Best ways to Obfuscate/Hide/Hash emails used as UserIDs in tracking code?

I know there is a plugin from @iMarkus that hashes UserIDs in the Matomo admin but what about obfuscating in the tracking code, on collection, but then converting back to emails within Matomo so the UserIDs are seen there but hidden within the tracking code.

I may be overlooking some existing functionality but so far my searches have not yielded any solutions here.

I guess this requires encryption and not hashing because hashing is only one way and couldn’t be UNhashed inside Matomo?

If anyone can share anything that has worked, that’d be helpful. Below is some example code used with a visible email and we want to obfuscate this value.

<script type="text/javascript">
  var _paq = _paq || [];
_paq.push(['setUserId', 'client@company1.com']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
_paq.push(['enableHeartBeatTimer']);
(function() {
var u="//matomo.domain.com/";
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', 3]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<noscript><p><img src="//app.surgostats.com/piwik.php?idsite=3" style="border:0;" alt="" /></p></noscript>

Hi,

I think before planning on how to do this, you should make sure, you know exactly what problem you want to solve by this.
Don’t you want website visitors to know that they are uniquely tracked? In that case you should rethink your privacy policy.
Don’t want users to find out their E-Mail? (Why?) Use something else as the UserId (some kind of unique id for every user in your system.
Don’t want Matomo users to be able to see who is which visitor? Then User ID is useless.
Don’t want Matomo users to be able to see the E-Mails of visitors? Again use something else as an unique id.
Don’t want to be accused of storing personal information about your users? Then it doesn’t matter if you hash/encrypt/obfuscate the UserID. You are able to use it to uniquely map the data in Matomo with their ID in your system or E-Mail and therefore have to handle all privacy implications this means.

I can’t think of a problem that would be solved with encrytion. You have the key to decrypt it, so you know the data the same way as if it was unencryted. And as the key has to be stored somewhere in Matomo, a attacker who can access the data can also access the key or the unencrypted data.

I also don’t know anything that is solved by useless obfuscation apart from the issue that your solution is too easy to maintain :slight_smile:

There are a few problems that are solved by hashing the userids (you don’t want to store the email itself, but just the fact that it is this unique user. But remember that this doesn’t solve data privacy issues about the data collection by Matomo. And keep in mind that sha1 is designed to be calculated (and therefore brute-forced) very efficiently.

I hope this makes the whole topic a bit more clear.

Lukas! Thanks for the detailed, thorough response here. I’ve read through it and need to read it again a few times to full digest it.

Aren’t there legit reasons, however, you’d want to obfuscate your methods?

For instance: Even when you have rock solid privacy and all your site visitors have opted-in and agreed to your privacy policy you still might not want make your custom tracking setup to certain parties like, say, your competitors?

Good question, I am not sure. I personally don’t know why I would want to obfuscate anything (after all it is already clear how everything works as Matomo is Open Source), but I understand if there are maybe reasons for other people that I don’t know of.