Privacy Implications of Location Data
When it comes to location data there is often a tradeoff between accuracy and privacy. The more accurate that the location data is, the more likely it can provide a precise location in space and time for a specific individual. In the past, location data has been used to identify workers at sensitive locations such as military bases, or to reveal people accessing sites from known locations such as a remote farm or a corporate network. Whether your site itself is sensitive or you simply want to protect the privacy of your users you should spend at least some time considering the implications of any location data you collect.
Browser Language Identification
The most basic location method is identifying a user’s location via the language set in their browser. As a source of location data, this should be taken lightly. There are many people using a default US English setting even though they are based around the world because that is the default for lots of software.
IP Based Location Identification
Instead, the most accurate location data within Matomo is taken from the IP address that somebody uses to access your site. This is because IP addresses define an access point within the global network. IP addresses are often treated differently between countries and even providers within the same location. In some cases a single IP address may represent a region, while in others an IP address can represent a single physical address. So while it isn’t possible to say with 100% specificity whether an individual is behind an IP, the visitor is likely to be within the area the IP address is associated with.
Because you can’t be sure whether an IP address represents a single location or not, it is typically better from a privacy perspective to anonymise some portion of the IP address. This is covered in more detail in the Matomo Privacy documentation.
Improving IP Location Accuracy
You can download a GeoIP database to improve your geo-location accuracy from IP addresses. As MaxMind and DB-IP databases don’t accurately detect a visitor’s location they may not be considered personal data. Additionally, these databases are downloaded to your local server to improve privacy, so you are querying your local copy instead of sending the visitors IP address to a third party.