I just got blocked by the CEO of ZoomInfo for documenting surveillance infrastructure on their GTM Studio landing page.

Timeline: 1. CEO posts product demo on LinkedIn 2. I analyze the landing page with Chrome DevTools 3. I post findings in comments (40+ cookies pre-consent, biometrics, etc.) 4. CEO blocks me within minutes

So I'm releasing the full evidence pack publicly: https://github.com/clark-prog/blackout-public

What I found: - Sardine.ai behavioral biometrics (mouse/typing patterns) firing before consent - PerimeterX device fingerprinting pre-consent - 118 unique tracking domains on a single page load - Base64-encoded config showing "enableBiometrics: true" - Formal partnership with Sardine (partnerId: "zoominfo")

The irony: ZoomInfo sells visitor identification tools but uses 3 external fingerprinting vendors on their own site.

All evidence is reproducible. HAR files, deobfuscated code, legal analysis included.

AMA about findings or methodology.

User opens DevTools and loads pretty much any website on the internet, film at 11.

> The question to consider: could this data become actionable in litigation?

That's sort of a silly question to pose. That risk always there. It's just a question of estimating that risk. EU is rolling back GDPR, so I'd estimate that risk is getting lower every day.

To play devil's advocate, why should FANG be the only ones allowed to crap all over the public internet's privacy?

Automatic execution of javascript from arbitrary random domains is the biggest mistake the web ever made. A completely 180 from the old "Don't run programs you don't know where they're from." We're doing this to ourselves. I know it's too late to save the corporate, institutional, etc environments, but in your personal life you should set your primary browser to not auto-execute random programs. It'd solve this.