Matomo does not use a fingerprint to track visitors.

Instead of a fingerprint, Matomo uses the most privacy-friendly industry-leading measures to protect users privacy instead of fingerprinting: the config_id is used by Matomo to group different actions into “visits” during a short window of up to 24-hours.

The visitor config_id is a randomly-seeded, privacy-enabled, time-limited hash of a limited set of the visitor’s settings and attributes. The config_id or config hash is a string calculated for a visitor based on their operating system, browser, browser plugins, IP address and browser language. Unlike other tools that use fingerprinting, Matomo does not do fingerprint, and the config_id is only valid for less than 24 hours and only valid for one particular website domain:

  • the config_id is only valid for 24 hours maximum and is then rotated, meaning the same visitor will have a different config_id each day.
  • The config_id randomly changes and is fully anonymised every 24 hours. The randomly-generated seed is discarded each day and cannot be recovered.
  • the website ID is used to process the config_id which means that on your Matomo (Piwik) instance, a given user/visitor will always have a different config_id when browsing your different websites and domains.
  • the IP address used to create the config_id will be the anonymised IP address when you have enabled IP anonymisation which is the default privacy setting in Matomo (when you select “Also use anonymised IP when enriching visit: No” then the full IP address will be used in the hash calculation).

Learn more how does Matomo detect unique and returning visitors with User ID, Visitor ID from cookie.

Previous FAQ: How do I ask for user consent before using tracking cookies and/or measuring user analytics?