disableCookies and disableFingerprint?

Hello, i use matomo for many years and plan yet a customizing of my matomo settings and have questions about it.

First, i will use the _paq.push(['disableCookies']);. That i find nice and can remove the cookie consent.

Next, i will use the _paq.push(['disableBrowserFeatureDetection']);. Because i don’t use it in the last years.

In conclusion, I would like to use _paq.push(['disableFingerprint']);, but that don’t exists. I have read, by using disableCookies matomo will use the IP and footprint for the viewer detection. It would be enough for me if matomo only uses the IP for this. My settings for IP masking is currently 1 bit. I will be set to 2 bit. Is that accurate enough for tracking? First of that, i search a disableFingerprint option. Please help.

That method doesn’t exist because Matomo does not use any user fingerprint…

Hm, i don’t understand it right. Matomo write:

When cookies are disabled by a visitor (cookie-less tracking), how does it impact Matomo reports accuracy?
Matomo will still be able to determine unique visitors based on IP address and other footprints, but this will be inaccurate.

Also matomo don’t use a fingerprint (footprint) , but use a fingerprint-hash (timed restricted). This is almost the same.

and matomo write here further:

How does Matomo detect unique and returning visitors? (with User ID or Visitor ID from tracking cookie)
When … [than] …, [otherwise] we look for visits where the log_visit.config_id matches the visitor config_id.

I haven’t found everything about who the config_id is saved. Is the config_id saved in a cookie?

I have found more infos about the config_id. The config_id is stored in the database table log_visit.

Visits are stored in the log_visit table.
Each visit contains the following information:
config_id: a hash of all the visit’s configuration options, including the OS, browser name, browser version, browser language, IP address and all browser plugin information

The config_id is the fingerprint-hash, i mentioned above, also the fingerprint (footprint).

For the fingerprint (footprint) matomo uses a hash from the browser feature detection + browser header + IP. When disableBrowserFeatureDetection is set, than without browser feature detection and only with the browser header + IP. Matomo write: That is a little bit inaccurate. I will test it in the next days/weeks. For me only relevant are the page-visits from each visitor about his session.


Hi @melbao
Related GitHub tickets:

Hi Philippe, the situation of the information by many many users is know to me. Many users have a mistake in your thinking about tracking and GDPR. Cookies is one thing, Tracking is another, and Tracking with cookies is both.

A info and a consent is needed. called: explicit consent (banner).

A short info and a expanded info is needed without consent. short info called: implicit consent (banner).

Tracking with Cookies
A short/expanded info for tracking and cookies and a consent for cookies is needed. called: explicit consent (banner).

This matter is not only touched the GDPR, but further the Cookie Law and more (ePrivacy). Its also not only one law, its multiple law. Current, there is no way out for don’t use a short info banner for tracking without cookies.

Tracking without cookies
in all situations is indispensable a short info banner with a link to expanded infos about the tracking (method and more).

For this, i mentioned in few times ago, that’s the best way to use a own (not the matomo or other third party) JavaScript to detect a Browser DNT and AdBlock Plugins in the reference to only display the tracking short info banner when the tracking is really in use. The simplest way is to use the Matomo variable window.Matomo.
simple example:

var matomoconsentinterval = setInterval(function() {
	if (typeof (window.Matomo) == "object") {
		document.getElementById("matomoconsentbanner").style.display = "block";
}, 1000);

Further, use on each website a own first party tracking optout JavaScript.