is the current hashed_ip routine enough to annomize user's IPs?

[philmmanjaro]

I looked a little deeper into the topic about GDPR and hashed IPs. During my research I found this table with other techniques and how sane those are: Link. Having maybe some combined before our UUID-Hash gets generated might secure our approach more to have a reverse engineering of the IP addresses somehow better blocked.

The generated UUID-Hash should be the same, regardless of which combo of techniques we use. Otherwise we might generate false data collection of user counts, when the same machine would ping our servers in a short period of time gain.

---

The following table presents a high-level comparison of various techniques employed or under development in 2019 and classifies them according to categorization of technique and other properties. Both the specific techniques and the categorizations are described in more detail in the following sections. The list of techniques includes the main techniques in current use but does not claim to be comprehensive.

Categorization/Property	GA	d	TC	C	TS	i	B
Anonymization	X	X	X				X
Pseudonymization				X	X	X
Format preserving	X	X	X	X	X	X
Prefix preserving			X	X	X
Replacement			X
Filtering	X
Generalization							X
Enumeration		X
Reordering/Shuffling			X
Random substitution			X
Cryptographic permutation				X	X	X
IPv6 issues					X
CPU intensive				X
Memory intensive			X
Security concerns						X

Legend of techniques:

GA = Google Analytics d = dnswasher TC = TCPdpriv C = CryptoPAn TS = TSA i = ipcipher B = Bloom filter

[romangg]

At the moment no IPs are stored.