New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Masking of IPv6 #18301
Comments
Thanks for creating this issue @dennisbaaten . I can see eg for the Matomo server IP We generally likely can't change the logic for all users as it could change a few metrics/reports. Including another option may be possible but not sure how that would be best done and explained. It would need like an option 2.5 but then it would be expected this be also applied to IPv4. This makes you then think that maybe IPv4 and IPv6 should be configured separately but then it makes the UI quite complicated. On the other side this could be developed in a custom plugin with a few lines of code maybe. |
From a user's perspective I would not consider two separate settings confusing. On the contrary, before reading this issue, I had no idea whether Matomo does mask IPv6 addresses at all. In my opinion two separate settings for IPv4 and IPv6 would improve clarity and give users more control about which data they collect. |
@tsteur we should maybe at least consider to show in the UI how IPv6 addresses are masked, so it's clear that the setting affects both IPv4 and IPv6. Should be easy to simply add some examples like we have for IPv4... |
@sgiehl that sounds good. We can tweak the inline help for example and make sure to mention that this anonymises IPv4 and IPv6. |
Any progress on this issue? |
This issue is not yet prioritised to be worked on. I will add it to the milestone for our product team to consider. |
The FAQ describes the way masking is done for IPv6 addresses:
First of all, I find the example IPv6 address a bit confusing since the full /128 version has two "0" quartets in it.
When looking at the masking options, the FAQ seems to suggest that the IPv6 masking options are:
At the same time the source code
seems to imply that the masking options are:
Last but not least, I notice that most ISP's give /48 to their customers, which means that a person can be uniquely identified by these 3 first quartets. So all IPv6 masking options of 80 bits and less are not sufficient for anonymization, potentially causing problems with GDPR compliance. Because 104 bits masking (or more) would hinder location analytics too much, it seems a good idea to include a masking option of, let's say, 96 bits.
The text was updated successfully, but these errors were encountered: