Hi, is there any technical control against an adversary sending fake tracking data to the Matomo Tracking API? I’m not worried about this in practice, it’s a pretty low-value attack, I’m just curious.
Essentially, I was trying to create my own simple tracking script and it occurred to me that if someone were determined to pollute my logs they could use dev tools to see where I was POSTing tracking requests, and then send in fake data.
So I got curious about how Matomo does it. Based on my read of the API reference it seems that this would be possible, since the only two required params are static across calls.