Enhancing user privacy
We take your user’s privacy very seriously. This is why we’re so excited to announce a recent upgrade that effectively uses salt rotation at a user level after 30 minutes of session inactivity.
Below, we explain how it works.
What does standard salt rotation look like
The first part of how Beam anonymizes your users’ PII data uses a process which is standard in the industry.
hash(salt + pepper + useragent + ip) = fingerprint
To add an extra layer of security, others in the industry rotate the salt on a 1 or 2 day cycle. So if a hacker manages to get the fingerprint, along with the hashing function, the salt and the pepper, at most, they would only get 1 or 2 days of that users’ data.
What is Beam’s approach?
At Beam, we’re now taking an approach which effectively uses salt rotation at a user level after 30 minutes of session inactivity. Below are the steps we take.
- Do the standard anonymizing process
hash(salt + pepper + useragent + ip) = fingerprint
- Store this fingerprint in an ephemeral key value store. Everytime a new user comes, we create a new session id and set a key value pair of (fingerprint, session_id) with an expiration of 30 minutes into the future.
Whenever the user comes back, if it’s been less than 30 minutes, the key’s expiration is reset to 30 minutes. Otherwise we generate a brand new session id and start the process all over again.
- Store permanent data
The only permanent data that is stored is the session_id and the session data (ie. the page views). Importantly, the fingerprint is not stored permanently.
How does this enhance a user’s privacy and security?
We think this approach massively reduces the risk to user privacy in two ways.
a. it makes it even harder to hack because there's an extra data source (ie. the cache) that the hacker has to access
b. it hugely limits the volume of data the hacker can even get, which will hopefully make it even less worth their while to do so
Let’s look at what a hacker has to do to get access to user data, and then at what data they will actually be able to get
A hacker will need to hack into our
- codebase to get the hashing function
- database to get the salt
- codebase to get the pepper
- cache to get the fingerprint (new step)
- database to get the session data
They'd need to do a brute force attack to try get the useragent and IP data from the fingerprint. And if they did manage to do all of this, they’d only get session data for a session that ended in the last 30 minutes.
Conclusion
We’re trying all the time to figure out ways to provide you and your users more privacy and security. We think this change provides a significant enhancement. We hope this gives you even more comfort that your users’ data is safe with Beam. If you have any questions or concerns, please email us at hi@beamanalytics.io.