I don't trust tools that don't disclose precisely how they track you. They say:
Combining Inputs: We combine key session details (which shall not be named for security reasons) with a cryptographically secure secret value.
SHA-512 Hashing: This combined input is hashed using SHA-512, producing a highly secure, anonymized session ID.
They know that we can see what they send in their tracking payload right? They send:
hostname, language, referrer, screen resolution, page title, url, and a website id.
So I would presume their highly secretive & secure user session id is:
hash(salt + website id + ip + HTTP user-agent + screen resolution? + language?)
I don't see that it says how frequently the salts are rotated, which is one of the key points on which the "no consent banner required" tools like this claim that consent isn't required.
> There are some ways around this, sending the IPs over a proxy server or purging IPs before they are sent to Google Analytics. But who wants to waste his afternoon struggling with technical minutia?
I'll just say, as a co-founder of Zaraz (now Cloudflare Zaraz), that if you use Zaraz to load Google Analytics this is exactly one toggle away.
I don't trust tools that don't disclose precisely how they track you. They say:
Combining Inputs: We combine key session details (which shall not be named for security reasons) with a cryptographically secure secret value. SHA-512 Hashing: This combined input is hashed using SHA-512, producing a highly secure, anonymized session ID.
They know that we can see what they send in their tracking payload right? They send: hostname, language, referrer, screen resolution, page title, url, and a website id.
So I would presume their highly secretive & secure user session id is: hash(salt + website id + ip + HTTP user-agent + screen resolution? + language?)
I don't see that it says how frequently the salts are rotated, which is one of the key points on which the "no consent banner required" tools like this claim that consent isn't required.
This is just an ad for this company. It spends dozens of paragraphs summarizing old news and provides no new information.
> There are some ways around this, sending the IPs over a proxy server or purging IPs before they are sent to Google Analytics. But who wants to waste his afternoon struggling with technical minutia?
I'll just say, as a co-founder of Zaraz (now Cloudflare Zaraz), that if you use Zaraz to load Google Analytics this is exactly one toggle away.
Unrelated but I was always curious about the origin of name Zaraz, could you maybe shed some light on this?
Curious: The point of their article is invinsible analytics, including no need for any consent-banners. Why does Zaraz then provide a consent-banner? https://developers.cloudflare.com/zaraz/consent-management/
[dead]