How This Briefing Works
This report opens with key findings, then maps the gaps between what Vidyard discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
4 detections across 3 sites75% pre-consent activity
CRITICAL
Pre-Consent Activity
Vidyard was observed loading and executing before user consent was obtained on 75% of sites where it was detected.
GDPRePrivacy
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
disclosure
HIGH
They Claim
“Pending claims extraction”
Observed Behavior
Runtime detection shows C09 (consent bypass)
Customer Impact
What This Means For You
Revenue teams using Vidyard face consent liability when video player tags fire before user authorization. Video engagement data (watch time, interaction points) captured pre-consent creates compliance exposure.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use Vidyard
- →Audit Vidyard player initialization timing relative to consent collection
- →Implement consent-gated video tracking activation
- →Review video engagement data retention and sharing policies
If You're Evaluating Vidyard
- →Document pre-consent tracking scope for video players
- →Request technical controls to defer player analytics until consent obtained
- →Obtain written confirmation of data deletion procedures for video engagement data
Negotiation Leverage
- →Pre-consent tracking: Video player tags activate before consent — require technical mechanism to defer analytics until authorization.
- →Video engagement data: Watch patterns and interaction data persist beyond opt-out — demand specific deletion timelines and third-party sharing restrictions.
- →Intent data sales: Video engagement may feed ABM intent databases — negotiate restrictions on data resale to competitors.
Runtime Detections
Runtime Detections
2 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C08Cross-Domain Sync
Identity stitching
BTI-C09Consent Bypass
Ignoring CMP signals
IOC Manifest
IOC Manifest
134 INDICATORS
Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.vidyard.com/wp-includes/js/jquery/jquery.js*
Tracking script
TRACK
*play.vidyard.com/embed/v4.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/plugins/TooltipProPlus/assets/js/modernizr.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/intercom.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/plugins/TooltipProPlus/assets/js/tooltip.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/uploads/bb-plugin/cache/*-layout.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/slider.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/plugins/fp-foundation/assets/js/frontend/facetwp_helper.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/tailwind-elements-index.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/plugins/fp-foundation/assets/js/frontend/focus-visible-main/focus-visible.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/uploads/bb-plugin/cache/*-layout-partial.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/themes/vidyard-fp/components/fpd_lightbox_video/fpd_lightbox_video.js*
Tracking script
TRACK
*www.vidyard.com/wp-content/themes/vidyard-fp/components/fpd_zpattern/fpd_zpattern.js*
Tracking script
TRACK
*www.vidyard.com/cdn-cgi/challenge-platform/scripts/jsd/main.js*
Tracking script
TRACK
*www.vidyard.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/*/main.js*
Tracking script
TRACK
play.vidyard.com
Tracking script
TRACK
www.vidyard.com/wp-includes/js/jquery/jquery.min.js
Auto-extracted from scan
TRACK
play.vidyard.com/embed/v4.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/plugins/TooltipProPlus/assets/js/modernizr.min.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/plugins/TooltipProPlus/assets/js/tooltip.min.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/plugins/bb-plugin/js/jquery.magnificpopup.min.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/uploads/bb-plugin/cache/26686-layout.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/intercom.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/tailwind-elements-index.min.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/themes/vidyard-fp/assets/js/slider.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/plugins/fp-foundation/assets/js/frontend/facetwp_helper.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/plugins/fp-foundation/assets/js/frontend/focus-visible-main/focus-visible.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/themes/vidyard-fp/components/fpd_lightbox_video/fpd_lightbox_video.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/themes/vidyard-fp/components/fpd_zpattern/fpd_zpattern.js
Auto-extracted from scan
TRACK
www.vidyard.com/wp-content/uploads/bb-plugin/cache/321737-layout-partial.js
Auto-extracted from scan
TRACK
www.vidyard.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Auto-extracted from scan
TRACK
www.vidyard.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/d251aa49a8a3/main.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
134 detection signatures across scripts, domains, cookies, and network endpoints