[CONFSERVER-81839] Improve the Privacy Mode functionality in Confluence Analytics

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Apps - Analytics for Confluence
Labels:
- GDPR

UIS:
1
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Currently with Privacy Mode enabled in Confluence Analytics, pace or page activity will no longer linked to individuals, but instead attributed to an anonymised user. In analytics reports, people will be represented as "User 12345" with an anonymised avatar. This means you still get a picture of the engagement with your content, but without revealing user information.

However, it may be possible to indirectly infer a user through the anonymized user hash.

For example, if we check the Analytics dashboard as soon as a particular user visits a page, we can infer the delta between the before and after the user's visit to identify the user's anonymized name.
As the anonymized name remains the same for each user, we can identify all the pages the user has visited.

We suggest the implementation of either the following or both:

The option to simply disable analytics including a list of users (no matter weather they are pseudonymized or not)
A true anonymization of the user-names, where users cannot be inferred.

Form Name

martikka added a comment - 07/Jun/2024 1:26 PM - edited

Currently, the use of anonymized user hashes in Confluence Analytics still poses a privacy risk as it allows indirect identification of users. Here is a proposed solution to enhance privacy:

1. Remove User Hashes: The inclusion of user hashes is the main issue, as it allows the possibility of tracking user activity across different pages. Removing the hashes will prevent this indirect identification.

2. Simplified Anonymization: Instead of using user hashes, label all anonymized entries as “User” or “Anonymized User” for logged-in users and "Anonymous" for users who are not logged in. This provides the necessary anonymization without the technical complexity and potential privacy risks associated with hashes.

By implementing these changes, Confluence Analytics can offer a more secure and privacy-compliant solution for tracking user engagement.

Examples:

Below are two examples demonstrating the current situation and the proposed fix.

Current situation: https://ibb.co/vPHmYYr
Proposed fix: https://ibb.co/0MxrnB7

martikka added a comment - 07/Jun/2024 1:26 PM - edited Currently, the use of anonymized user hashes in Confluence Analytics still poses a privacy risk as it allows indirect identification of users. Here is a proposed solution to enhance privacy: 1. Remove User Hashes : The inclusion of user hashes is the main issue, as it allows the possibility of tracking user activity across different pages. Removing the hashes will prevent this indirect identification. 2. Simplified Anonymization : Instead of using user hashes, label all anonymized entries as “User” or “Anonymized User” for logged-in users and "Anonymous" for users who are not logged in. This provides the necessary anonymization without the technical complexity and potential privacy risks associated with hashes. By implementing these changes, Confluence Analytics can offer a more secure and privacy-compliant solution for tracking user engagement. Examples: Below are two examples demonstrating the current situation and the proposed fix. Current situation: https://ibb.co/vPHmYYr Proposed fix: https://ibb.co/0MxrnB7

Confluence Data Center

Details

Description

Attachments

Forms

Activity

Collapse comment: martikka added a comment - 07/Jun/2024 1:26 PM, Edited by martikka - 07/Jun/2024 1:33 PM

Expand comment: martikka added a comment - 07/Jun/2024 1:26 PM, Edited by martikka - 07/Jun/2024 1:33 PM

People

Dates