@NanorPiwik opened this Issue on October 29th 2018

Hi Matomo team,

According to https://matomo.org/faq/general/faq_21418/ we have a feature to enable the fingerprinting across several websites. However we don't have one in order to disable it.
That's a concern in terms of privacy.

@clintonblackmore commented on October 30th 2018

Hi. I raised this issue.

I'm starting a business making apps to sell to kids and hired a lawyer to help with my privacy policy (and believe me, I've read over many privacy policies lately). I wondered if I needed to put a notice in my privacy policy about fingerprinting, such as:

Fingerprinting

Our website takes a fingerprint of your system’s setup, to imperfectly distinguish between visitors to our site.

My lawyer sent me this page to look at: The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers.

I know that Matomo is serious about privacy. Lacking any way to disable the fingerprinting, I've decided to forgo it for tracking hits to my website (but I am planning to use it to track analytics for my games, as I feel that Unity Analytics processes way too much information.)

Thank you for considering this issue.

@mattab commented on January 21st 2020 Member

We're wondering whether fingerprinting in Matomo could be considered personal data... Knowing that our fingerprint is quite imprecise and sometimes recognises multiple people as one: https://github.com/matomo-org/matomo/issues/13528

From https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-web-trackers

You’ll struggle to find fingerprinting explicitly mentioned in the GDPR—but that’s because the EU has learned from earlier data protection laws and the current ePrivacy Directive to remain technologically neutral.
Apart from non-binding recitals (like Recital 30, discussing cookies), the GDPR avoids calling out specific technologies or giving exhaustive lists and examples. Instead, it provides general rules that the drafters felt should be neutral, flexible, and keep up with technological development beyond fingerprinting and cookies.
[...]
Thus, when several information elements are combined (especially unique identifiers such as your set of system fonts) across websites (e.g. for the purposes of behavioral advertising), fingerprinting constitutes the processing of personal data and must comply with GDPR.

In Matomo by default we seed the fingerprint with a different seed across websites, so that a same user will have a different fingerprint when they're tracked in multiple websites in the same Matomo. The visitor will also have a different fingerprint in different Matomo instances. So no "cross websites tracking" is possible (unless the enable_fingerprinting_across_websites flag is activated on purpose - which we don't even document publicly).

it will be interesting to review the ePrivacy regulation draft to check on the current status of fingerprinting: https://github.com/matomo-org/matomo/issues/15425

@tsteur commented on January 22nd 2020 Member

I think what would help is eg to randomly generate a visitor ID in the client that is valid for only max 30 minutes (visit duration) and on every page view or event the ID is extended for another 30 minutes. There will still be a cookie but only for 30 minutes, and it won't be possible to identify a visitor since it would change on every new visit.

You won’t get unique visitors data (or new vs returning data) etc but many wouldn’t even need it. Many segments and most reports would still be meaningful. I reckon that could be a start?

@mattab commented on January 31st 2020 Member

see also #15478 #15479

@tsteur commented on February 3rd 2020 Member

As mentioned in https://github.com/matomo-org/matomo/issues/15507 ideally we even don't use any cookies by default.

And ideally, by default, the fingerprint includes the current date to prevent fingerprinting visitors across multiple days.

Powered by GitHub Issue Mirror