Skip to content


Subversion checkout URL

You can clone with
Download ZIP


New Privacy feature: "Disable all tracking cookies" (EU Privacy regulation update) #2772

mattab opened this Issue · 10 comments

2 participants


Discussed in forum post New EU Privacy regulation: we need an "opt-in" for statistics cookies.


  • piwik.js new method disableCookies() that would 1) delete existing cookies if any 2) skip all cookie setters
    • In the JS display code page, we should add a box that when ticked, would add the call to piwikTracker.disableCookies() in the JS snippet, see #1845

Another idea is to add a Setting in addition to the JS customization. The setting when enabled would hide all reports that will not work after stop using cookies (Days since visit, unique visitors, etc.). But the overhead of adding a setting does not sound worth the benefit of less UI clutter... especially since this law is really extreme and Piwik users are doing a lot better by default in terms of privacy protection!

Useful & quite easy feature, so good one anyway, in line with our fight for better Privacy to all.


Also (maybe this needs a new ticket but would be nice to do at same time)


So I think it's just a matter of adding a FAQ at least, explaining how to change cookielifetime to a max of 30 days (for example, based on after how long raw visitor logs are deleted).

  • Document the list of cookies created during tracking, in the Privacy page `

Law went live in the UK on May 26th so we need to add this feature in the next release.


(In [6387]) Fixes #2772

  • New Javascript function disableCookies() to disable all cookies
@mattab mattab added this to the Piwik 1.8 milestone


I would like to ask about disabling cookies and it's impact on the reports, There is methods to create fingerprints for visitors without using cookies, and it's over 90% accurate for millions of users, for small websites that woud be much more accurate in term of probabilities.
So why not to store that unique ID and all information set in the cookie in the DB?
sorry if i'm mistaken, but i'm interested in this.



Thanks for replay, i have read the impact before commenting the post, and this is why i thought that saving the information in the db would be more efficient.
If you say that you still can find unique visitors with IP and footprints, then why not just to save the information in the db instead of cookie, it's more persistent and secure and can be accessed even if the user removes cookies or disable them.
so instead of setting a cookie when a user first visit the website, we make an ajax request to store the information in the db.
I would like to know what's wrong with this solution please. you are more engaged in the project and know more details to can determine the effectiveness of this solution.

@mattab mattab added the c: Privacy label

You would be very kind if you answer me :) i would really appreciate as i have a project going same way and without using cookies and i would like to know if this could be the solution.


So why not to store that unique ID and all information set in the cookie in the DB?

not sure I understand the question correctly. Maybe you can ask the question in this forum: - Someone may reply to it there, thanks!


if reports are affected by disabeling cookies, because there is information saved in thoese cookies, so why not to save this relevant information in the DB if we still can identify every Browser uniquely to match the data stored in the DB with that Browser (visitor)

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.