@tsteur opened this Pull Request on April 24th 2020 Member

refs https://github.com/matomo-org/matomo/issues/13655

@mattab was quickly working on this 30 min for 3.X.

The full feature https://github.com/matomo-org/matomo/issues/13655#issuecomment-616892565 could be developed in 4.X. While it's not fully implemented, it would be something though that could already help. The idea is basically to add the current date to the fingerprint, to ignore any visitorId unless it is a userId, and to disable the visitor profile in the visitor log (not in userId feature or API etc which can all be done in Matomo 4)

Not sure if "Disable fingerprint" is the right word since a fingerprint is still needed. Of course there could be also a feature "Disable fingerprint" which generates a new visit on every tracking request. It would basically add the dateTime to the fingerprint as well as some random generated string. That can be useful if people only want to know how often eg a page was viewed etc.

Any thoughts?

@mattab commented on April 27th 2020 Member

Not sure if "Disable fingerprint" is the right word since a fingerprint is still needed.

Indeed, how else could we call it so it's really clear?

@tsteur commented on April 27th 2020 Member

It's hard to say. What we're looking for is maybe not even related directly so much to "fingerprint".

Saying it "anonymises" the fingerprint kind of suggests we usually don't do that but that'd be also not 100% correct.

Also wondering what we could say how this maybe impacts cookie banners. Eg can we say as a result, if no personal data is tracked, no cookie consent is needed? So is it maybe more about avoiding "cookie consent" (if also no personal data is tracked)?

Also be good to have confirmed that we're confident enough once we apply a random token per day that users can really no longer be identified across days.

@mattab commented on April 27th 2020 Member

Sounds good...
as we probably couldn't say "Disable fingerprint" as it's still enabled within a day period, so maybe "Limit fingerprint"?

could we maybe name Avoid cookie consent banner as a section and under have both Limit fingerprint and Tracking without cookies?

Also be good to have confirmed that we're confident enough once we apply a random token per day that users can really no longer be identified across days.

someone with access to DB could potentially re-create the original hashes since other data points used in fingerprint are stored in the Db afaik, so as long as the daily (or more frequently re-generated, even customisable?) string is random and long, it would be secure?

@mattab commented on April 27th 2020 Member

When consent has been given, would we still limit the fingerprint?

@tsteur commented on April 27th 2020 Member

could we maybe name Avoid cookie consent banner as a section and under have both Limit fingerprint and Tracking without cookies?

@mattab that makes afaik no sense as from a privacy and user perspective tracking with cookie or fingerprint is the very same things. All/most privacy laws consider the fingerprint as the same as a cookie and that's why you'd want to ignore any visitorId from a cookie and ideally we'd also disable cookie feature in general in tracker. To avoid easy to understand / simple UI that is useful to users could have one setting "Avoid cookie consent banner" or "cookie less tracking" or similar. But splitting this up makes not really any sense except for making things complicated.

@tsteur commented on April 27th 2020 Member

@mattab I'll close this PR for now. Let's discuss further this Wednesday. Wanting to prevent implementing some solution that might be obsolete in Matomo 4 and people need to change things again possibly so be better to work on it first in Matomo 4 and back port it to Matomo 3

@mattab commented on April 27th 2020 Member

Might be more clear to use this approach of super privacy mode
https://github.com/matomo-org/matomo/issues/12737

This Pull Request was closed on April 27th 2020
Powered by GitHub Issue Mirror