@mattab opened this Issue on July 26th 2014 Member

The CNIL has suggested that it would be more readable and useful to remove the ID found in the 3rd party opt-out cookie. Having an ID in that cookie is not a problem but it's a bit confusing as it almost looks like it's a visitor ID (though its only a static ID that will be the same for all opt-out cookies).

More info: the reason an id appears there is that our cookies are signed. @robocoder do you think there is still a security advantage to signing our cookie? Maybe we could now safely remove the signing part of the Cookie class.

@robocoder commented on July 26th 2014 Contributor

We sign the cookie to ensure the cookie was created by Piwik by a user who explicitly opted out. If you remove the ID, then third-party developers can easily spoof the cookie (e.g., via a browser extension).

You're welcome to remove the ID, but I think some users would prefer it be configureable and/or default to prevent spoofing.

@robocoder commented on July 28th 2014 Contributor

An alternative is to rename the cookie to something more innocuous, e.g., opt_out_confirmation.

@robocoder commented on July 28th 2014 Contributor

Either way, CNIL's suggestion has no weight. First, it's not an ID -- it isn't personal identifiable information that needs to be kept confidential. Second, removing it would allow spoofing, which would be counter to the principle of data security.

@mattab commented on August 1st 2014 Member

Thanks for your input. I've moved out of backlog as this is low priority.

This Issue was closed on April 26th 2015
Powered by GitHub Issue Mirror