Hi Stephen! > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@xxxxxxxxx] > Sent: Wednesday, May 22, 2019 5:21 PM > To: Roman Danyliw <rdd@xxxxxxxx>; ietf@xxxxxxxx > Subject: Re: Call for Community Input: Web Analytics on www.ietf.org > > > Hiya, > > On 22/05/2019 21:49, Roman Danyliw wrote: > >> - Does this constitute tracking behaviour? The current privacy policy > >> [2] says we don't do that. > > My read is no. > > > > [3] says that "tracking is the collection of data regarding a > > particular user's activity across multiple distinct contexts and the > > retention, use, or sharing of data derived from that activity outside > > the context in which it occurred. A context is a set of resources that > > are controlled by the same party or jointly controlled by a set of > > parties." > > > > *.ietf.org servers are single context controlled by the same party > > (IETF). The proposed implementation plan is a self-hosted solution > > which does indeed collect activity data but NOT across "multiple, > > distinct contexts". > > (Re-)identification over time would I guess represent "multiple distinct > contexts." If you geo-locate the addresses e.g. at a country level then that's > not anonymous - .mu and .ie would not be hard to translate into people's > names given the relevant population sizes. These are just more reasons to > minimise the data being collected and stored. (Did I already say I'd go for > zero of both? :-) And while I'm sure the IESG would be aware of that, these > things can get lost between the people who want it done a certain way and > the people who end up doing the doing who may be more used to > customers being more invasive than us;-) Even if the this re-identification was done, it still wouldn't by my read constitute tracking per [3] because of the second clause about "retention, use or sharing ... outside of the context in which it occurred". The underlying data is staying in the same context (i.e., ietf.org). Now irrespective of the interpretation relative to [3], Matomo has all variety of capabilities for re-identification primarily to enable "unique visitor" metrics. This is done with an explicit user ID added by the tracking API, cookies, and/or fingerprinting. The proposal explicitly rules out the use of the user ID and cookies. The fingerprint is "operating system, browser, browser plugins, [anonymized] IP address and browser language". See [4] and [5] more details per Matomo's documentation. Roman [4] https://matomo.org/faq/general/#faq_43 [5] https://matomo.org/faq/general/faq_21418/