Tracker configId should be based on original IP, not on anonymised IP?

[tsteur]

I just noticed the config id, used to identify a visitor, is based on the anonymised IP - if enabled: https://github.com/piwik/piwik/blob/2.13.0-rc2/core/Tracker/Settings.php#L78

I wonder if this is correct as we might sometimes generate the same configId for different users?

Implementation wise we'd probably only have to get the IP like $this->request->getIpString() instead of $this->ipAddres

[mattab]

+1 to use the raw original IP in the fingerprint hash - refs #7667

[mattab]

actually, I remove my +1 - changing this would be a privacy risk. In particular it would let an attacker brute force the md5 hash to get the raw IP address back from the config_id hash, even when IP was anonymised. we cannot leak the IP address in case it was anonymised in Piwik, so we must use the anonimised IP to build the hash.

edit: to brute force the config_id hash, attacker would need Piwik DB + Piwik config (for the salt)

[tsteur]

I would have expected to use useAnonymizedIpForVisitEnrichment setting as it is also used for location etc already anyway. I know it is still a different case but I think if someone wants to have complete privacy that person will have disabled that setting anyway.

[mattab]

I would have expected to use useAnonymizedIpForVisitEnrichment setting as it is also used for location etc already anyway.

👍

[mattab]

by default, Piwik users have anonymisation enabled and they use the raw IP

        'useAnonymizedIpForVisitEnrichment' => array('type' => 'boolean', 'default' => false),
        'ipAddressMaskLength'               => array('type' => 'integer', 'default' => 2),

by making the config_id use the raw IP we would improve the tracker detection algorithm that will match many less visitors with colliding config_id

This will improve the detection of visitors in Piwik for the vast majority of Piwik users who use the default privacy settings 👍