How does Silktide Analytics work without cookies?
The simplified version
We take the IP address and browser of a visitor, and we do some maths with it to combine those into a magic number that changes every 24 hours.
We immediately forget their IP address and browser. They are never ever stored.
This magic number is designed so that it’s impossible for us to turn it back into the IP address. And it’s designed so it changes every 24 hours in a way that we can never reverse it.
This lets us do many of the things you want from an analytics solution, like count unique visitors, and identify entrance and exit pages.
It also means that even if you had access to all of Silktide’s data, none of it could be used to identify anyone.
The technical version
To identify if someone is a visitor we have recently received a request from, we combine the visitor’s IP address and User Agent, in a way that:
- Cannot be reversed, even by us
- Is unique to each website, so visitors can’t be tracked across websites
- Expires every 24 hours
Specifically, we use a cryptographic hash function with a rotating salt:
hash(ip + userAgent + propertyId + salt)
A cryptographic hash function is a mathematical way of encrypting some data in a way that cannot be reversed (at least, not without billions of years of computing power). With the resulting ‘hash’, we have a unique code that will be the same for each combination of
salt, but we don’t have any way to get those individual pieces back out. So we never know your IP address, for example.
The salt is a unique long code that we use for one calendar day, and permanently forget after two calendar days. The addition of a salt makes each visitor’s identifier change every day. Because we ourselves have no idea what the salt was after two days, we can only recognize a given visitor if they return somewhere within 24 to 48 hours (the exact duration depends on their timezone; this is why we store two days instead of one).
What this allows us to do is count the number of unique visitors within a given day, and to measure the sessions within a 1-2 day period. For example, we can identify the percentage of visitors who ‘bounce’, or viewed a single page and immediately left. We can also identify entry and exit pages, and what % of visitors completed a goal.
We cannot however identify returning visitors who visit a period longer than 24-48 hours apart. We cannot identify visitors between different customers. We cannot reveal the IP address of your visitors. By doing so, we remove the need for you to request consent for cookies.
propertyId is the unique identifier for our customer’s web property (i.e. their website or collection of their websites). Because we’ve included the
propertyId in the hash function, the same visitor across different customers has a different identity to Silktide. So even if we wanted to, we could never determine if a visitor to one customer was the same as a visitor to another.
We use SHA-256 (an industry standard hashing algorithm) to generate our hashes.