undefined | Better HN

0 pointsnumber61y ago0 comments

Good approach. IP Addresses are personal data. So the data and the hash is subject to GDPR.

You still need consent to collect it - well or some other kind of legal shenanigans. The intent is to track a person, it is not technically necessary. You might have a legitimate interest - but in the end you still have to consider the GDPR to use this tool.

https://europa.eu/youreurope/business/dealing-with-customers...

0 comments

omnimus1y ago

Turns out that many officials believe this is fine. Companies using Plausible, Matomo and similar services have been under scrutiny.

IP adress is required for site to function - your server cant not collect it. Plausible also only processes it for uniqueness and doesnt save it as is. Interestingly most webservers/firewalls will have to keep track of ip adresses so they will be saved in acess logs and caches. Making them more problematic than Plausible. Yet its most likely fine because the intent is not to track individual users but to improve service/keep it runing. Plausible intent is also not track individual users but collect visitor counts which is something used for improving service too.

I think you might be prematurely spreading fear.

JimDabell1y ago

> Turns out that many officials believe this is fine.

Who has gone on record with this, and in which jurisdictions?

omnimus1y ago

I have experience from state funded projects from central european countries. Afaik what they battle/hate most is what goes against the spirit of the law. So mainly popups that are hyperdesigned to be confusing so people are forced or tricked or annoyed thus accepting everything. Another thing they battle is how long data is saved and where the data is shared. If you self host service like plausible or matomo that do everything thats possible to be compliant then it's fine.

I think there is marketing tactic ad/analytics companies and marketers use against services like Plausible. They say these services also require cookie popup and wont give you as much detailed info so why would you use them. Most websites would be fine with limited data Plausible provides but it breaks ad/analytics industry business plan.

1 more reply

number6OP1y ago

> Plausible also only processes it for uniqueness and doesnt save it as is

That's exactly the point. Processing of personal data to identify a unique person.

Regarding firewalls and logs: It's argued that this is legitimate interest as it is stated in Recital 49 of the GDPR. So they got a free pass, for the better or worth.

> I think you might be permanently spreading fear

Don't get me wrong, I like the approach. But it's not a get out of GDPR free card.

omnimus1y ago

> That's exactly the point. Processing of personal data to identify a unique person.

Not sure thats what i said. They cannot identify unique person. They identify unique legitimate visits per one day.

If logs and firewalls mean legitimate interest because you have to give server your ip address for everything to work then using same thing can be said about plausible especially since the ip address is immediately thrown away unlike with firewalls where the main point is to keep record of bad actors.

It is very different to google analytics where whole point is to pinpoint repeating visitors, their behaviour etc. You simply can't do that with service like plausible. What you can do is know how many legitimate visits you had and what was visited. For most websites that is enough at same time i would be surprised if not knowing how many people visited your site would not be legitimate requirement for service to function.

janosdebugs1y ago

Legitimate interest still requires the data subject to be informed under Art 13. Not sure how that would be accomplished without at least an info banner. (This goes for server logs too.)

1 more reply

dgroshev1y ago

That's a bit simplistic. IP addresses are not unequivocally personal data. Let's rewind back a bit, GDPR Art. 4:

> ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

IP addresses only allow to identify a natural person when combined with other data, such as ISP data or a profile built over dozens of websites. This is not the same kind of personal data as a name + address, Breyer notwithstanding (note the bit about the ISP in the judgment).

GDPR is not about identifying an abstract entity, it's about identifying a natural person. Doing the former for long enough/with enough data allows the latter, but especially with time-limited in-memory hashes that's a non-existent window of opportunity.

In practice this'd probably need to be resolved in court, and I'm sure not a single SME using Plausible or similar will even get a stern letter, much less fined.

number6OP1y ago

> In practice this'd probably need to be resolved in court, and I'm sure not a single SME using Plausible or similar will even get a stern letter, much less fined.

Agreed.

Plausible just makes false claims like:

> All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers.

That's a heavy statement and it is simply not true, as you quoted:

> an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

hash(daily_salt + website_domain + ip_address + user_agent) will fall under this definition.

But again, you are right, better then anything any other service does

Dylan168071y ago

Which part is simply not true?

The lack of persistence is one of the main design points.

If you're saying it's collection, that gets complicated because that data has to be there for the server to work at all.

aspect05451y ago

What’s your thought on the approach adjust.com takes? They say you can claim legitimate interest

j / k navigate · click thread line to collapse

0 comments

omnimus1y ago

Turns out that many officials believe this is fine. Companies using Plausible, Matomo and similar services have been under scrutiny.

I think you might be prematurely spreading fear.

JimDabell1y ago

> Turns out that many officials believe this is fine.

Who has gone on record with this, and in which jurisdictions?

omnimus1y ago

1 more reply

number6OP1y ago

> Plausible also only processes it for uniqueness and doesnt save it as is

That's exactly the point. Processing of personal data to identify a unique person.

Regarding firewalls and logs: It's argued that this is legitimate interest as it is stated in Recital 49 of the GDPR. So they got a free pass, for the better or worth.

> I think you might be permanently spreading fear

Don't get me wrong, I like the approach. But it's not a get out of GDPR free card.

omnimus1y ago

> That's exactly the point. Processing of personal data to identify a unique person.

Not sure thats what i said. They cannot identify unique person. They identify unique legitimate visits per one day.

janosdebugs1y ago

Legitimate interest still requires the data subject to be informed under Art 13. Not sure how that would be accomplished without at least an info banner. (This goes for server logs too.)

1 more reply

dgroshev1y ago

That's a bit simplistic. IP addresses are not unequivocally personal data. Let's rewind back a bit, GDPR Art. 4:

In practice this'd probably need to be resolved in court, and I'm sure not a single SME using Plausible or similar will even get a stern letter, much less fined.

number6OP1y ago

> In practice this'd probably need to be resolved in court, and I'm sure not a single SME using Plausible or similar will even get a stern letter, much less fined.

Agreed.

Plausible just makes false claims like:

> All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers.

That's a heavy statement and it is simply not true, as you quoted:

hash(daily_salt + website_domain + ip_address + user_agent) will fall under this definition.

But again, you are right, better then anything any other service does

Dylan168071y ago

Which part is simply not true?

The lack of persistence is one of the main design points.

If you're saying it's collection, that gets complicated because that data has to be there for the server to work at all.

aspect05451y ago

What’s your thought on the approach adjust.com takes? They say you can claim legitimate interest

j / k navigate · click thread line to collapse