Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not store Accept-language full string, only store detected language #5365

Closed
mattab opened this issue Jun 19, 2014 · 4 comments
Closed

Do not store Accept-language full string, only store detected language #5365

mattab opened this issue Jun 19, 2014 · 4 comments
Assignees
Labels
c: Privacy For issues that impact or improve the privacy. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Jun 19, 2014

Goal of this ticket is to change Tracking API so that, instead of storing the full Accept-Language string en,fr;q=0.7,es;q=0.3 we shall store only the language that was detected from this string en

This is required for:

see also #6160

@matsbla
Copy link

matsbla commented Sep 2, 2014

How can accept language string lead to fingerprinting?

@mattab
Copy link
Member Author

mattab commented Sep 3, 2014

@matsbla Piwik uses it to create the fingerprinting hash. However you are right it may be useful to keep the full string for features like #6097 - it was suggested by the FSF in our effort to become a GNU package #5276

@mattab mattab added the Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. label Oct 20, 2014
@mattab mattab modified the milestones: Piwik 2.9.0, Short term Oct 20, 2014
@tsteur
Copy link
Member

tsteur commented Nov 10, 2014

you are right it may be useful to keep the full string for features like #6097

So is there actually anything todo?

@mattab
Copy link
Member Author

mattab commented Nov 10, 2014

Yes this is useful privacy enhancement for anyone being tracked by Piwik.

Here is proposal for this issue:

  • by default track one language instead of the full Accept-language string
  • add a new config setting eg [Tracker] record_full_accept_language_string = 0

For use cases like #6097 we can think of it later as for now respecting Privacy is more important 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Privacy For issues that impact or improve the privacy. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Projects
None yet
Development

No branches or pull requests

3 participants