How This Briefing Works
This report opens with key findings, then maps the gaps between what Snowflake discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
1 detection across 1 site100% pre-consent activity
CRITICAL
Pre-Consent Activity
Snowflake was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
GDPRePrivacy
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Unknown”
Observed Behavior
Requires claims extraction via CDT
Customer Impact
What This Means For You
Snowflake Data Marketplace and Clean Rooms enable competitors to match your customer behavioral data through "privacy-preserving" collaboration. Your customer event streams become training data for competitive propensity models. Perfect CAC subsidization score reflects platform architecture designed to monetize cross-organization data sharing while claiming privacy protection.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Snowflake
- →Audit Data Marketplace participation - verify your customer data is not syndicated to any external organizations
- →Review Data Clean Room agreements - confirm no competitive intelligence sharing occurs
- →Implement data retention limits - Snowflake enables indefinite storage creating unlimited GDPR liability
- →Verify consent architecture - behavioral events must not flow to warehouse before explicit opt-in
If You're Evaluating Snowflake
- →On-premise data warehousing with no cross-organization sharing capabilities
- →Cloud warehousing with contractual Data Marketplace exclusion
- →First-party CDP with explicit data sharing controls and retention limits
Negotiation Leverage
- →Perfect CAC subsidization (100) reflects Data Marketplace architecture - demand contractual exclusion from ALL data syndication
- →Perfect legal tail risk (100) indicates consent bypass for cross-org sharing - DPA must include unlimited indemnification
- →Data Clean Rooms enable competitive intelligence masquerading as privacy tech - verify no competitor data matching occurs
- →Indefinite retention via warehousing violates GDPR Article 5 - confirm automated deletion schedules
- →Platform monetizes cross-organization data sharing - pricing should reflect opt-out from Marketplace participation
- →Snowflake infrastructure enables privacy violations at scale - standard DPA terms are inadequate
Runtime Detections
Runtime Detections
7 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
BTI-C07Session Recording
Full session replay
BTI-C08Cross-Domain Sync
Identity stitching
Impact: Data Clean Rooms enable cross-organization customer matching without user knowledge. Constitutes large-scale profiling under GDPR Article 35 requiring DPIA.
BTI-C09Consent Bypass
Ignoring CMP signals
Impact: Behavioral event collection flows to Snowflake before consent mechanisms. Data syndication via Marketplace occurs without customer notification. Creates strict liability under Article 6.
BTI-C10Fingerprinting
Device identification
BTI-C15Tag Manager
Container/loader (neutral)
Impact: Snowflake data warehousing enables indefinite retention of behavioral data without consent expiration. Creates unlimited liability accumulation and violates GDPR Article 5(1)(e) storage limitation.
IOC Manifest
IOC Manifest
203 INDICATORS
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.snowflake.com/etc/cloudsettings.kernel.js/conf/snowflake-site/settings/cloudsettings/legacy/contexthub*
Tracking script
TRACK
*www.snowflake.com/home/users/w/wn1vWm4A9wuqz6sNX8bR.infinity.json*
Tracking script
TRACK
*www.snowflake.com/content/snowflake-site/global/geolocation.json*
Tracking script
EXFIL
*www.snowflake.com/content/snowflake-site/global/en/_jcr_content/contexthub.pagedata.json*
Data collection endpoint
TRACK
*www.snowflake.com/conf/snowflake-site/settings/wcm/segments.seg.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react.lc-*-lc.js*
Tracking script
TRACK
*www.snowflake.com/content/snowflake-site/global.model.json*
Tracking script
TRACK
*www.snowflake.com/content/snowflake-site/global/en.model.json*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/language.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs46.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs406.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs282.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/lottie.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs168.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/components.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs56.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs390.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs142.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs246.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/*.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs280.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/gsap-loader.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/mega-nav.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs184.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs210.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs8.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs50.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs52.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/content/dam/snowflake-site/general/gifs-animated-assets/lottie/snowflake-intelligence-desktop.json*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/logo.*.chunk.js*
Tracking script
TRACK
*www.snowflake.com/content/dam/snowflake-site/general/gifs-animated-assets/lottie/mobile-search.json*
Tracking script
TRACK
*www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs388.*.chunk.js*
Tracking script
TRACK
www.snowflake.com/etc/cloudsettings.kernel.js/conf/snowflake-site/settings/cloudsettings/legacy/contexthub
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react.lc-6b6b542d1f4eb3a4b112a6dc0322b4e9-lc.min.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/language.806aae52.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs142.24c6770d.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs406.b8526066.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs280.beb4d48c.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs282.9d4eb048.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs46.fdf417b7.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/components.dcf431e1.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/mega-nav.7a4fcf56.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs168.0fd2647a.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs56.c4483cb9.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs184.0fa63b25.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/8062.7963b214.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/lottie.9457485f.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs390.9d7e5537.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/gsap-loader.fba76fae.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs246.afd2f799.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs210.ef34ef69.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs8.b8120adf.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs50.b94a882c.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs52.896f998e.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/logo.0b0347b6.chunk.js
Auto-extracted from scan
TRACK
www.snowflake.com/etc.clientlibs/snowflake-site/clientlibs/clientlib-react/resources/static/js/svgs388.8a6f7440.chunk.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Central data infrastructure for enterprise. Data Marketplace enables cross-organization sharing. Data Clean Rooms facilitate competitive intelligence collaboration masked as privacy-preserving analytics.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
218 detection signatures across scripts, domains, cookies, and network endpoints