ZoomInfo CEO blocks researcher after documenting pre-consent biometric tracking
15 comments
·November 25, 2025SignalDr
linkjuice4all
Sorry - had to flag this ad posting. Future tip - just release this stuff under one of your employee's or founder's name so it's not as obvious of an ad for the platform you're launching.
Aeglaecia
what exactly is being advertised ?
ChrisMarshallNY
Looks like deployblackout -dot- com.
Looks like a service to do the kinds of scans mentioned. Note the punchlist of laws being broken.
chzblck
You do know that lots of software is just meshing a few things together and selling that as a service right?
Whos to say that they are making it so those 3 vendors work better together?
helloericsf
Thanks for sharing. I bet their DPO and EU customers are super interested in the findings. The CEO should have handled it better, IMO.
globalnode
A lot of orgs operate under the "ask forgiveness later" principle. They were probably hoping the "later" would be much later...
SignalDr
Considering that sales/marketing are basically the only business functions that have never been held to a compliance standard, they're betting it never comes.
ethin
They're hoping the word "later" is synonymous for "never".
superkuh
Automatic execution of javascript from arbitrary random domains is the biggest mistake the web ever made. A completely 180 from the old "Don't run programs you don't know where they're from." We're doing this to ourselves. I know it's too late to save the corporate, institutional, etc environments, but in your personal life you should set your primary browser to not auto-execute random programs. It'd solve this.
jgalt212
> The question to consider: could this data become actionable in litigation?
That's sort of a silly question to pose. That risk always there. It's just a question of estimating that risk. EU is rolling back GDPR, so I'd estimate that risk is getting lower every day.
To play devil's advocate, why should FANG be the only ones allowed to crap all over the public internet's privacy?
baiac
[flagged]
mike_d
User opens DevTools and loads pretty much any website on the internet, film at 11.
I just got blocked by the CEO of ZoomInfo for documenting surveillance infrastructure on their GTM Studio landing page.
Timeline: 1. CEO posts product demo on LinkedIn 2. I analyze the landing page with Chrome DevTools 3. I post findings in comments (40+ cookies pre-consent, biometrics, etc.) 4. CEO blocks me within minutes
So I'm releasing the full evidence pack publicly: https://github.com/clark-prog/blackout-public
What I found: - Sardine.ai behavioral biometrics (mouse/typing patterns) firing before consent - PerimeterX device fingerprinting pre-consent - 118 unique tracking domains on a single page load - Base64-encoded config showing "enableBiometrics: true" - Formal partnership with Sardine (partnerId: "zoominfo")
The irony: ZoomInfo sells visitor identification tools but uses 3 external fingerprinting vendors on their own site.
All evidence is reproducible. HAR files, deobfuscated code, legal analysis included.
AMA about findings or methodology.