@dennisbaaten opened this Issue on November 12th 2021

The FAQ describes the way masking is done for IPv6 addresses:

IP Anonymisation privacy feature will anonymise IPv6 addresses. For example if Matomo is configured to anonymise “1 byte” from an IPv4, then the IPv6 address 2001:db8:0:8d3:0:8a2e:70:7344 would be anonymised as 2001:db8:0:8d3:0:0:0:0. When configured to anonymise 2 bytes, then the IPv6 becomes 2001:db8:0:0:0:0:0:0. And when configured to anonymise 3 bytes, then the IPv6 would be 2001:d00:0:0:0:0:0:0.

First of all, I find the example IPv6 address a bit confusing since the full /128 version has two "0" quartets in it.

When looking at the masking options, the FAQ seems to suggest that the IPv6 masking options are:

  • 64 bits
  • 80 or 96 bits
  • 108 bits

At the same time the source code

        $masks = array(
            'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff',
            'ffff:ffff:ffff:ffff::',
            'ffff:ffff:ffff:0000::',
            'ffff:ff00:0000:0000::',
            '0000::'
        );

seems to imply that the masking options are:

  • 64 bits
  • 80 bits
  • 104 bits

Last but not least, I notice that most ISP's give /48 to their customers, which means that a person can be uniquely identified by these 3 first quartets. So all IPv6 masking options of 80 bits and less are not sufficient for anonymization, potentially causing problems with GDPR compliance. Because 104 bits masking (or more) would hinder location analytics too much, it seems a good idea to include a masking option of, let's say, 96 bits.

@tsteur commented on November 14th 2021 Member

Thanks for creating this issue @dennisbaaten . I can see eg for the Matomo server IP 2a00:b6e0:0001:0200:0177:0000:0000:0001 and double checked that this results in 2a00:b6e0:1:200::. Geolocation etc works still well. It wouldn't identify an individual though if I see this right. Not sure though how all the ISP's handle it. Also looked into some personal IPs and it shouldn't identify an individual there maybe. That's only the examples I looked at though.

We generally likely can't change the logic for all users as it could change a few metrics/reports.

Including another option may be possible but not sure how that would be best done and explained. It would need like an option 2.5 but then it would be expected this be also applied to IPv4. This makes you then think that maybe IPv4 and IPv6 should be configured separately but then it makes the UI quite complicated.

image

On the other side this could be developed in a custom plugin with a few lines of code maybe.

Powered by GitHub Issue Mirror