All Vendors
cdp

TealiumiQ

TealiumiQ operates as a customer data platform with maximum signal corruption and competitive intelligence risks. Tag management, cross-domain tracking, behavioral biometrics, session replay, and consent bypass create unlimited legal exposure. The 100% CAC subsidization score reflects visitor data feeding competitor CDP systems.

66 IOCs7 detections29% pre-consent7 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what TealiumiQ discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

7 detections across 7 sites29% pre-consent activity
HIGH

Pre-Consent Activity

TealiumiQ was observed loading and executing before user consent was obtained on 29% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Runtime evidence confirms C01/C06/C07/C08/C09/C10/C15 activation

Customer Impact

What This Means For You

Marketing spend builds competitor targeting infrastructure. Visitor profiles including cross-domain behavior, preferences, and intent signals flow through TealiumiQ to competitors using the same CDP. Legal holds 100% exposure risk from consent bypass and cross-domain tracking. Tag manager deploys tracking beyond your control.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use TealiumiQ

  • Immediate audit of TealiumiQ data sharing configurations
  • Legal review of CDP data processing agreements
  • Map all dynamically deployed tags via C15
  • Notify DPO of consent bypass and cross-domain tracking

If You're Evaluating TealiumiQ

  • First-party CDP alternatives with zero data sharing
  • Server-side tag management on owned infrastructure
  • Consent-compliant visitor identity resolution

Negotiation Leverage

  • TealiumiQ creates unlimited legal liability through consent bypass and cross-domain tracking
  • 100% CAC subsidization means visitor profiles train competitor targeting
  • Tag manager deploys tracking beyond contractual control
  • CDP architecture enables competitor access to unified customer profiles
  • Removal or complete isolation required for GDPR compliance
Runtime Detections

Runtime Detections

7 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Bypasses consent controls to capture data regardless of user preferences

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Captures unique behavioral patterns for persistent identity resolution

BTI-C07Session Recording

Full session replay

Impact: Records visitor sessions including form interactions and navigation patterns

BTI-C08Cross-Domain Sync

Identity stitching

Impact: Tracks visitors across multiple domains, building unified profiles

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Activates before consent mechanisms, defeating privacy controls

BTI-C10Fingerprinting

Device identification

Impact: Creates persistent visitor profiles across sessions and devices

BTI-C15Tag Manager

Container/loader (neutral)

Impact: Deploys additional tracking tags dynamically, expanding surveillance footprint

IOC Manifest

IOC Manifest

63 INDICATORS

Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*tealium.com/wp-content/themes/Jupiter-child/jasper/assets/js/footer.js*
Tracking script
TRACK
*tealium.com/wp-content/themes/Jupiter-child/jasper/assets/vendor/jquery.js*
Tracking script
TRACK
*tealium.com/wp-content/uploads/jasper-js-bundles/*/*.js*
Tracking script
TRACK
*pages.tealium.com/js/forms2/js/forms2.js*
Tracking script
TRACK
*pages.tealium.com/index.php/form/getForm*
Tracking script
TRACK
tags.tiqcdn.com
Tracking script
TRACK
tealium.com/wp-content/themes/Jupiter-child/jasper/assets/vendor/jquery.min.js
Auto-extracted from scan
TRACK
pages.tealium.com/js/forms2/js/forms2.min.js
Auto-extracted from scan
TRACK
tealium.com/wp-content/themes/Jupiter-child/jasper/assets/js/footer.min.js
Auto-extracted from scan
TRACK
tealium.com/wp-content/uploads/jasper-js-bundles/1ba2c78720e314ed8fd85d753a8cc621/0362f4e4aa203c3a6e62055f720851dd.js
Auto-extracted from scan
TRACK
pages.tealium.com/index.php/form/getForm
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

TealiumiQ integrates with hundreds of marketing tools, analytics platforms, and advertising systems. Visitor data flows to CDP instances accessible to competitors using the same infrastructure. Tag management enables dynamic deployment of third-party tracking, creating uncontrolled data leakage paths.
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

66 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details