[throwaway71271]

you dont need to get the original ip back, just need to know how many unique ips are there, so sha(ip) is good enough

[quesomaster9000]

With little over 4 billion IPv4 addresses.

From a stackoverflow post from 12 years ago:

> I know I do 622 million SHA-256's per sec on a Radeon HD5830.

Which would take around 6 seconds to brute force a 32bit address space.

[throwaway71271]

you can just salt it with some stable random thing

[toast0]

In which case you can just take 6 seconds to generate all the new hashes and build a new lookup table.

[operator-name]

You can further add bucketing, and eventually move closer to FLoC.

But this is aside the point, as the spirit of the law only allows "processing for legitimate interests". The use of technology, cookies or on the server is irrelevant. If thread OP has evaluated their collection[0] as legitimate, they can use whatever technology within guidelines. Otherwise, even a cookie less data collection would require consent.

[0]: https://ico.org.uk/for-organisations/guide-to-data-protectio...

[seri4l]

I apologize for the double negative. What I meant is that hashing doesn't improve privacy because if you know the hash and the hashing function it's easy to build a hashmap of all the possible IPv4s (around 3.5B). Unless the hash uses some sort of expensive key derivation function, but that doesn't scale.

[GordonS]

You could simply salt the hash, though you'd need to treat the salt as a secret.

Alternatively, you could use a new salt every day, which would only allow you to track an individual for a 24 hour period (likely enough for many).