unique identifier in the opt-out cookie? #4390
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Task
Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
worksforme
The issue cannot be reproduced and things work as intended.
Milestone
Hi, I'm a technologist at a US-based digital rights group (cdt.org).
We'd like to run piwik on our site given the amount of careful thought and design you have all put into the privacy aspects of piwik. (thank you!)
One thing was particularly puzzling, however, and seems like a bug: If I follow the directions here on how to set up an "opt-out" cookie via an iframe:
http://piwik.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe-2
It sets a cookie from demo.piwik.org called "piwik_ignore" and a value of:
ignore%3DczoxOiIqIjs%3D%3A_%3Dfc46b86b94499df302c53e1e59838ffefec6d8a0
This string as the value of the cookie seems very problematic from a privacy perspective. It appears to be a highly unique number or identifier; that is, exactly the kind of thing we do not want! This could be used to track users.
Most implementations of an opt-out cookie instead include some non-unique content in the cookie like the string "opt-out" or even "NULL" (since the name of the cookie gives the function of the cookie).
Can we have a configuration toggle that would remove any unique identifier from the content of the opt-out cookie? I don't think we can start running Piwik without this kind of change (whether we make the change ourselves and just offer a patch to others that may feel the same or if Piwik folds such a change into the piwik UI).
The text was updated successfully, but these errors were encountered: