Guessing IP would be unpractical. Absolutely. But without random component, it could be "reversed". For example, I would like to retroactively check when and where you, ApolloFortyNine visited my site. All I would need to get is your IP (residential IPs change, but not that often) and User-Agent. I could replicate hashing algorithm and identify your traffic.
The random component prevents that. And yes, there is a trust component. You have to trust that we discard these salts after 24h. We operate in Germany in a legal framework that allows you to sue us if we mislead you. So at a certain point, technology must make place for the legal system.
Because salt is rotated every few hours, never more than 24h, we can, with sufficient probability, determine that two requests are from the same visit/session. So have indication of new/unique visit in short window. Not days, but hours.
If you were to transmit a parameter that additionally attached Personal Data (email, User ID) to that session, then that becomes identifiable and is no longer anonymous. But that is strictly AT YOUR DISCRETION. And we NEVER share it with anyone but you. You will also need to inform your guest, that you associate personal data and ask for consent. But until you do, we cannot identify anyone after the salts cycle.
The random component prevents that. And yes, there is a trust component. You have to trust that we discard these salts after 24h. We operate in Germany in a legal framework that allows you to sue us if we mislead you. So at a certain point, technology must make place for the legal system.
Because salt is rotated every few hours, never more than 24h, we can, with sufficient probability, determine that two requests are from the same visit/session. So have indication of new/unique visit in short window. Not days, but hours.
If you were to transmit a parameter that additionally attached Personal Data (email, User ID) to that session, then that becomes identifiable and is no longer anonymous. But that is strictly AT YOUR DISCRETION. And we NEVER share it with anyone but you. You will also need to inform your guest, that you associate personal data and ask for consent. But until you do, we cannot identify anyone after the salts cycle.