All Vendors
cmp

Sourcepoint

Sourcepoint is a consent management platform purpose-built for publishers, with an explicit dual mandate: privacy compliance AND revenue optimization. The platform helps publishers maximize consent acceptance rates through A/B testing of banner designs, copy, and timing — then monetizes that consent through ad tech integrations. This creates a fundamental conflict of interest: the consent gating tool is financially incentivized to maximize consent rates for advertising revenue rather than ensure informed visitor choice. The 'Consent or Pay' paywall model makes this explicit — visitors who reject tracking must pay for access. No behavioral threat indicators confirmed from scanner data — awaiting runtime verification. The Counselor horseman is critical: a CMP that optimizes for consent acceptance is structurally hostile to informed refusal.

77 IOCs
0
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Sourcepoint discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Analysis pending. Findings will appear here once intelligence collection is complete.

Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

Pending Analysis

UNKNOWN
They Claim

Claims extraction pending

Observed Behavior

No runtime behavioral analysis completed. CDT browser forensics needed to verify: (1) pre-consent network requests by Sourcepoint JavaScript, (2) consent banner rendering behavior and dark pattern indicators, (3) TCF string accuracy and completeness, (4) 'Consent or Pay' implementation — does tracking activate before payment confirmation, (5) A/B test data collection scope, (6) cross-publisher consent data aggregation practices.

Customer Impact

What This Means For You

Publishers deploying Sourcepoint receive a consent platform that is financially aligned with maximizing consent acceptance for ad revenue — not with protecting visitor privacy. A/B testing of consent banners means visitor consent experiences are engineered experiments optimized for conversion metrics. The 'Consent or Pay' model forces visitors to choose between surveillance and payment, potentially violating the GDPR requirement that consent be 'freely given.' If regulators determine consent-or-pay models produce invalid consent, every ad impression served under that consent becomes a violation. Publishers bear this liability, not Sourcepoint. Cross-publisher consent data aggregation gives Sourcepoint visibility into consent patterns that individual publishers cannot see — creating an information asymmetry where the CMP vendor knows more about consent behavior than its own customers.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Sourcepoint

  • Audit consent banner A/B tests for dark pattern characteristics (manipulative button placement, color, copy)
  • Review 'Consent or Pay' implementation against ICO and EDPB guidance on freely-given consent
  • Verify TCF string accuracy against actual visitor consent choices
  • Assess whether Sourcepoint's consent optimization recommendations prioritize revenue over informed choice
  • Evaluate cross-publisher consent data sharing in Sourcepoint's privacy policy

If You're Evaluating Sourcepoint

  • Independent scanner verification of pre-consent network behavior
  • Legal review of 'Consent or Pay' consent validity under GDPR 'freely given' requirement
  • Compare consent rates with and without Sourcepoint optimization to quantify manipulation effect
  • Assess alternative CMPs without revenue optimization conflicts of interest

Negotiation Leverage

  • Sourcepoint's business model creates a structural conflict: the consent tool is financially incentivized to maximize consent for ad revenue, not protect visitor choice
  • 'Consent or Pay' model is under active regulatory scrutiny — if invalidated, all consent collected under this model becomes void
  • A/B testing consent banners to maximize acceptance is consent signal engineering, not compliance
  • Cross-publisher consent data gives Sourcepoint information asymmetry over its own customers
  • Request disclosure of all A/B test metrics, consent rate optimization targets, and cross-publisher data aggregation practices
IOC Manifest

IOC Manifest

77 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*sourcepoint.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js*
Tracking script
TRACK
*sourcepoint.com/wp-content/plugins/contact-form-7/includes/js/index.js*
Tracking script
TRACK
*sourcepoint.com/wp-includes/js/dist/i18n.js*
Tracking script
TRACK
*sourcepoint.com/wp-includes/js/dist/hooks.js*
Tracking script
TRACK
*sourcepoint.com/wp-content/themes/sourcepoint/assets/js/scripts.js*
Tracking script
TRACK
*sourcepoint.com/wp-content/themes/sourcepoint/assets/js/jquery-2.2.4.js*
Tracking script
TRACK
*sourcepoint.com/_jb_static/*
Tracking script
TRACK
*sourcepoint.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*sourcepoint.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/*/main.js*
Tracking script
TRACK
*sourcepoint.com/wp-includes/js/wp-emoji-release.js*
Tracking script
TRACK
sourcepoint.com/wp-content/themes/sourcepoint/assets/js/jquery-2.2.4.min.js
Auto-extracted from scan
TRACK
sourcepoint.com/_jb_static/
Auto-extracted from scan
TRACK
sourcepoint.com/wp-content/themes/sourcepoint/assets/js/scripts.js
Auto-extracted from scan
TRACK
sourcepoint.com/wp-includes/js/dist/hooks.min.js
Auto-extracted from scan
TRACK
sourcepoint.com/wp-includes/js/dist/i18n.min.js
Auto-extracted from scan
TRACK
sourcepoint.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js
Auto-extracted from scan
TRACK
sourcepoint.com/wp-content/plugins/contact-form-7/includes/js/index.js
Auto-extracted from scan
TRACK
sourcepoint.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
sourcepoint.com/wp-includes/js/wp-emoji-release.min.js
Auto-extracted from scan
TRACK
sourcepoint.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Sourcepoint operates as consent gating infrastructure for major publisher networks, positioned at the intersection of privacy compliance and ad revenue optimization. The platform integrates with TCF v2.2 and Google's consent mode, feeding consent signals to programmatic ad exchanges, SSPs, and DSPs. Deploys across web, mobile, AMP, and OTT/CTV — covering the full publisher surface area. Case studies with The Independent and Newsquest demonstrate the 'Consent or Pay' model where privacy refusal triggers a paywall. Publisher Collective uses Sourcepoint to manage consent across a multi-publisher network, creating cross-property consent data visibility. As a CMP, Sourcepoint controls which ad tech vendors receive consent signals — its optimization decisions directly impact publisher CPMs and advertiser targeting capabilities.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

77 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details