Quividi | Vendor Intelligence

How This Briefing Works

This report opens with key findings, then maps the gaps between what Quividi discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

53 detections across 52 sites23% pre-consent activity

HIGH

Pre-Consent Activity

Quividi was observed loading and executing before user consent was obtained on 23% of sites where it was detected.

GDPRePrivacy

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

visual_surveillance

HIGH

They Claim

“Pending claims extraction”

Observed Behavior

Runtime shows vision-based tracking active before consent with session recording

Customer Impact

What This Means For You

Marketing teams gain visual engagement analytics but inherit surveillance methodology liability. Legal teams face exposure from vision-based tracking combined with consent bypass. Security teams must evaluate novel attack surface from computer vision infrastructure on web properties.

Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Quividi

→Verify vision analytics scope and methodology in web deployment
→Audit consent timing for ALL tracking components
→Map data flow from vision analytics to external platforms

If You're Evaluating Quividi

→Require technical documentation of computer vision methodology in web context
→Demand consent-first activation with visual tracking disabled pre-consent
→Evaluate conventional heatmap alternatives without surveillance heritage

Negotiation Leverage

→C07+C09: Demand DPA provisions requiring consent before ANY visual/behavioral tracking
→Request disclosure of computer vision methodology applied to web properties
→Require audit rights covering session recording scope and visual data retention
→If physical+digital deployment: Negotiate separate consent frameworks for each context

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C07Session Recording

Full session replay

BTI-C09Consent Bypass

Ignoring CMP signals

BTI-C15Tag Manager

Container/loader (neutral)

IOC Manifest

196 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK

*quividi.com/wp-content/plugins/archives-calendar-widget/admin/js/jquery.arcw-init.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/arcw-popover-addon//js/arcw-popover.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/jquery/jquery-migrate.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/jquery/jquery.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/category-to-pages-wud/js/jquery.ctp_wud_min.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/category-to-pages-wud/js/cat-to-page.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js*

Tracking script

TRACK

*quividi.com/wp-content/themes/generatepress/js/menu.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/gp-premium/menu-plus/functions/js/sticky.js*

Tracking script

TRACK

*quividi.com/wp-content/themes/generatepress/js/a11y.js*

Tracking script

TRACK

*quividi.com/wp-content/themes/generatepress/js/back-to-top.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/imagesloaded.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/wp-gallery-custom-links/wp-gallery-custom-links.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/webpack.runtime.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/frontend-modules.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/dist/hooks.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/frontend.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/dist/i18n.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/frontend.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/jquery/ui/core.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/text-editor.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/video.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor/assets/js/counter.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/popup.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/form.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/posts.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-content/plugins/elementor-pro/assets/js/load-more.*.bundle.js*

Tracking script

TRACK

*quividi.com/wp-includes/js/wp-emoji-release.js*

Tracking script

TRACK

quividi.com/wp-includes/js/jquery/jquery.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/jquery/jquery-migrate.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/arcw-popover-addon//js/arcw-popover.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/archives-calendar-widget/admin/js/jquery.arcw-init.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/category-to-pages-wud/js/cat-to-page.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/category-to-pages-wud/js/jquery.ctp_wud_min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/gp-premium/menu-plus/functions/js/sticky.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/duracelltomi-google-tag-manager/dist/js/gtm4wp-form-move-tracker.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/themes/generatepress/js/menu.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/themes/generatepress/js/a11y.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/themes/generatepress/js/back-to-top.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/imagesloaded.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/wp-gallery-custom-links/wp-gallery-custom-links.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/add-search-to-menu/public/js/ivory-search.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/dist/hooks.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/dist/i18n.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/jquery/ui/core.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/frontend.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/text-editor.c084ef86600b6f11690d.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/video.4343afefd25b5ede51a4.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor/assets/js/counter.12335f45aaa79d244f24.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/load-more.8b46f464e573feab5dd7.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/posts.aec59265318492b89cb5.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/form.5fb35271b8ba3fb1e7d6.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-content/plugins/elementor-pro/assets/js/popup.f7b15b2ca565b152bf98.bundle.min.js

Auto-extracted from scan

TRACK

quividi.com/wp-includes/js/wp-emoji-release.min.js

Auto-extracted from scan

Ecosystem

Ecosystem & Supply Chain

Quividi bridges physical and digital surveillance. Web deployment often connects to broader vision analytics infrastructure. Co-deployed with heatmap tools (Hotjar, Crazy Egg) and session recording platforms, creating redundant surveillance layer with unique computer vision methodology.

Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

199 detection signatures across scripts, domains, cookies, and network endpoints