How This Briefing Works
This report opens with key findings, then maps the gaps between what Trustradius discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Pre-Consent Activity
Trustradius was observed loading and executing before user consent was obtained on 83% of sites where it was detected.
Claims vs. Observed Behavior
pending
“Requires claims extraction via CDT”
Defeat device, behavioral biometrics, session recording, consent bypass, and fingerprinting detected in runtime
What This Means For You
What To Do About It
Role-specific actions based on observed behavior
If You Use Trustradius
- →Audit defeat device deployment within review widget infrastructure
- →Review behavioral biometrics scope in review consumption tracking
- →Verify session recording boundaries for review interaction monitoring
- →Require consent collection before review widget loads tracking
If You're Evaluating Trustradius
- →Review platforms without embedded persistent tracking mechanisms
- →Self-hosted testimonial solutions preventing competitive intelligence leakage
- →Static review displays eliminating third-party behavioral monitoring
Negotiation Leverage
- →Challenge defeat device mechanisms obscuring tracking within trust infrastructure
- →Require disclosure of all behavioral monitoring through review widgets
- →Demand opt-out from cross-customer review engagement analysis
- →Request data processing agreement amendments addressing vendor tracking through review platform
- →Negotiate liability protection for consent violations by review infrastructure
Runtime Detections
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
Evasion infrastructure, auditor bypass
Impact: Detection evasion mechanisms obscure tracking deployment within review widget infrastructure.
Keystroke/mouse tracking
Impact: Interaction patterns with review content captured to profile visitor engagement with trust signals.
Full session replay
Impact: Review consumption sessions captured in full fidelity, exposing how visitors evaluate vendor comparisons.
Ignoring CMP signals
Impact: Tracking active through review widget before visitor consent collection completes.
Device identification
Impact: Browser and device characteristics harvested through review platform infrastructure.
IOC Manifest
Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
Ecosystem & Supply Chain
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
Complete network capture with all requests and responses
75 detection signatures across scripts, domains, cookies, and network endpoints