How This Briefing Works
This dossier opens with key findings, then maps the gap between what Typeform discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection evidence underneath. BLACKOUT observes runtime browser behavior and cites the regulations that address each pattern — legal determinations are your counsel's call.
At a Glance
across 2 sites
vendor fires before consent
Briefing
Form platform vendor detected deploying defeat device (BTI-C01), behavioral biometrics (BTI-C06), consent bypass (BTI-C09), and fingerprinting (BTI-C10). Signal corruption at 25 reflects measurement interference through embedded form instrumentation. CAC subsidization at 65 indicates competitive intelligence transfer through cross-customer form engagement monitoring. Legal tail risk at 85 driven by tracking mechanisms embedded in data collection infrastructure.
What This Means For You
Marketing teams lose conversion attribution clarity when embedded forms inject third-party signals. Analytics teams face measurement distortion from conversational interface tracking. Legal teams inherit liability exposure when data collection infrastructure deploys consent bypass. Revenue operations teams subsidize competitor intelligence through shared form platform observing engagement patterns.
Risk Channel Breakdown
Embedded form instrumentation corrupts website analytics by injecting third-party behavioral signals through conversational interfaces, creating attribution conflicts when visitors engage with Typeform experiences instead of native site elements.
Cross-customer form monitoring transfers competitive intelligence as Typeform observes which form types competitors deploy, conversion patterns across industries, and response behavior across shared customer base.
Expands attack surface
Data collection platform deploying consent bypass and fingerprinting creates liability exposure when form infrastructure itself violates privacy expectations visitors bring to data submission workflows.
Threat Indicators
Runtime-observed (BTI-C)
Evasion infrastructure, auditor bypass
Keystroke/mouse tracking
Ignoring CMP signals
Device identification
Per-code narrative explanations of what each detected behavior means for your organization
Per-code evidence with full attribution chain, severity rankings, and consequence narratives See pricing →
Claims vs. Reality
BLACKOUT analyzed Typeform's public claims against observed runtime behavior and identified 1 contradiction.
Full claim-vs-reality gap analysis with claim text, observed behavior, severity, regulatory citations (GDPR, CCPA, ePrivacy), and evidence pointers per gap See pricing →
What To Do
4 for current users · 3 for evaluators
contractual leverage points
Role-specific actions (security / legal / marketing / procurement), full negotiation brief with contractual language, and BTI-code-specific consequences See pricing →
Supply Chain & Pairings
Full supply-chain mapping (loads / loaded-by lists with vendor identities) and the undisclosed-subprocessor list with observation evidence See pricing →