Hi, I'm a technologist at a US-based digital rights group (cdt.org).
We'd like to run piwik on our site given the amount of careful thought and design you have all put into the privacy aspects of piwik. (thank you!)
One thing was particularly puzzling, however, and seems like a bug: If I follow the directions here on how to set up an "opt-out" cookie via an iframe:
It sets a cookie from demo.piwik.org called "piwik_ignore" and a value of:
This string as the value of the cookie seems very problematic from a privacy perspective. It appears to be a highly unique number or identifier; that is, exactly the kind of thing we do not want! This could be used to track users.
Most implementations of an opt-out cookie instead include some non-unique content in the cookie like the string "opt-out" or even "NULL" (since the name of the cookie gives the function of the cookie).
Can we have a configuration toggle that would remove any unique identifier from the content of the opt-out cookie? I don't think we can start running Piwik without this kind of change (whether we make the change ourselves and just offer a patch to others that may feel the same or if Piwik folds such a change into the piwik UI).
I should have added a CC to firstname.lastname@example.org, so please include me on any comments; thanks.
The ID is the "signature" of the cookie so it is the same for all users for a particular piwik instance. Check with a different browser and you will get same cookie value.
Btw great work at cdt.org - maybe you will get a chance to advise use of Piwik to your members and readers :)
Thanks for the clarification... and thank you for the compliments; we certainly are trying to advise the use of Piwik and will right a bit about it at some point for other NGOs interested in doing privacy-conscious analytics. best, Joe
@mattab Regarding the signature, is it bound to just the piwik instance or also the domain?
Our problem is that piwik runs on a different (internal) subdomain so I want to make sure that the opt-out cookie I receive on the internal server is identical to the opt-out cookie I need to set for my users in an production environment.
Thanks for clarifying this!
Regarding the signature, is it bound to just the piwik instance or also the domain?
Only to the Piwik instance