Remove ID string from third party opt-out cookie #5886
Comments
|
We sign the cookie to ensure the cookie was created by Piwik by a user who explicitly opted out. If you remove the ID, then third-party developers can easily spoof the cookie (e.g., via a browser extension). You're welcome to remove the ID, but I think some users would prefer it be configureable and/or default to prevent spoofing. |
|
An alternative is to rename the cookie to something more innocuous, e.g., |
|
Either way, CNIL's suggestion has no weight. First, it's not an ID -- it isn't personal identifiable information that needs to be kept confidential. Second, removing it would allow spoofing, which would be counter to the principle of data security. |
|
Thanks for your input. I've moved out of backlog as this is low priority. |
mattab
added
the
wontfix
The CNIL has suggested that it would be more readable and useful to remove the ID found in the 3rd party opt-out cookie. Having an ID in that cookie is not a problem but it's a bit confusing as it almost looks like it's a visitor ID (though its only a static ID that will be the same for all opt-out cookies).
More info: the reason an id appears there is that our cookies are signed. @robocoder do you think there is still a security advantage to signing our cookie? Maybe we could now safely remove the signing part of the Cookie class.
The text was updated successfully, but these errors were encountered: