You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When generating the UUID of a visitor, Umami uses a salt, which is rotated each month. I believe this is inspired by a similar strategy applied by e.g. Plausible and Fathom. At https://plausible.io/data-policy they write:
Old salts are deleted every 24 hours to avoid the possibility of linking visitor information from one day to the next. Forgetting used salts also removes the possibility of the original IP addresses being revealed in a brute-force attack. The raw IP address and User-Agent are rendered completely inaccessible to anyone, including ourselves.
I like how Plausible forgets their old salts. Umami doesn't seem to do so. Here is the line where the rotating salt is set:
It seems an attacker could trivially reconstruct the salts used in any past month. I believe it would be better to store the salt as e.g. an environment variable, and set it to a new random variable each month.
Furthermore, I personally think a month is a long time, and I wonder whether this could have implications with regards to GDPR. I might prefer 24 hours like Plausible and Fathom. This is maybe a different topic, though.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
When generating the UUID of a visitor, Umami uses a salt, which is rotated each month. I believe this is inspired by a similar strategy applied by e.g. Plausible and Fathom. At https://plausible.io/data-policy they write:
I like how Plausible forgets their old salts. Umami doesn't seem to do so. Here is the line where the rotating salt is set:
umami/src/lib/crypto.ts
Line 10 in 3656234
It seems an attacker could trivially reconstruct the salts used in any past month. I believe it would be better to store the salt as e.g. an environment variable, and set it to a new random variable each month.
Furthermore, I personally think a month is a long time, and I wonder whether this could have implications with regards to GDPR. I might prefer 24 hours like Plausible and Fathom. This is maybe a different topic, though.
Beta Was this translation helpful? Give feedback.
All reactions