We are testing out a self-hosted implementation of Matomo and due to privacy/GDPR reasons we want to be extra sure we know exactly where the IP anonymization takes place so that we can be sure we’re not keeping any logs with full IPs either in the database or anywhere else.
Does it get anonymized before it ever touched any application logs (in the IIS server)? Does it get anonymized before or after any logs are put into the database? Or is it anonymized before it shows up on the Matomo dashboard?
@melbao Does this mean the request that the IP sends would still not be anonymized until it hits the Database - for example when the request goes through our application load balancer logs before it hits the database?
I do not know your system and for this reason I cannot make any statement about it. Some web hosts and server providers anonymize the IP immediately, some only disguise it, and some not at all.
Without IP, the Internet does not work. Even a domain is only a mask for an IP. IPs are addresses, like postal addresses. Without an address, mail cannot be delivered. Every click on the Internet is an order. Delivery times are at the speed of light. If you don’t tell the pizza delivery guy where to deliver, the pizza won’t arrive.
However, with tracking it is a bit different, as nothing is ordered and nothing is delivered, only information is sent. That’s why tracking is not so popular, because it has no direct benefit for the website viewer.
For more info on masking IPs you need to ask the server operators.
@melbao Thanks so much for that explanation, that makes sense. I think in this case we’ll operate under the assumption that the IPs aren’t masked until it hits the database. Thanks again for the detailed response.