Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unique identifier in the opt-out cookie? #4390

Closed
anonymous-matomo-user opened this issue Dec 17, 2013 · 5 comments
Closed

unique identifier in the opt-out cookie? #4390

anonymous-matomo-user opened this issue Dec 17, 2013 · 5 comments
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. worksforme The issue cannot be reproduced and things work as intended.
Milestone

Comments

@anonymous-matomo-user
Copy link

Hi, I'm a technologist at a US-based digital rights group (cdt.org).

We'd like to run piwik on our site given the amount of careful thought and design you have all put into the privacy aspects of piwik. (thank you!)

One thing was particularly puzzling, however, and seems like a bug: If I follow the directions here on how to set up an "opt-out" cookie via an iframe:

http://piwik.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe-2

It sets a cookie from demo.piwik.org called "piwik_ignore" and a value of:

ignore%3DczoxOiIqIjs%3D%3A_%3Dfc46b86b94499df302c53e1e59838ffefec6d8a0

This string as the value of the cookie seems very problematic from a privacy perspective. It appears to be a highly unique number or identifier; that is, exactly the kind of thing we do not want! This could be used to track users.

Most implementations of an opt-out cookie instead include some non-unique content in the cookie like the string "opt-out" or even "NULL" (since the name of the cookie gives the function of the cookie).

Can we have a configuration toggle that would remove any unique identifier from the content of the opt-out cookie? I don't think we can start running Piwik without this kind of change (whether we make the change ourselves and just offer a patch to others that may feel the same or if Piwik folds such a change into the piwik UI).

@anonymous-matomo-user
Copy link
Author

I should have added a CC to joe@cdt.org, so please include me on any comments; thanks.

@mattab
Copy link
Member

mattab commented Dec 25, 2013

The ID is the "signature" of the cookie so it is the same for all users for a particular piwik instance. Check with a different browser and you will get same cookie value.

Btw great work at cdt.org - maybe you will get a chance to advise use of Piwik to your members and readers :)

@anonymous-matomo-user
Copy link
Author

Thanks for the clarification... and thank you for the compliments; we certainly are trying to advise the use of Piwik and will right a bit about it at some point for other NGOs interested in doing privacy-conscious analytics. best, Joe

@anonymous-matomo-user anonymous-matomo-user added this to the 2.0.3 - Piwik 2.0.3 milestone Jul 8, 2014
@bf
Copy link

bf commented Dec 12, 2014

@mattab Regarding the signature, is it bound to just the piwik instance or also the domain?

Our problem is that piwik runs on a different (internal) subdomain so I want to make sure that the opt-out cookie I receive on the internal server is identical to the opt-out cookie I need to set for my users in an production environment.

Thanks for clarifying this!

@mattab
Copy link
Member

mattab commented Dec 15, 2014

Regarding the signature, is it bound to just the piwik instance or also the domain?

Only to the Piwik instance

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Development

No branches or pull requests

3 participants