Currently with Privacy Mode enabled in Confluence Analytics, pace or page activity will no longer linked to individuals, but instead attributed to an anonymised user. In analytics reports, people will be represented as "User 12345" with an anonymised avatar.  This means you still get a picture of the engagement with your content, but without revealing user information.  

However, it may be possible to indirectly infer a user through the anonymized user hash.

• For example, if we check the Analytics dashboard as soon as a particular user visits a page, we can infer the delta between the before and after the user's visit to identify the user's anonymized name. 
• As the anonymized name remains the same for each user, we can identify all the pages the user has visited. 

We suggest the implementation of either the following or both:

1. The option to simply disable analytics including a list of users (no matter weather they are pseudonymized or not)
2. A true anonymization of the user-names, where users cannot be inferred.