All Vendors
data_enrichment

Typeform

Typeform operates form infrastructure while deploying defeat devices, behavioral biometrics, consent bypass, and fingerprinting across embedded survey experiences. The platform positions itself as user-friendly form builder while enabling persistent tracking mechanisms that operate through conversational form interfaces.

30 IOCs56 detections100% pre-consent47 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Typeform discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

56 detections across 47 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Typeform was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Defeat device, behavioral biometrics, consent bypass, and fingerprinting detected in runtime

Customer Impact

What This Means For You

Marketing teams lose conversion attribution clarity when embedded forms inject third-party signals. Analytics teams face measurement distortion from conversational interface tracking. Legal teams inherit liability exposure when data collection infrastructure deploys consent bypass. Revenue operations teams subsidize competitor intelligence through shared form platform observing engagement patterns.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Typeform

  • Audit defeat device deployment within embedded form infrastructure
  • Review behavioral biometrics scope in form interaction monitoring
  • Require consent collection before Typeform tracking initialization
  • Verify fingerprinting boundaries for form submission workflows

If You're Evaluating Typeform

  • Native form builders preventing third-party behavioral monitoring
  • Self-hosted survey solutions eliminating competitive intelligence leakage
  • Privacy-respecting form platforms without embedded persistent tracking

Negotiation Leverage

  • Challenge defeat device mechanisms within data collection infrastructure
  • Require disclosure of all behavioral monitoring through embedded forms
  • Demand opt-out from cross-customer form engagement analysis
  • Request data processing agreement amendments addressing vendor tracking through form platform
  • Negotiate liability protection for consent violations by data collection infrastructure
Runtime Detections

Runtime Detections

4 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Detection evasion mechanisms obscure tracking deployment within conversational form interfaces.

BTI-C06Behavioral Biometrics

Keystroke/mouse tracking

Impact: Keystroke dynamics and interaction timing captured as visitors complete form fields and navigate conversational workflows.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tracking mechanisms active within form experience before visitor consent collection completes.

BTI-C10Fingerprinting

Device identification

Impact: Browser and device characteristics harvested through embedded form infrastructure.

IOC Manifest

IOC Manifest

20 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*public-assets.typeform.com/public/js-tracking/20.0.0/attributionUtil.js*
Tracking script
TRACK
*public-assets.typeform.com/public/js-tracking/20.0.0/consentUtil.js*
Tracking script
TRACK
*public-assets.typeform.com/public/js-tracking/20.0.0/cookiesUtil.js*
Tracking script
TRACK
*public-assets.typeform.com/public/js-tracking/20.0.0/trackingClient.js*
Tracking script
TRACK
public-assets.typeform.com/public/js-tracking/20.0.0/attributionUtil.js
Auto-extracted from scan
TRACK
public-assets.typeform.com/public/js-tracking/20.0.0/consentUtil.js
Auto-extracted from scan
TRACK
public-assets.typeform.com/public/js-tracking/20.0.0/trackingClient.js
Auto-extracted from scan
TRACK
public-assets.typeform.com/public/js-tracking/20.0.0/cookiesUtil.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Typeform embeds across customer web properties through iframe and script-based integration, creates measurement interference through conversational form positioning, and establishes cross-customer monitoring channels observing form engagement strategies.
Loaded By (1)
Googletagmanager
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

30 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details