Storing ip-address?

Hi Forum,

I discovered Piwik today and want to use it as alternative to AWStats and/or Google Analytics. Very nice software!

As German company I have one question about privacy. I couldn't find a satisfying answer yet. The question is: does piwik store ip-addresses of visitors in database or cookies? In Germany the situation is not clear: maybe storing of ip-addresses is not allowed because it harms privacy.

Regards

Christian

I'm from Germany, too. The legal situation is difficult. German privacy laws are very strict. So some courts decided, that Google analytics violates German privacy laws because an ip-adress is a personal information which may not be saved without permission. That's why there is a particular risk in using tracking tools in Germany.

Piwik saves the ip-adress as a number in the database. Because it's possible to recalculate the real ip from this number, this method may also be illegal in Germany. It would be great if there was a feature to save anonymized ip-adresses in piwiki.

Sorry, I saw the answer not until today. Thought that I would be informed about answers...

What do you mean with "saves the ip-address as a number"? As a kind of md5-hash or something like this?

Piwik saves the IP in the database, so if thats against the law in Germany, it will be illegal. I would recommend adding a feature request in the Developer Zone to ask for an option not to store the IP.

The the mean time, you could modify Piwik. Find the file /piwik/core/Tracker/Visit.php and the function handleNewVisit. You will see a line like:

'location_ip' => $userInfo['location_ip'],

and change it to

'location_ip' => ip2long('0.0.0.0'),

BTW - thats a very stupid law There is nothing 'private' about IPs, they are not owned by individuals, but leased from a governing body (APNIC in Aus).

---

http://www.karlkopp.com/

Hi kolchak,

Quote
kolchak @ Apr 29 2009, 11:35 PM
BTW - thats a very stupid law There is nothing 'private' about IPs, they are not owned by individuals, but leased from a governing body (APNIC in Aus).

I hope your BTW comment was ironic
Please consider that the IP is an information (indirect) related to an individual and thus you can link all information to a real person. At least authorities can do that if they want.

Devolpers of statistic software should responsibly keep this in their mind. Just think of how authoritarian regimes handle informations like this. Don't collect and store informations if you really don't need them!

Tests of "reasonable" and what constitutes "personal information" varies from jurisdiction to jurisdiction. We're software developers, not lawyers.

---

Buy me a beer. Show me some love.

Changes in the upcoming release: CHANGES

Privacy protection is a matter of responsibility to preserv freedom and democracy, apart from interpretation and complying with the applicable local laws! I'm serious about it.
Keep the social effects in mind: "The indefinite feeling of unwanted observation" unconsciously changes the behavior.

@Kolchak: thank you for your advice!

I just added this topic as feature request. Would be great if there would be an option to deactivate storing of ip-addresses or to anonymize the storing!

Note: this functionnality was added in Piwik 0.5.5 - you can now enable the AnonymizeIp plugin which will hide the last bytes of the IP in your Piwik database.

---

Please READ before posting a new topic

Search Piwik Forum & Docs - Piwik FAQ - Piwik Help - Stay tuned on the Piwik Blog. I'm on twitter & on github

New! Help : fund an AWESOME new feature for Piwik (Custom Segmentations Editor + Apply in Real Time!), we need your help!

New: Sponsor a feature or work new plugin. Contact us now with your budget, timeline, and which new feature you would like to fund we will let you know the quote.

First: Great and a big thank you! That was really missing from Piwik.
Second: Do I have to do anything else beyond activating the plugin? I looked around and didn't find more information.

Hi Bolero
There's a parameter in /config/global.ini.php.

; number of octets in IP address to mask, in order to anonymize a visitor's IP address
; if the AnonymizeIP plugin is deactivated, this value is ignored
; for IPv4 addresses, valid values are 0..4
; installation default was 1.
ip_address_mask_length = 2

You can check success in the visitor log on the dashboard. The last x bytes of the IP address should then be zero.

I'm sorry but i have to agree with the comment that it's kind of of a stupid law because there is no way to prevent a web server from knowing the IP of the visitor; it's how the Internet is functionning. If one would not send it's IP to the server he's trying to visit, he wouldn't received any data back.

But, i'm not completly against the idea behind that law. IP adresses are somewhat of a sensitive information and every country could have a law that render illegal to collect that kind of information and permit only to local autorities to associate an IP to an individual.

But i still wonder how can german people use wikis anonymously ? When using a wiki without an account, the IP is used as username instead.

I also wonder about people that their IP adresse is changing everytime they are accessing the Internet.
And what about when the IP is shared amoung users of a local / home network ?

Beside, will Germany have lawsuit with every sites in the world ? Google, Microsoft.com, Yahoo!, Facebook, Twitter, Flickr, YouTube, Apple.com, etc. ; all thoses sites are collecting IP of their visitors. Collecting IP, doing reports on visits is what most web server are preconfigured to do when we acquire a web hosting. Even more, on my web hosting for my domain synaptique.ca, there is other analytic softwares preinstalled that can't be removed. I asked my server admin to remove them for my domain and he said that he wasn't able to.

So, even though Piwik has that functionality, and i think that it's really great that it now as it since that was something that was so frequently asked and it's important to listen to the community when working on open source prokects, i think that there's a still so many webstites that wont comply with the german law that it somehow render the law "non viable" or so. What i mean is that in most situation, if a law can't be enforced, that law need an amendment or something. I dont have any exemple but there is an history of laws (or rules) that has to be removed or changed because people didn't want to comply and / or that law enforcers couldn't make people obey it.

It's even more complicated i suppose in the case of that german law since they can't force people from others country to follow it.

I hope i dont chock anybody, it's not my intentions here.

