User ID privacy considerations
Getting consent from your users before tracking their User IDs
When you enable User ID tracking, you associate a persistent identifier with a user so you can recognise their visits across different devices and visits. As User IDs precisely track specific users on your site, this feature has significant implications for user privacy. While using this feature, you will likely require consent from your users under regulations such as the GDPR.
Configuring Matomo to replace User ID with a pseudonym
To increase privacy, User IDs can be used in a mode where personally-identifying information (PII) is obscured for more general analysis. Due to the nature of User IDs, you can’t completely anonymise the records. However, you can configure Matomo to replace the User IDs with pseudonyms – unique random identifiers – to respect user privacy. These pseudonyms are shown in your analytics instead of their primary User ID so you can analyse individual users without revealing their email or username. For example, you might see ac0868489d8e413180129595fa9d177196c7533d instead of example@example.com as the user ID.
How User ID Pseudonyms are Generated
Because User IDs need to be connected to a specific user, they cannot be truly random. Instead, the unique identifiers are passed through something called a cryptographic hash function. This is a deterministic function that will always generate the same seemingly random number when presented with the same input.
To further protect the User IDs, Matomo also adds something called a salt to the initial User ID, which is a random set of characters unique to your installation. This means the hash function result is based on the combined User ID and secret salt. This protects against a potential issue, where somebody could run the hash function with a known User ID to see if it creates the same pseudonym.
How to Enable User ID Pseudonyms in Matomo
To enable the use of pseudonyms for User IDs in Matomo, you need to update your privacy settings.
- Log in to your Matomo Dashboard.
- Click on the cog icon in the Top Menu.
- Under the Privacy section of the Main Navigation, click Anonymize data.
- Within the Anonymize Tracking Data section, you will see a checkbox setting labelled Replace User ID with a pseudonym which you should enable.
- Click the big Save button, and all future visits will be pseudonymised.
Note: The above steps only apply the pseudonym to visits after you have enabled this setting. If you would like to apply it retroactively to the User ID data you have already collected, then read on…
How to Apply Pseudonyms to Existing User IDs in Matomo
There may be situations where you have been collecting full User IDs in Matomo but no longer want to hold that data. Perhaps due to a change in local regulation or simply a desire to enhance user privacy. Whatever the reason, Matomo provides a feature that allows you to replace User IDs already captured with pseudonyms.
- Log in to your Matomo Dashboard.
- Click on the cog icon in the Top Menu.
- Under the Privacy section of the Main Navigation, click Anonymize data.
- Scroll down to the Anonymize previously tracked raw data section.
- Select the website you would like to process in the first dropdown menu. The default selection will process data for all sites, so you can choose to leave it at that.
- Select the date range you would like to process by entering the start and end dates in the text fields below. The dates should be entered in YYYY-MM-DD format.
- Click the Replace User ID with a pseudonym checkbox to enable it.
- Click the big Anonymize Past Data for The Selected Site and Time button.
The above process can take a while to process after finishing so you will not be able to confirm this has worked immediately. While the job is processing, you can follow the status at the bottom of the page. Once complete, you may want to check the Visitors > User IDs report in your Matomo Dashboard to ensure no user IDs remain.