sgiehl
commented
3 years ago Hi @cristiklein. Thanks for creating this issue. Matomo itself is actually able to mask the IP addresses before they are stored or if required before they are processed. If the IPs are anonymized the same way before they are sent to Matomo it should have no further impact. Matomo allows to define how many bytes of an IP address it should anonymize. Depending on the setting certain parts of the IP are set to 0. See https://github.com/matomo-org/component-network/blob/master/src/IPv4.php#L30-L44 and https://github.com/matomo-org/component-network/blob/master/src/IPv4.php#L30-L44
cristiklein
Hi,
I'm considering using Matomo for privacy-friendly analytics on my personal website. Specifically, I want to avoid having to ask the user for any consent -- legally, of course -- but still getting useful statistics about my visitors. My logs are produced by CloudFront. The only piece of the missing puzzle is for this tool to mask IP addresses, e.g., to
/30. Otherwise, I need to ask the users for consent, since un-masked IP addresses were ruled to be personal data.Adding a masking option to this tool is trivial. However, can Matomo accept such masked IP addresses? How should these look like to not confuse Matomo. For example, Matomo could deduce that two masked IPs are the same visitor. All I really care about is rough country- or state-level statistics on my visitors.
Happy to contribute a PR if someone can help me figure out the details around the format of the masked IP address.