I don't understand all the fuss behind all this. IPs are just numbers, you can't get the name or the address of its owner unless you have a court order, at least here in france, and I guess it is the same worldwide.

Besides, if someone want to hide his IP, if it is not as easy as deleting a cookie, it is still not that hard to do.

Well, the situation isn't 100% clear in Germany either.

Data protection rules request from you to store personal information or information that allows in any way to be connected to personal information must be deleted as soon as possible and might only be stored for certain purposes.

Statistic purposes are not considered to be an exception, so in theory the IP address must be deleted immediately. And to be honest, we do not really need them for web analytics, do we? Once the visit has an visit ID and once the visitor has a visitor ID the IP should be deleted.

You are right, every server is generating log files with IP addresses, but also those are required to be removes asap, as long there is no other requirement (like documentation requirements, etc.).

I know that it is very difficult to get the connection between an IP address and a real person. However, it is theoretically possible. As we don't really need the IP in webanalytics (please correct me if I am wrong), we can also delete them asap, can't we?

It is always better not to run into any trouble.

And I can tell you, those things are becoming more and more important. I am sure that in Canada it won't be much different in a few years. Or maybe you should have a look at your laws. I was also surprises last week when reading about those rules. Many people don't know about them in Germany either. And NO, they are not suing everyone. But they are currently reminding everyone about the rules... At the end of the day it is always the judge that has to make an interpretation of the written law, which can differ quite a lot, until the highest court has made a decision that should be followed by all courts.

I was just looking how this might be handled in other countries than Germany. So as someone posted a Canadian example, I thought I'd just have a look for Canada.

Quote

An Internet Protocol (IP) address can be considered personal information if it can be associated with an identifiable individual.50

www.priv.gc.ca/leg_c/interpretations_02_e.cfm

So at the end of the day, I don't think the actual rules are that different. In Germany it is also allowed to store IP addresses in data bases, but only if necessary. Web analytics is not considered to apply for the exception "if necessary". ;-)

And this one...

www.priv.gc.ca/cf-dc/2001/cf-dc_011120_e.cfm

Already from 2001.

Just research a little about cases in your countries. You might be surprised. Just as I was. Especially people who work in Webanalytics should be aware of those things. We should take privacy concerns serious. Because if we don't, then sooner or later it will come worse. An autoregulation usually is better than to wait for the court's decision. ;-)

COMMENT: Why the hell am I not allowed to link to the Canadian Privacy Council website? hehehehe, you might think this is on purpose...

You can't link to any site on this forum (or so).


Your last link refer to an organization that was collection the names of their visitors' computers without even knowing about it.

Did you know that every BOINC project collect the names of the computers since it's start many years ago ?

I've been running BOINC since then (but not in summers; it's too hot).


Do you also understand that the IP adress is not needed to make a profile for each visitor and follow them on the Internet ?

Anyone who know PHP can get a lot of data from people who visit his site.
Screen res, browser, type of computer/processor, etc.

EDIT :

Beside, the canada agency site that you've given a link to say that they are actually doing exactly the same thing as us with Piwik :

Quote

Server logs: Our servers automatically log information about visits to our Web site in the normal course of establishing and maintaining Web connections. Server logs record statistical information, such as visitors' IP addresses, type of operating systems, time and duration of visit, Web pages requested, and identify categories of visitors by items such as domains and browser types. These statistics are reported in aggregate form to our Web and communications staff, and are used to improve our Web site and ensure that it provides the optimal Web experience for visitors.

Source : www.priv.gc.ca/notice-avis_e.cfm

Quote
TulipVorlax @ May 6 2010, 05:21 AM
You can't link to any site on this forum (or so).


Your last link refer to an organization that was collection the names of their visitors' computers without even knowing about it.

Did you know that every BOINC project collect the names of the computers since it's start many years ago ?

I've been running BOINC since then (but not in summers; it's too hot).


Do you also understand that the IP adress is not needed to make a profile for each visitor and follow them on the Internet ?

Anyone who know PHP can get a lot of data from people who visit his site.
Screen res, browser, type of computer/processor, etc.

EDIT :

Beside, the canada agency site that you've given a link to say that they are actually doing exactly the same thing as us with Piwik :


Source : www.priv.gc.ca/notice-avis_e.cfm

Will have to look up what BOINC is now... ;-)

Well, question is if and how they store it.

And I know that IP addresses are not the only thing. There are many things you can do to collect information and profile visitors to your website. That in general is not a problem for data protection, as long as you can link this back to a single person and identify them with that.

I think all the data projection stuff is pretty complicated. However, I don't see a major problem to shorten the IP address, if it makes the data protection guys happy.

Data protection has not a very strong lobby yet. Funny thing about Germany is, that you shouldn't store the ip address in your piwik database, but every hosting provider is required to store every email communication done over their servers for quite some time, so that the authorities can find the terrorists faster... hahaha. I am not sure if they really know what they are up to and if they have the capacities to analyze even 1% of it.

Anyway...

Hi Holch
Don't underestimate what cheap silicon and disks can do today to track anybody down by the digital traces you really can't prevent to leave everywhere nowadays.

But the "Vorratsdatenspeicherung" that you refer to in your last paragraph (storing all connection data for six months for use by authorities) has just been declared unconstitutional by our Supreme Court.

I agree it would have been strange: You would have been sentenced for illegally collecting "personal" data on your site while your provider shares your prison cell for illegally **not** collecting the same data, both on the same machine.

Everybody around the world always knew that german legislation is just perfect: Everything is either permitted or prohibited, there's no "grey zones" (unclear border). But little did they know that one thing can be permitted and prohibited at the same time :-))))

What if a commerial hoster also runs a private piwik or google-analytics-armed blog? Can obviously only be done from jail *g