@anonymous-piwik-user opened this Issue on December 17th 2013

Hi, I'm a technologist at a US-based digital rights group (cdt.org).

We'd like to run piwik on our site given the amount of careful thought and design you have all put into the privacy aspects of piwik. (thank you!)

One thing was particularly puzzling, however, and seems like a bug: If I follow the directions here on how to set up an "opt-out" cookie via an iframe:

http://piwik.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe-2

It sets a cookie from demo.piwik.org called "piwik_ignore" and a value of:

ignore%3DczoxOiIqIjs%3D%3A_%3Dfc46b86b94499df302c53e1e59838ffefec6d8a0

This string as the value of the cookie seems very problematic from a privacy perspective. It appears to be a highly unique number or identifier; that is, exactly the kind of thing we do not want! This could be used to track users.

Most implementations of an opt-out cookie instead include some non-unique content in the cookie like the string "opt-out" or even "NULL" (since the name of the cookie gives the function of the cookie).

Can we have a configuration toggle that would remove any unique identifier from the content of the opt-out cookie? I don't think we can start running Piwik without this kind of change (whether we make the change ourselves and just offer a patch to others that may feel the same or if Piwik folds such a change into the piwik UI).

@anonymous-piwik-user commented on December 17th 2013

I should have added a CC to joe@cdt.org, so please include me on any comments; thanks.

@mattab commented on December 25th 2013 Owner

The ID is the "signature" of the cookie so it is the same for all users for a particular piwik instance. Check with a different browser and you will get same cookie value.

Btw great work at cdt.org - maybe you will get a chance to advise use of Piwik to your members and readers :)

@anonymous-piwik-user commented on January 7th 2014

Thanks for the clarification... and thank you for the compliments; we certainly are trying to advise the use of Piwik and will right a bit about it at some point for other NGOs interested in doing privacy-conscious analytics. best, Joe

@bf commented on December 12th 2014

@mattab Regarding the signature, is it bound to just the piwik instance or also the domain?

Our problem is that piwik runs on a different (internal) subdomain so I want to make sure that the opt-out cookie I receive on the internal server is identical to the opt-out cookie I need to set for my users in an production environment.

Thanks for clarifying this!

@mattab commented on December 15th 2014 Owner

Regarding the signature, is it bound to just the piwik instance or also the domain?

Only to the Piwik instance

This Issue was closed on January 7th 2014
Powered by GitHub Issue Mirror