we as a public german university have a problem with the behavior of Piwik regarding DoNotTrack.
At the moment, if you configure Piwik to respect the DNT-header, visitors sending a DNT-header won't be counted at all (unless they come with IE, but that's another weird problem, see #9987). In my interpretation of the DNT-specification, a submitted DNT-header means, that a user doesn't want to be tracked, i.e. he/she doesn't want to get a cookie set (or any other method like fingerprinting) to be recognized as the same user on following visits. Or even within his particular visit, when it's interpreted strictly. This says nothing about counting his/her pageviews anonymized. It is called DoNotTrack, not DoNotCount.
So Piwik should count those visitors, but not track them, if the respect-DNT-setting is activated.
On my personal blog, I did some tests in 2014 and at this time, activating DNT in Piwik resulted in only about half counted visitors (from 100-150 visitors per day to 50-100 with DNT-feature activated). On other sites, I administrate, the impact was lower, but around 20% loss in counted visitors was standard then.
For our data protection commissioner it seems to be okay, if we then don't respect DNT at all, so we'll likely deactivate this feature. But this is a shame, since we want to respect the decision of our visitors, that they don't want to be tracked between their visits. But we also want reliable statistics.
I appreciate your comments on this.
Interesting point of view. For sure we could change implementation to count those visitors. But we would need to do some kind of "internal" fingerprinting, as otherwise each page view would be counted as new visit. Would be almost the same as for those not accepting cookies.
I don't see any useful possibility of counting DNT users without any kind of fingerprinting. That would mess up most numbers.
I see, then what about tracking within a session/visit with a session cookie, but not over several sessions? This respects DNT in a broader sense and is better than not respecting DNT at all to not lose the pageview-counts?
Our data protection commissioner wrote now, that from his point of view, we (and any other public german institution) cannot deactivate the "respect DNT" feature, if this means, that Piwik will create a profile for users with active DNT. I'll ask him, if it would be okay, when Piwik would only build intra-session profiles to distinguish visits from single page views.
Interesting idea to track anonymously the users. To ensure we track people anonymously we would need to take several steps:
@mattab that would be cool, since we only want to have reliable data about how our website is used and what pages are visited. we don't have any interest in (and strict laws against) profiling users. Geolocation on a per-country-basis is also sufficient for this usecase, no geolocation at all iss too strict, because then we shouldn't record any data enabling to fingerprint a user. This goes too far.
But this goes at all way far above my feature request to at least count users with DNT enabled. :) What technology is used by our users, how many come, where do they come from, which pages do they visit and which paths do they follow is all we want to know.
But this goes at all way far above my feature request to at least count users with DNT enabled. :)
The thing is that we can't just start tracking users with DNT without considering everything related to privacy. So we must go through the complex process of identifying everything that could lead to profiling users and remove the information, when DNT is enabled.
Chiming in on this, this is exactly the behavior I'm looking for. We aim to minimize user tracking while providing useful feedback for understanding how our sites are used, while respecting DNT.
Our choice to go with Piwik in the first place was based on a desire to have some reliable data on behavior while avoiding to give away data to Google analytics and friends. For our site we have >98% with DNT enabled at this point. In this situation we have a choice between enabling DNT-support, which we very much desire to do, or having almost no data at all.
I would like to follow up on this. We are currently using Matomo to track our users, and are considering soon moving to some of the Premium features in order to gain better customer and products insights.
However, it is today not 100% clear to us whether the anonymous tracking is in place or not:
I did some testing with my user (with doNotTrack ON, and it seems to me nothing gets recorded, not even anonymous counts).
@mattab would you have an update on this?