GDPR notice in README about kirby3-simplestats HOT 7 CLOSED

Hey Martin,

Thanks for your 2 cents and for worrying about this. It still needs to be clarified indeed, that's why I put that information message in the readme.
Thus, the people rather not using it is the "expected behaviour" : you need to know the GDPR and read the source code to ensure your own level of GDPR compliance.

Note: the GDPR is still unclear to me in practise, so I don't know how certain terms would apply on SimpleStats.
The readme message has become a little obsolete, it should be sha1( base64_encode( mix( trunc(IP) + trunc(UserAgent) + Salt)) ), plus it's misleading as the trunc function is more a sanitiser rather than a real anonymising trunc function.

So all user-identifying-data gets "mixed-then-(one-way)-double-encrypted" to obtain a unique identifier, which the GDPR still calls a "pseudo" (I guess) and does not qualify as a complete "anonymisation". Which I understand because if a hash can be reversed in the future (logic error, quantic computing, bruteforce-ing, etc...), the user can be identified again.
(Is "encrypted" what you call "restored"?)
To be fully compliant, I guess the IP part would need to be partially used (and not completely), what do you think ?

from kirby3-simplestats.

Stripping down the IP by default would definitely remove the need for consent, since no personally identifiable data is collected (which would trigger consent requirement, unless you go for 6 lit. f (legitimate interests) which would cover reach measurement anyways.

People have to know that they should be transparent about what data they collect and why (personally identifiable or not) and if personally identifiable, under what legal norm.

I'll see if I can whip up a PR, but can't promise anything 😀

from kirby3-simplestats.

Awesome, thanks for your research, I like the method you found, seems to work well. It also allowed me to simplify the IP checking part :)
I've improved it a bit by making the amount of stripped bits configureable (dynamic).

(Leaving this open until I update the readme)

from kirby3-simplestats.

Removing 1 to 3 bytes should be enough (like 123.456.7.xxx) which - in combination with UA - would be enough to "remember" our unique visitor 😄

from kirby3-simplestats.

Ok, sounds good, I'll give it a shot in my next dev session (or you can try if you'd like to ?).
Making the byte-stripping an option would be nice to have too.

What's your opinion about the GDPR compliance in the docs ?
I think that this change makes SimpleStats more GDRP compliant, but I don't know if it still requires asking for consent, so I feel more like updating/clarifying them while still leaving a "not-garanteed-to-be-compliant" warning message.

from kirby3-simplestats.

In my PR, I'm introducing a static function anonymize. After evaluating many different functions, this approach seemed the most robust and works for IPv4 as well as IPv6. It strips half the IP away, leaving you with an anonymized address (if enabled using the also introduced, true-by-default config option daandelange.simplestats.log.anonymizeFirst).

Let me know if that's something you'll want to merge, since then
cheers!
S1SYPHOS

from kirby3-simplestats.

Glad to be of service!

from kirby3-simplestats.