Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GDPR Checklist #358

Closed
4 tasks done
ankane opened this issue May 1, 2018 · 5 comments
Closed
4 tasks done

GDPR Checklist #358

ankane opened this issue May 1, 2018 · 5 comments

Comments

@ankane
Copy link
Owner

ankane commented May 1, 2018

Summary

IP masking, anonymity sets, and no more cookies

Checklist

Completed items are on master branch

  • Mask IPs with Ahoy.mask_ips = true (side effect: reduces geocoding accuracy)
  • Add Ahoy.cookies = false to function server-side without cookies
  • Add Ahoy.configure({cookies: false}) to Ahoy.js to function client-side without cookies
  • Create readme instructions

IP Masking

Same approach as Google Analytics IP Anonymization

  • IPv4 - set last octet to 0
  • IPv6 - set last 80 bits to zeros

Anonymity Sets & Cookies

Instead of cookies, use the following formula for visit and visitor tokens.

uuid_v5("visit(or)/#{masked_ip_address}/#{user_agent}")

Visitors with the same masked IP address (see above) and user agent combo will be grouped together into an anonymity set

Note: Visits have an infinite duration - one approach is to add the current date/week to the hash, but this will interfere with active visits during switchover

Readme instructions

Update config/initializers/ahoy.rb to:

class Ahoy::Store < Ahoy::DatabaseStore
  def authenticate(data)
    # do not link visits and users automatically
  end
end

Ahoy.mask_ips = true
Ahoy.cookies = false

If you use JavaScript tracking, set:

ahoy.configure({cookies: false});

Notes

  • Encryption: Should already to do this with config.force_ssl
  • Data deletion: Data is stored in your data store, so already have full control

Resources

@rauhryan
Copy link

rauhryan commented May 1, 2018

This is great! thank you guys

Just started pulling ahoy into our app and excited to see this coming

Much appreciated and I'll try and help out if I find an opportunity

@ankane
Copy link
Owner Author

ankane commented May 18, 2018

Just released 2.1.0 with this

@ankane ankane closed this as completed May 18, 2018
@tolhzar
Copy link

tolhzar commented Aug 30, 2018

Note: Visits have an infinite duration - one approach is to add the current date/week to the hash, but this will interfere with active visits during switchover

@ankane is there a way to expire visit or set a duration somehow in that case?

@ACPK
Copy link

ACPK commented Oct 17, 2019

@ankane - Using Javascript, how would I allow Ahoy to track the user based on the user's answer to a "GDPR-compliant cookies notice"?

We'd also like to be able to automatically it off on certain sections of the site rather than application-wide.

@iamajvillalobos
Copy link

With GDPR settings on, can we still get unique visits properly?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants