I just got blocked by the CEO of ZoomInfo for documenting surveillance
infrastructure on their GTM Studio landing page.
Timeline:
1. CEO posts product demo on LinkedIn
2. I analyze the landing page with Chrome DevTools
3. I post findings in comments (40+ cookies pre-consent, biometrics, etc.)
4. CEO blocks me within minutes
Sorry - had to flag this ad posting. Future tip - just release this stuff under one of your employee's or founder's name so it's not as obvious of an ad for the platform you're launching.
> The question to consider: could this data become actionable in litigation?
That's sort of a silly question to pose. That risk always there. It's just a question of estimating that risk. EU is rolling back GDPR, so I'd estimate that risk is getting lower every day.
To play devil's advocate, why should FANG be the only ones allowed to crap all over the public internet's privacy?
Automatic execution of javascript from arbitrary random domains is the biggest mistake the web ever made. A completely 180 from the old "Don't run programs you don't know where they're from." We're doing this to ourselves. I know it's too late to save the corporate, institutional, etc environments, but in your personal life you should set your primary browser to not auto-execute random programs. It'd solve this.
9 comments
[ 2.7 ms ] story [ 32.9 ms ] threadTimeline: 1. CEO posts product demo on LinkedIn 2. I analyze the landing page with Chrome DevTools 3. I post findings in comments (40+ cookies pre-consent, biometrics, etc.) 4. CEO blocks me within minutes
So I'm releasing the full evidence pack publicly: https://github.com/clark-prog/blackout-public
What I found: - Sardine.ai behavioral biometrics (mouse/typing patterns) firing before consent - PerimeterX device fingerprinting pre-consent - 118 unique tracking domains on a single page load - Base64-encoded config showing "enableBiometrics: true" - Formal partnership with Sardine (partnerId: "zoominfo")
The irony: ZoomInfo sells visitor identification tools but uses 3 external fingerprinting vendors on their own site.
All evidence is reproducible. HAR files, deobfuscated code, legal analysis included.
AMA about findings or methodology.
Whos to say that they are making it so those 3 vendors work better together?
edit - Also I just know this is a EU dev who thinks if I build a really good product people will just buy.
That's sort of a silly question to pose. That risk always there. It's just a question of estimating that risk. EU is rolling back GDPR, so I'd estimate that risk is getting lower every day.
To play devil's advocate, why should FANG be the only ones allowed to crap all over the public internet's privacy?