How This Briefing Works
This report opens with key findings, then maps the gaps between what ZendeskChat discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.
Key Findings
Key Findings
10 detections across 8 sites50% pre-consent activity
CRITICAL
Pre-Consent Activity
ZendeskChat was observed loading and executing before user consent was obtained on 50% of sites where it was detected.
GDPRePrivacy
Disclosure Gaps
Claims vs. Observed Behavior
1 gaps
pending
UNKNOWN
They Claim
“Requires claims extraction via CDT”
Observed Behavior
Defeat device, behavioral biometrics, cross-domain sync, consent bypass, fingerprinting, persistence, and tag manager detected in runtime
Customer Impact
What This Means For You
Marketing teams lose attribution clarity when support infrastructure distorts visitor behavior analysis. Analytics teams face measurement corruption from customer service interaction layering. Legal teams inherit maximum liability exposure when support platform deploys comprehensive surveillance. Revenue operations teams subsidize complete competitor intelligence through shared support monitoring infrastructure.
Recommended Actions
What To Do About It
Role-specific actions based on observed behavior
If You Use ZendeskChat
- →Audit defeat device deployment within customer support infrastructure
- →Review behavioral biometrics scope in support interaction monitoring
- →Verify cross-domain sync boundaries for support continuity mechanisms
- →Audit tag manager capabilities for third-party script injection risk
- →Require consent collection before Zendesk tracking initialization
If You're Evaluating ZendeskChat
- →Customer support solutions without embedded visitor surveillance
- →Privacy-respecting helpdesk platforms limiting tracking scope
- →Self-hosted support infrastructure eliminating cross-customer intelligence leakage
Negotiation Leverage
- →Challenge defeat device mechanisms within customer service infrastructure
- →Require disclosure of all surveillance capabilities beyond support functionality
- →Demand opt-out from cross-customer support monitoring analysis
- →Request data processing agreement amendments addressing visitor tracking through support platform
- →Audit tag management capabilities for third-party data sharing risk
- →Negotiate liability indemnification for maximum tracking deployed through customer service infrastructure
Runtime Detections
Runtime Detections
7 BTI-C CODES
BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.
BTI-C01Defeat Device
Evasion infrastructure, auditor bypass
Impact: Detection evasion mechanisms obscure surveillance deployment within customer support infrastructure.
BTI-C06Behavioral Biometrics
Keystroke/mouse tracking
Impact: Interaction patterns with support interface captured to profile customer service engagement and predict support needs.
BTI-C08Cross-Domain Sync
Identity stitching
Impact: Support interactions synchronized across organizational properties and external service touchpoints.
BTI-C09Consent Bypass
Ignoring CMP signals
Impact: Tracking mechanisms active through support infrastructure before visitor consent collection completes.
BTI-C10Fingerprinting
Device identification
Impact: Device characteristics harvested to maintain support continuity across sessions and identify returning visitors.
BTI-C13Persistence Mechanisms
Long-lived identifiers
Impact: Long-lived tracking identifiers maintain support history beyond reasonable customer service timeframes.
BTI-C15Tag Manager
Container/loader (neutral)
Impact: Tag management capabilities enable dynamic third-party script injection through support infrastructure.
IOC Manifest
IOC Manifest
255 INDICATORS
Indicators of compromise across 5 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.
TRACK
*www.zendesk.com/scripts/adobe-websdk.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/*.*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/*-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/963-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/wDn06ER-Sm8SxwojXDXuv/_buildManifest.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/pages/index-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/webpack-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/pages/_app-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/main-*.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/wDn06ER-Sm8SxwojXDXuv/_ssgManifest.js*
Tracking script
TRACK
*www.zendesk.com/web-assets/_next/static/chunks/framework-*.js*
Tracking script
TRACK
*www.zendesk.com/app/geo.json*
Tracking script
TRACK
static.zdassets.com
Tracking script
TRACK
www.zendesk.com/scripts/adobe-websdk.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/20034.530c7ea40db5289e.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/82718.ff490587779962ba.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/57576.8e9c58d93cf9d4db.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/59139.91078a4d22132278.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/29175.a42900751e7a1625.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/29573.4137e8080c1bd370.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/14950.09489ebb25f9beba.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/69171.a49525194c183b56.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/52165.90ad7e58e3740026.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/e3585e01-e96e8ec7503ccb8a.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/37598.b8203bc4fe927ca2.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/5559-39944eb0a5f2a778.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/33867-d1f6f7973b34e7be.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/68546.1f530ee225f0064b.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/73994.bdb1f39474d62ae5.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/43608.64c2e0f1153de092.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/70377.ebf593c74748c529.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/56439.290134eb50ba47bc.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/48813.8ffcbafd9e02f768.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/77333.b41b4a78fa9d0ce6.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/10821.d2420a304a5b9923.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/5173.97f3ad7574fc10a0.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/23896.22c1d8710300dc6d.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/12300.e90523cbb0ac2d93.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/91635.f6a0d3ab4dcdcd8f.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/31610.35c17ff40b837ea2.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/25994.f7ccd76b34bdae63.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/20457.086f3ce9318ddfb7.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/84906.e178fcc1d971d719.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/46066-7f3395c279a3d675.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/45402.1cc98ca8439f8d4c.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/94386.adb13b32189f3338.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/95225.15bd579ee6274b9f.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/17842.3856f67f7727688e.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/56369.09fd52968f60b2f0.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/76761.4dc492fb9f211111.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/12797.57303d0f09f5d04c.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/89472.7c6c46e09f6c7109.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/59514.493715c76dc5a4f9.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/98116.0c2d2146b76fdf2f.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/52776.44e75177f3d212f0.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/26981.8350da38a44e92c1.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/27060.16ea304a5a9af0a8.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/73922.b7c3042968db3e97.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/48451.d6b8e4cc8e3c19d3.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/30426.bebed27256a39c33.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/8499.d13454557f75c589.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/20419.2b0e61cbe047ea8a.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/95327.0e6bf76ed0180442.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/41413.4bf269e9326bec95.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/98959.92a783520aa0a69e.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/7640.4d017b20d40ad562.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/33520.48928f618b7f03ec.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/56416.a5f9389cd88b70a9.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/80411.0988d23707fb6fdf.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/87676.9ac83f78bbb12153.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/webpack-7c395770b806f404.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/framework-ea624fa794affdb6.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/main-33379439199aa675.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/pages/_app-c1dca19c1e526f50.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/fec483df-b3c5d29b019879f5.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/81287-ee806817306f63a3.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/29694-3ba2922805f213ca.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/22651-a4a7b7fcaf7a42f6.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/62669-f1594da6dfc17bdf.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/56390-a98cfa9768dcc9a8.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/45866-785b2d2a048a28cf.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/21095-67867a4f89e61360.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/24305-f6bd7ada5f8234ae.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/57650-f812a0a5e20289b1.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/85466-a6ffafad55e402ca.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/67710-0a88505c1d541de8.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/59590-b84c89a7f55b359c.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/84129-cdce07b26d8396b4.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/24144-05f8c609c93a5cf5.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/963-47b80872832a97b8.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/15408-6930afffdd916134.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/47758-1925a83cd75511c0.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/70084-d0d89dba8b11b3a1.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/89334-8324fca49711387b.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/4591-eac0cfd5b5ea9b5b.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/38506-33e773fa8cfabeb8.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/6446-3105633b6d5873c3.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/42198-3da8d23e2fc1007c.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/84969-0a44caa9a42547f4.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/83554-184f813f50fda49d.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/28338-2773662b6fb8c5fb.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/33208-8fa48f859717337a.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/34943-75cd04ea1b630c1e.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/pages/index-b7925a08bc746b7e.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/wDn06ER-Sm8SxwojXDXuv/_buildManifest.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/wDn06ER-Sm8SxwojXDXuv/_ssgManifest.js
Auto-extracted from scan
TRACK
www.zendesk.com/web-assets/_next/static/chunks/1649.28f84b539cdd8c01.js
Auto-extracted from scan
Ecosystem
Ecosystem & Supply Chain
Zendesk Chat integrates with CRM platforms and marketing automation systems, creates measurement interference through support layer positioning, and establishes cross-customer monitoring channels observing customer service strategies across shared customer base.
Evidence
Evidence Artifacts
Artifacts collected during analysis, available with evidence-tier access.
HAR Capture
Complete network capture with all requests and responses
IOC Manifest
257 detection signatures across scripts, domains, cookies, and network endpoints