Where exactly does Matomo anonymize IP addresses? Is it on the IIS server, before the database, or only when showing on the Matomo dashboard?

dlaw0000 · March 22, 2023, 1:53pm

Hi,

We are testing out a self-hosted implementation of Matomo and due to privacy/GDPR reasons we want to be extra sure we know exactly where the IP anonymization takes place so that we can be sure we’re not keeping any logs with full IPs either in the database or anywhere else.

Does it get anonymized before it ever touched any application logs (in the IIS server)? Does it get anonymized before or after any logs are put into the database? Or is it anonymized before it shows up on the Matomo dashboard?

Any help at all would be greatly appreciated.

Thanks in advance,
Dana

je_mi_bi · March 23, 2023, 8:49am

IIS server logs and Matomo databases are two different things. My understanding is that Matomo anonymizes the IP address before it gets stored as a hashed version of it in the database.

Jean-Michel

melbao · March 23, 2023, 10:46am

Hi Dana, thats not so simple. The IP must be send to the server for a request. Also, the IP is send to the server. Many server logs the request. Apache: access.log. Matomo grab the IP via PHP

$_SERVER['REMOTE_ADDR']

on this point and shortened before save it in the database:

github.com

matomo-org/matomo/blob/b0235fbed3b09638e523f67a7ac0107dc911cfe4/core/IP.php#L38


      
          *
          * As a matter of naming convention, we use `$ip` for the network address format
          * and `$ipString` for the presentation format (i.e., human-readable form).
          *
          * We're not using the network address format (in_addr) for socket functions,
          * so we don't have to worry about incompatibility with Windows UNICODE
          * and inetPtonW().
          *
          * @api
          */
          class IP
          {
             /**
              * Returns the most accurate IP address available for the current user, in
              * IPv4 format. This could be the proxy client's IP address.
              *
              * @return string IP address in presentation format.
              */
             public static function getIpFromHeader()
             {
                 $general = Config::getInstance()->General;

dlaw0000 · March 23, 2023, 1:25pm

Thanks both for the responses.

@melbao Does this mean the request that the IP sends would still not be anonymized until it hits the Database - for example when the request goes through our application load balancer logs before it hits the database?

melbao · March 23, 2023, 2:42pm

I do not know your system and for this reason I cannot make any statement about it. Some web hosts and server providers anonymize the IP immediately, some only disguise it, and some not at all.

Without IP, the Internet does not work. Even a domain is only a mask for an IP. IPs are addresses, like postal addresses. Without an address, mail cannot be delivered. Every click on the Internet is an order. Delivery times are at the speed of light. If you don’t tell the pizza delivery guy where to deliver, the pizza won’t arrive.

However, with tracking it is a bit different, as nothing is ordered and nothing is delivered, only information is sent. That’s why tracking is not so popular, because it has no direct benefit for the website viewer.

For more info on masking IPs you need to ask the server operators.

dlaw0000 · March 23, 2023, 2:58pm

@melbao Thanks so much for that explanation, that makes sense. I think in this case we’ll operate under the assumption that the IPs aren’t masked until it hits the database. Thanks again for the detailed response.

heurteph-ei · April 5, 2023, 12:50pm

@dlaw0000
If you need geolocation, have also a look at the following link, in section ** Geolocation Considerations when IP masking**: