How This Briefing Works
This dossier opens with key findings, then maps the gap between what Slides Google discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 34 sites
vendor fires before consent
Briefing
Google Slides operates as an embedded presentation tool that exhibits behavioral fingerprinting, cross-domain sync, and consent bypass when embedded in revenue properties. Oracle impact stems from interaction tracking within embedded presentations. Broker impact reflects cross-domain coordination with broader Google ecosystem. Counselor impact derives from iframe initialization ahead of consent collection.
What This Means For You
Revenue teams embedding presentations (product demos, investor decks, case studies) face consent timing liability from Google tracking activation. Cross-domain sync creates identity linkage between anonymous site visitors and Google user profiles. Behavioral fingerprints persist beyond opt-out requests.
Risk Channel Breakdown
Distorts attribution data
Cross-domain synchronization with Google Analytics and Ads platforms enables demand signal correlation across embedded presentation engagement.
Expands attack surface
Embedded Slides iframes initialize Google tracking infrastructure before host site consent mechanisms activate, creating pre-consent windows.
Threat Indicators
Runtime-observed (BTI-C)
Keystroke/mouse tracking
Identity stitching
Ignoring CMP signals
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Slides Google's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
3 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →