You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, Umami anonymizes all visitor data, stripping away any personally identifiable information (PII). No personal data is ever collected or processed, making Umami fully compliant with GDPR and other privacy regulations like the California Consumer Privacy Act (CCPA).
How is this actually implemented?
Poking around I only found these info:
ip is hashed
there is a salt, but it is not a random generated one
Every single HTTP request sends the IP address and the User-Agent to the server so that’s what we use. We generate a daily changing identifier using the visitor’s IP address and User-Agent. To anonymize these datapoints and make them impossible to relate back to the user, we run them through a hash function with a rotating salt.
This generates a random string of letters and numbers that is used to calculate unique visitor numbers for the day. The raw data IP address and User-Agent are never stored in our logs, databases or anywhere on disk at all.
Old salts are deleted every 24 hours to avoid the possibility of linking visitor information from one day to the next. Forgetting used salts also removes the possibility of the original IP addresses being revealed in a brute-force attack. The raw IP address and User-Agent are rendered completely inaccessible to anyone, including ourselves.
One key thing I thought was that Plausible is actually generating a salt, and then after a day deletes it so the server hoster does not know the salt after a day.
With umami I see that all monthly salts are just a hash of the month, so everybody knows the salts even after a month, as they can be regenerated easily.
How is this mitigated? Did I interpret the code correctly?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The website claims that:
How is this actually implemented?
Poking around I only found these info:
umami/src/app/api/send/route.ts
Line 100 in 38ab685
Another privacy focused analytics platform uses this method https://plausible.io/data-policy:
hash(daily_salt + website_domain + ip_address + user_agent)One key thing I thought was that Plausible is actually generating a salt, and then after a day deletes it so the server hoster does not know the salt after a day.
With umami I see that all monthly salts are just a hash of the month, so everybody knows the salts even after a month, as they can be regenerated easily.
How is this mitigated? Did I interpret the code correctly?
Beta Was this translation helpful? Give feedback.
All reactions