New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit visitor fingerprint by default for even better privacy #13655
Comments
Hi. I raised this issue. I'm starting a business making apps to sell to kids and hired a lawyer to help with my privacy policy (and believe me, I've read over many privacy policies lately). I wondered if I needed to put a notice in my privacy policy about fingerprinting, such as:
My lawyer sent me this page to look at: The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers. I know that Matomo is serious about privacy. Lacking any way to disable the fingerprinting, I've decided to forgo it for tracking hits to my website (but I am planning to use it to track analytics for my games, as I feel that Unity Analytics processes way too much information.) Thank you for considering this issue. |
We're wondering whether fingerprinting in Matomo could be considered personal data... Knowing that our fingerprint is quite imprecise and sometimes recognises multiple people as one: #13528
In Matomo by default we seed the fingerprint with a different seed across websites, so that a same user will have a different fingerprint when they're tracked in multiple websites in the same Matomo. The visitor will also have a different fingerprint in different Matomo instances. So no "cross websites tracking" is possible (unless the it will be interesting to review the ePrivacy regulation draft to check on the current status of fingerprinting: #15425 |
I think what would help is eg to randomly generate a visitor ID in the client that is valid for only max 30 minutes (visit duration) and on every page view or event the ID is extended for another 30 minutes. There will still be a cookie but only for 30 minutes, and it won't be possible to identify a visitor since it would change on every new visit. You won’t get unique visitors data (or new vs returning data) etc but many wouldn’t even need it. Many segments and most reports would still be meaningful. I reckon that could be a start? |
As mentioned in #15507 ideally we even don't use any cookies by default. And ideally, by default, the fingerprint includes the current date to prevent fingerprinting visitors across multiple days. |
We'd want this feature configurable overall eg in global website settings. If fingerprint is disabled, then it should not be possible to enable it for any site and the setting doesn't show in the sites manager. If enabled, then it should be possible to be configured for every site in the sites manager. If fingerprint is disabled, it would automatically also disable the visitor profile ideally since there wouldn't be any profiles anymore anyway. What other changes can we apply that make sense?
|
Also impacts referrers reports and multi attribution report when cookies are disabled. |
One approach could be:
The first option might be the best. For new installs this would be maybe enabled, for older instances this might be disabled to not break BC or could enable it for everyone. |
We're actually now thinking to disable the fingerprint all the time when cookies are disabled. No server side setting. As fingerprint is just like cookie and you'd expect it to not have a fingerprint applied when cookies are disabled. |
we have fixed this in 3.13.6 in #15886 and made this the default behaviour. I don't think there is any further change needed? I'll close this for now. |
Hi Matomo team,
According to https://matomo.org/faq/general/faq_21418/ we have a feature to enable the fingerprinting across several websites. However we don't have one in order to disable it.
That's a concern in terms of privacy.
The text was updated successfully, but these errors were encountered: