@tsteur opened this Issue on May 8th 2018 Member

See https://github.com/matomo-org/matomo/blob/3.5.0-rc1/core/Tracker/Request.php#L830-L832

If the privacy feature introduced in Matomo 3.5.0 is enabled and the userId is hashed with a salt, then the visitorId would still kind of leak the userId. Ideally, when the userId is set and the feature is enabled, then the userId should be salted there as well.

@tsteur commented on May 8th 2018 Member

Actually, it should not be an issue as manipulateRequest in privacy manager "request processor" is executed before getting the visitor Id. So we are there creating a hash on the already hashed User Id.

This Issue was closed on May 8th 2018
Powered by GitHub Issue Mirror