58b5e37.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/people-236a913b9c419d56.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/8456-d1ebbff31e54b16f.js

Auto-extracted from scan

TRACK

www.minerva.com/_next/static/chunks/pages/mp/%5BcurrencyCode%5D/%5BshopId%5D/%5B...code%5D-c029583e2dbd1778.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Minerva typically deploys within enterprise martech stacks alongside Salesforce (CRM integration), Marketo/HubSpot (marketing automation), Segment/mParticle (CDP infrastructure), and various analytics platforms. The platform positions itself as orchestration layer that unifies customer data across systems while actually functioning as comprehensive surveillance infrastructure. Common co-deployments include identity resolution vendors (LiveRamp, Neustar), behavioral analytics tools (FullStory, Quantum Metric), and advertising platforms that consume enriched identity data. Integration architecture typically involves server-side data pipelines that bypass client-side privacy controls, enabling continuous profile enrichment regardless of browser-based consent signals.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

361 detection signatures across scripts, domains, cookies, and network endpoints