How This Briefing Works
This report opens with key findings, then maps the gaps between what Theirstack discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Theirstack was observed loading and executing before user consent was obtained on 100% of sites where it was detected.
Claims vs. Observed Behavior
pending
“Requires claims extraction via CDT”
Runtime evidence confirms C01/C06/C07/C09/C10 activation
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Theirstack
- →Immediate removal from data enrichment stack
- →Legal review of enrichment data sharing agreements
- →Audit CRM integrations for Theirstack data imports
- →Notify DPO of consent bypass behavior
If You're Evaluating Theirstack
- →First-party firmographic enrichment alternatives
- →Self-hosted visitor identification without data sharing
- →Consent-compliant company intelligence tools
Negotiation Leverage
- →Theirstack creates legal liability through consent bypass and behavioral tracking
- →90% CAC subsidization funds competitor prospecting databases
- →Visitor enrichment data accessible to competitors via marketplace
- →Removal required before next privacy audit
- →No contractual limits prevent competitor access to enriched profiles
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Impact: Bypasses consent controls to capture data regardless of user preferences
Keystroke/mouse tracking
Impact: Captures unique behavioral patterns for identity resolution
Full session replay
Impact: Records visitor sessions for behavioral profiling
Ignoring CMP signals
Impact: Activates before consent mechanisms, defeating privacy controls
Device identification
Impact: Creates persistent visitor profiles for enrichment databases
IOC Manifest
Indicators of compromise across 3 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
4821 detection signatures across scripts, domains, cookies, and network endpoints