GDPR, Google Analytics and leaking hashes
Officially Endorsed
Wireshark Foundation
The Wireshark Certified Analyst (WCA) Complete Course
Official Wireshark Certified Analyst - The Complete Course
Backed by the Wireshark Foundation, this immersive program shows you exactly how to troubleshoot, analyze, and secure packet flows with confidence.
- Hands-on Wireshark labs that mirror real packet captures.
- Master Ethernet, ARP, IPv4/6, TCP, ICMP, and more.
- Follow a guided progression that keeps you focused and confident.
PacketSafari partners with top training providers—purchases through this link help us keep building free labs and articles.
The use of Google Analytics has been found to violate European Union privacy laws in France recently. This succeeds a similar ruling in Austria. The rulings found that Article 44 of GDPR is breached because personal data is transferred outside the EU to third countries that are not considered to have sufficient privacy protections. The U.S., where Google Analytics is hosted, fails the equivalence test on account of having surveillance laws that don't afford non-U.S. citizens basic protection of their personal data.
In light of these breaches, European companies are searching for alternatives that are GDPR compliant. There are some well-established platforms to choose from. Piwik is an example of such a tool that is GDPR compliant. Another solution, especially for the widely-used Wordpress CMS, is the WP Statistics Plugin. While this plugin gives you a GDPR-compliant solution, it has drawbacks. This week a critical vulnerability CVE-2022-0513 in this plugin was published that could allow an attacker to read or modify the site using the plugin. An updated version (13.1.5) fixes the problem.