Cookieless: config_id and ePrivacy

Hi everyone,

Our company is currently piloting the cookie-less cloud version of Matomo.

While I understand the config_id is a randomly-seeded, privacy-enabled, time-limited hash of a limited set of the visitor’s settings and attributes, our EMEA internal privacy team still considers - even if one disable browser feature detection - that collecting some of those settings and attributes is not compliant with article 5(3) of the ePrivacy Directive.

I explained to them that, with browser feature detection turned off, those reduced number of settings and attributes were only part of the user-agent string, still they consider that you are collecting those for analytics purpose without user consent.

I was wondering if there was a way to generate a config_id that would not be based on the visitor’s settings and attributes but on a random or unique ID for instance (Math.random, UUID library, etc.) ? I know this would screw up the number of visitors in that 24 hours window, but for some companies like ours, visitors is not a metric we track at all.

Thanks very much.


Hi @je_mi_bi
Links to some GitHub discussions about this topic: