How This Briefing Works
This dossier opens with key findings, then maps the gap between what Summit discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 1 sites
vendor fires before consent
Briefing
Summit provides virtual event infrastructure with attendee behavioral tracking and engagement analytics. Detected BTI codes indicate session recording (C07), behavioral biometrics (C06), cross-domain sync (C08), fingerprinting (C10), persistence (C15), and defeat device behavior (C01). Perfect CAC subsidization score reflects cross-event attendee intelligence shared across all platform customers.
What This Means For You
Your most engaged attendees and highest-performing session formats train Summit analytics used by competitors. If you achieve 60% attendee engagement rate, competitors access same content strategy insights through platform benchmarks. Meanwhile, cross-event tracking means your prospects are profiled across competitor events, enabling targeted poaching. Perfect CAC subsidization score reflects your attendee intelligence directly optimizing competitor event strategies.
Risk Channel Breakdown
Session recordings and behavioral engagement metrics may be blocked by privacy tools, creating incomplete attendee analytics. Event success metrics become systematically biased toward non-privacy-conscious attendees.
Cross-event attendee tracking means your registrant behavioral data trains Summit engagement models used by competitors. Attendee participation patterns become shared competitive intelligence. Perfect CAC subsidization reflects direct demand signal leakage.
Expands attack surface
Session recording of virtual events without disclosure violates wiretap laws (two-party consent required in 12 states). Cross-event tracking creates GDPR Article 35 DPIA requirement. Legal tail risk of 75 reflects multiple violation categories.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Full session replay
Identity stitching
Device identification
Container/loader (neutral)
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Summit's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →