AppMon privacy configuration

AppMon UEM's high business value is derived from its ability to measure end users' experience of a website. It provides insight into an individual user's session to see how quickly the web pages render and measures overall performance on the client side. The built-in features of AppMon allow you to configure and operate it in accordance with privacy regulations, which may prevent you from capturing certain information about your users. For example, you should never configure your Business Transactions to capture credit card details.

This page explains how you can prevent capture of sensitive end-user data.

User identification

Even though AppMon uses cookies to identify all web requests of a user, as required for the UEM correlation engine, the user remains anonymous by default. Out of the box, AppMon captures the user anonymously, based on the user's IP information and device type.

To capture additional information, you must configure AppMon to tag user visits. For example, if a user logs on to your web shop, you can identify the user by account data and then see what the user does on your web page. This function is helpful for user complaint resolution: If the user has a problem and contacts your support desk, Customer Support can identify the user's session and find out exactly what happened.

You can configure visit tagging through System Profile Preferences > User Experience > <application name> > General. See User experience - general settings to learn how.

Visit Tagging
Visit Tagging

To obey privacy requests, tag users with a parameter that does not allow direct user identification: for example, the department or location instead of the account ID; or don't tag visits at all.

Although this feature offers a powerful means of providing high service levels to external visitors, it violates privacy regulations if you configure it for use on your internal applications. In EU countries, it is illegal to track employees. To comply with privacy regulations, do not identify internal users directly. Use aggregation information instead; for example, track the department or site that the user comes from.

AppMon privacy settings

AppMon provides a set of properties to care about end user privacy. You can find them in System Profile Preferences > Data Privacy.

AppMon Privacy Setting
AppMon Privacy Setting

IP address masking

Data protection laws in some countries require to anonymize IP addresses of your users for data protection reasons. That means you cannot store the complete IP address.

To follow these laws, enable IP address masking. AppMon anonymizes the IP address of your customers as soon, as it technically feasible, at the earliest possible stage of connection. The masking occurs in memory. Full IP addresses are not written to disk. The masking replaces the following part of the IP address with zeros:

  • IPv4 last octet of the monitored IP address.
  • IPv6 last 80 bits of the monitored IP address.

Do not track

Modern browsers support the do not track feature, which is a technology that enables end users to opt out of tracking by websites. Although accepting a user's tracking opt-out setting is not activated by default, you can configure AppMon to accept the opt-out. In such instances, AppMon UEM respects the user's privacy, does not set a cookie, and does not measure that user's performance experience.

User actions masking

Some HTML elements may contain private information, for example a button with user's name as a caption. Also, user may type in personal information, for example while filling in shipping address. By default AppMon captures such things, and they are seen as names of user actions, like click on "Button", or keypress "Key", therefore revealing private information.

Select Enable masking of the user action names to prevent such revealing. When the feature is active it displays HTML element's tag name, instead of the caption. It also suppresses capturing alphanumeric keypress values. This is done at the earliest possible stage of collection, so it is not sent on the monitor signal.

Memory dumps

Data can also be collected by memory dumps. AppMon collects memory dumps for diagnostic purposes when a Java virtual machine or .NET instance runs out of memory. Such memory dumps can contain confidential data.

You can turn off the automatic generation of memory dumps. Additionally, you can use permissions to restrict the manual generation of memory dumps. Permissions for analyzing memory dumps can also be restricted.

See Memory diagnostics to learn more about memory dumps usage.