All Vendors
platform

Slides Google

Embedded presentation platform with cross-domain synchronization and pre-consent activation patterns.

28 IOCs31 detections48% pre-consent31 sites
70
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Slides Google discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

31 detections across 31 sites48% pre-consent activity
HIGH

Pre-Consent Activity

Slides Google was observed loading and executing before user consent was obtained on 48% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

disclosure

HIGH
They Claim

Pending claims extraction

Observed Behavior

Runtime detection shows C06 (behavioral biometrics), C08 (cross-domain sync), and C09 (consent bypass)

Customer Impact

What This Means For You

Revenue teams embedding presentations (product demos, investor decks, case studies) face consent timing liability from Google tracking activation. Cross-domain sync creates identity linkage between anonymous site visitors and Google user profiles. Behavioral fingerprints persist beyond opt-out requests.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Slides Google

  • Audit all embedded Google Slides for consent-gated initialization
  • Implement iframe sandboxing to prevent cross-domain sync until consent obtained
  • Review Google Workspace DPA for embedded content data handling

If You're Evaluating Slides Google

  • Document pre-consent tracking activation in Slides embeds
  • Request technical specification for disabling cross-domain sync in embedded contexts
  • Obtain written confirmation of data deletion procedures for behavioral fingerprints

Negotiation Leverage

  • Pre-consent tracking: Embedded Slides iframes activate Google analytics before consent — require technical controls to defer initialization.
  • Cross-domain sync: Slides coordinate with google.com to link user identity — negotiate opt-out from identity graph participation for embedded contexts.
  • Behavioral data retention: Interaction patterns persist in Google ecosystem — demand specific deletion timelines and verification procedures.
Runtime Detections

Runtime Detections

3 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

BTI-C08Cross-Domain Sync

Identity stitching

BTI-C09Consent Bypass

Ignoring CMP signals

IOC Manifest

IOC Manifest

16 INDICATORS

Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

No indicators in this category

Ecosystem

Ecosystem & Supply Chain

Google Slides appears in marketing/sales contexts alongside other Google Workspace tools (Docs, Sheets), Google Analytics, Google Tag Manager, and Google Ads. Embedded presentations often trigger broader Google ecosystem activation.
Loaded By (8)
Admanager GoogleGoogleanalytics4HeygenInspectletNotionPerplexitySerpstatLeadrocket
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

28 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details