All Vendors
tag_manager

Sequel Video

Tag management platform with session recording and consent bypass. Maximum legal tail risk from orchestrating third-party tracking before consent collection.

77 IOCs5 detections100% pre-consent5 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Sequel Video discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

5 detections across 5 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Sequel Video was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Unknown

Observed Behavior

Requires claims extraction via CDT

Customer Impact

What This Means For You

Tag manager enables pre-consent firing of 10-50 third-party vendors, creating independent GDPR violations for each. If regulatory enforcement targets your tag stack, liability compounds across all managed vendors. Meanwhile, your tag optimization strategies (which vendors load first, conditional firing logic) train Sequel recommendations used by competitors.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Sequel Video

  • Audit tag firing sequence - verify NO tags fire before consent collection
  • Implement consent-first architecture - all tags must be blocked until explicit opt-in
  • Request tag configuration data segregation - your implementation should not train competitor recommendations
  • Replace tag manager with server-side GTM or consent-aware alternative

If You're Evaluating Sequel Video

  • Google Tag Manager Server-Side with consent mode enforcement
  • Segment.io with consent management integration
  • First-party event collection without third-party tag managers

Negotiation Leverage

  • Perfect legal tail risk (100) reflects pre-consent tag firing - DPA must include unlimited indemnification for ALL downstream vendor violations
  • Tag manager creates multiplied liability across entire vendor stack - confirm consent enforcement guarantees
  • Session recording captures PII and form data - verify filtering mechanisms exist
  • Cross-customer tag analytics means your implementation trains competitors - demand data segregation
  • Platform enables compliance violations by design - pricing should reflect regulatory risk transfer
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Mouse tracking and interaction patterns constitute biometric data under Article 9, requiring explicit consent unavailable in tag manager context.

BTI-C07Session Recording

Full session replay

Impact: Tag manager session recording captures all page interactions including form fills and PII entry, creating GDPR Article 32 security violations.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tag manager fires third-party vendors before consent banner interaction. Every pre-consent tag creates independent GDPR Article 6 violation with €20M/4% revenue penalty exposure.

BTI-C10Fingerprinting

Device identification

IOC Manifest

IOC Manifest

75 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*sequel.io/wp-content/plugins/wp-smush-pro/app/assets/js/smush-detector.js*
Tracking script
TRACK
*sequel.io/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/app.b1d693.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/rive.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/scrolltrigger.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/gsap.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/alpine.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/splittext.js*
Tracking script
TRACK
*sequel.io/wp-content/themes/sequelio/public/js/swiper.js*
Tracking script
TRACK
sequel.io
Tracking script
TRACK
prod-assets.sequelvideo.com
Tracking script
TRACK
sequel.io/wp-content/plugins/wp-smush-pro/app/assets/js/smush-detector.min.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/app.b1d693.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/rive.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/alpine.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/gsap.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/scrolltrigger.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/splittext.js
Auto-extracted from scan
TRACK
sequel.io/wp-content/themes/sequelio/public/js/swiper.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Manages deployment of analytics, advertising, and marketing tags. Shares tag performance data across customer base. Integrates with consent management platforms (often ineffectively).
Loads (5)
LinkedinRb2bZoominfoSalesloftApollo Io
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

77 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details