How IP addresses and Do Not Track (DNT) are processed

This document describes how Blockmetry processes IP addresses and honors the Do Not Track (DNT) header.

Note: It’s important to remember that Blockmetry does not track individuals, but the product still tries to honor user-provided privacy signals like Do Not Track where relevant, as is the case for processing IP addresses.

Bot and spammer detection

One of the most important steps in the Blockmetry pipeline is detecting bots and other automated traffic that pollutes web analytics data. The IP address is one signal Blockmetry uses to detect bots.

Processing of non-bot traffic

If the analytics measurement is not classified as coming from a bot, Blockmetry will proceed to the next processing steps that involve the IP address.

In the case of non-bot traffic, the IP address is processed as follows:

  1. Blockmetry checks whether the customer of the property for which the measurement belongs to has configured Blockmetry to reject this IP address. A customer can configure Blockmetry to reject measurements from IP addresses for a number of reasons, including:

    • It is their company IP address and they don't want to include employee website visits in the analytics data.

    • It is an IP address part of their automated testing infrastructure.

    If rejected for this reason, the measurement does not show up in the web analytics data store.

  2. If the Do Not Track (DNT) header is set correctly, the IP address is not processed at all. The country and city are marked as unknown.

  3. If the DNT header is not set:

    • Blockmetry checks if the IP address is a known anonymizing proxy, such as a Tor exit node or otherwise. If so, the measurement is treated as if it is a DNT request, and the country and city are marked as unknown.

    • If the measurement is not from an anonymizing proxy, Blockmetry will try to geolocate the IP address to a country and a city. Note this will not always be successful because of other signals the pipeline takes into consideration, but it is successful in the vast majority of measurement Blockmetry processes. If successful, the geolocation produces:

      • The ISO 3166-1 alpha-2 country code
      • The Geonames ID for the detected city
      • The time zone of the detected city

These final country and city designations (unknown or otherwise) are included in the final analytics data record Blockmetry saves in a customer’s database.

Measurements from localhost and loopback IP addresses pages

It is common to find developers use the hostname localhost or a loopback IP address during development. In this situation, the developer, who may be just one person working on the product, would check the page in their browser on their local machine using, typically, localhost or a loopback IP address.

Measurements produced in this situation could identify the developer, and would also pollute the analytics data. For these reasons, Blockmetry has checks to identify such measurements coming from developers, and they will also be rejected.

IP addresses are not saved

IP addresses are not saved as part of the web analytics records Blockmetry produces. They are simply discarded.