Tracker configId should be based on original IP, not on anonymised IP? #7778
Comments
tsteur
added
the
Help wanted
|
+1 to use the raw original IP in the fingerprint hash - refs #7667 |
|
actually, I remove my +1 - changing this would be a privacy risk. In particular it would let an attacker brute force the md5 hash to get the raw IP address back from the config_id hash, even when IP was anonymised. we cannot leak the IP address in case it was anonymised in Piwik, so we must use the anonimised IP to build the hash. edit: to brute force the config_id hash, attacker would need Piwik DB + Piwik config (for the salt) |
mattab
added
the
wontfix
|
I would have expected to use |
👍 |
mattab
removed
the
wontfix
|
by default, Piwik users have anonymisation enabled and they use the raw IP by making the config_id use the raw IP we would improve the tracker detection algorithm that will match many less visitors with colliding config_id This will improve the detection of visitors in Piwik for the vast majority of Piwik users who use the default privacy settings 👍 |
I just noticed the config id, used to identify a visitor, is based on the anonymised IP - if enabled: https://github.com/piwik/piwik/blob/2.13.0-rc2/core/Tracker/Settings.php#L78
I wonder if this is correct as we might sometimes generate the same configId for different users?
Implementation wise we'd probably only have to get the IP like
$this->request->getIpString()instead of$this->ipAddresThe text was updated successfully, but these errors were encountered: