Feature request: Improve cookieless tracking #25117
Comments
|
For me this is crucial to finally switch to posthog, a good reference point could be the data journey fathom analytics is doing: Posthog should also document like that, communicate it clearly so without giving law advices everyone can easily verify it's gdpr compliant and should be the new default tracking method, as its privacy first. |
|
Should this solution be Schrems II compliant? That is, should IP addresses for EU originating requests only be processed by servers owned by EU entities and hosted in the EU? Speaking of the EU, in this article, the EFF attempts to make the case that a browser fingerprint falls under the category of personal data and may not be legal under the GDPR's "legitimate interest" clause; thus requiring consent. This is a 6 year old article, however. Have the conclusions ever been tested? |
|
We use plausible.io which uses server-side hashes as far as I know. Would be great to see something similar integrated into posthog! |
|
Thanks for this proposal! Just came here looking for a solution to map a session as fallback while using "memory" if someone denied cookies. That's a wonderful idea to not have a totally fresh "session" with each request, if cookies were denied. And still ensuring privacy, not knowing who it was, but just that it might have been the same person. |
Uh oh!
There was an error while loading. Please reload this page.
Feature request
Is your feature request related to a problem?
Our previous iteration of cookieless tracking is linked here: #1571
It works by storing the data that would go in the cookie, in memory instead, which means it's lost on a page reload.
Describe the solution you'd like
The state-of-the-art approach to cookieless tracking is creating a privacy-preserving hash server-side, using some properties, e.g., user agent, IP address, hostname, and a daily salt. No PII is stored, as the daily salt is thrown away, so it'd be impossible to reverse-engineer a user's identity from a hash.
Describe alternatives you've considered
We could keep our current approach of doing things in memory.
Additional context
There's a lot of details to get right:
The text was updated successfully, but these errors were encountered: