Sur d’autres sites (9776)

• How do I extract color matrix from MP4 an x264 stream in Media Foundation

  23 août 2016, par Jules

  I am playing a video (mp4 containing x264 encoded video stream) with a custom player using media foundation.

  When I convert the YUV information into RGB I need to account for the color matrix and range used at encode time.

  Some of my videos have this information, I can use MediaInfo.exe or FFMPEG to see that it is present.

  However, for such videos if I look at the relevant Media Foundation properties (Extended Color Information) the properties are not present in the files.

  So, somehow I need to find a way to access the information.

  Media Foundation does provide access to MF_MT_MPEG4_SAMPLE_DESCRIPTION and MF_MT_MPEG_SEQUENCE_HEADER for the video stream but I can’t find descriptions of what these contain.

  I noticed that the MF_MT_MPEG_SEQUENCE_HEADER is much longer for the videos with the information present and this (MPEG Headers Quick Reference) seems to suggest headers might contain the information I need.

  I’m looking for Color Range (limited/full), Color Primaries, Transfer Characteristics and Matrix Coefficients (BT.709 etc).

  I’d greatly appreciate any help finding this information from a Media Foundation video stream.

  Thanks

  Jules

  ---

  Update - Sequence Header

  The sequence header appears to be a subset of MPEG4 sample description, though I can’t find anything that indicates what either bits of data actually contains / doesn’t contain specifically.

  The sequence header appears to contain data structured as an MP4 byte stream as described in the H264 Standards Document and includes the VUI (Video Usability Information - Annex E of document) which may then include the colour information I’m interested in.

  Given that it’s a byte stream I need to know where it starts and whether there’s some existing code I could use to decode it.

  In FFMPEG in libavcodec/h264_ps.c there is a function called ff_h264_decode_seq_parameter_set which ends up calling decode_vui_parameters. It seems possible that seq_parameter_set maps to MF_MT_MPEG_SEQUENCE_HEADER and it may be possible to use that code to decode the data.

  If anyone one has any direct experience with decoding this data it would be very useful.

  Thanks again

  ---

  Update - Related posts

  I found this How to decode sprop-parameter-sets in a H264 SDP ? and Possible Locations for Sequence/Picture Parameter Set(s) for H.264 Stream which are fairly helpful.

  The sequence header would appear to be Sequence or picture parameter set (pps) and the parameters I want are the VUI extension subset.

  Plus this post H.264 stream structure gives the high level of how the stream data is structured, and the MF_MT_MPEG_SEQUENCE_HEADER appears to start with a NAL 0x00 0x00 0x01 so I’m guessing it is a NAL containing the PPS.

• Privacy-enhancing technologies : Balancing data utility and security

  18 juillet, par Joe

  In the third quarter of 2024, data breaches exposed 422.61 million records, affecting millions of people around the world. This highlights the need for organisations to prioritise user privacy. 

  Privacy-enhancing technologies can help achieve this by protecting sensitive information and enabling safe data sharing. 

  This post explores privacy-enhancing technologies, including their types, benefits, and how our website analytics platform, Matomo, supports them by providing privacy-focused features.

  What are privacy-enhancing technologies ? 

  Privacy Enhancing Technologies (PETs) are tools that protect personal data while allowing organisations to process information responsibly. 

  In industries like healthcare, finance and marketing, businesses often need detailed analytics to improve operations and target audiences effectively. However, collecting and processing personal data can lead to privacy concerns, regulatory challenges, and reputational risks.

  PETs minimise the collection of sensitive information, enhance security and allow users to control how companies use their data. 

  Global privacy laws like the following are making PETs essential for compliance :

  • General Data Protection Regulation (GDPR) in the European Union
  • California Consumer Privacy Act (CCPA) in California
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • Lei Geral de Proteção de Dados (LGPD) in Brazil

  Non-compliance can lead to severe penalties, including hefty fines and reputational damage. For example, under GDPR, organisations may face fines of up to €20 million or 4% of their global annual revenue for serious violations. 

  Types of PETs 

  What are the different types of technologies available for privacy protection ? Let’s take a look at some of them. 

  Homomorphic encryption

  Homomorphic encryption is a cryptographic technique in which users can perform calculations on cipher text without decrypting it first. When the results are decrypted, they match those of the same calculation on plain text. 

  This technique keeps data safe during processing, and users can analyse data without exposing private or personal data. It is most useful in financial services, where analysts need to protect sensitive customer data and secure transactions. 

  Despite these advantages, homomorphic encryption can be complex to compute and take longer than other traditional methods. 

  Secure Multi-Party Computation (SMPC)

  SMPC enables joint computations on private data without revealing the raw data. 

  In 2021, the European Data Protection Board (EDPB) issued technical guidance supporting SMPC as a technology that protects privacy requirements. This highlights the importance of SMPC in healthcare and cybersecurity, where data sharing is necessary but sensitive information must be kept safe. 

  For example, several hospitals can collaborate on research without sharing patient records. They use SMPC to analyse combined data while keeping individual records confidential. 

  Synthetic data

  Synthetic data is artificially generated to mimic real datasets without revealing actual information. It is useful for training models without compromising privacy. 

  Imagine a hospital wants to train an AI model to predict patient outcomes based on medical records. Sharing real patient data, however, poses privacy challenges, so that can be changed with synthetic data. 

  Synthetic data may fail to capture subtle nuances or anomalies in real-world datasets, leading to inaccuracies in AI model predictions.

  Pseudonymisation

  Pseudonymisation replaces personal details with fake names or codes, making it hard to determine who the information belongs to. This helps keep people’s personal information safe. Even if someone gets hold of the data, it’s not easy to connect it back to real individuals. 

  

  Pseudonymisation works differently from synthetic data, though both help protect individual privacy. 

  When we pseudonymise, we take factual information and replace the bits that could identify someone with made-up labels. Synthetic data takes an entirely different approach. It creates new, artificial information that looks and behaves like real data but doesn’t contain any details about real people.

  Differential privacy

  Differential privacy adds random noise to datasets. This noise helps protect individual entries while still allowing for overall analysis of the data. 

  It’s useful in statistical studies where trends need to be understood without accessing personal details.

  For example, imagine a survey about how many hours people watch TV each week. 

  Differential privacy would add random variation to each person’s answer, so users couldn’t tell exactly how long John or Jane watched TV. 

  However, they could still see the average number of hours everyone in the group watched, which helps researchers understand viewing habits without invading anyone’s privacy.

  Zero-Knowledge Proofs (ZKP)

  Zero-knowledge proofs help verify the truth without exposing sensitive details. This cryptographic approach lets someone prove they know something or meet certain conditions without revealing the actual information behind that proof.

  Take ZCash as a real-world example. While Bitcoin publicly displays every financial transaction detail, ZCash offers privacy through specialised proofs called Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs). These mathematical proofs confirm that a transaction follows all the rules without broadcasting who sent money, who received it, or how much changed hands.

  The technology comes with trade-offs, though. 

  Creating and checking these proofs demands substantial computing power, which slows down transactions and drives up costs. Implementing these systems requires deep expertise in advanced cryptography, which keeps many organisations from adopting them despite their benefits.

  Trusted Execution Environment (TEE)

  TEEs create special protected zones inside computer processors where sensitive code runs safely. These secure areas process valuable data while keeping it away from anyone who shouldn’t see it.

  TEEs are widely used in high-security applications, such as mobile payments, digital rights management (DRM), and cloud computing.

  Consider how companies use TEEs in the cloud : A business can run encrypted datasets within a protected area on Microsoft Azure or AWS Nitro Enclaves. Due to this setup, even the cloud provider can’t access the private data or see how the business uses it. 

  TEEs do face limitations. Their isolated design makes them struggle with large or spread-out computing tasks, so they don’t work well for complex calculations across multiple systems.

  Different TEE implementations often lack standardisation, so there can be compatibility issues and dependence on specific vendors. If the vendor stops the product or someone discovers a security flaw, switching to a new solution often proves expensive and complicated.

  Obfuscation (Data masking)

  Data masking involves replacing or obscuring sensitive data to prevent unauthorised access. 

  It replaces sensitive data with fictitious but realistic values. For example, a customer’s credit card number might be masked as “1234-XXXX-XXXX-5678.” 

  The original data is permanently altered or hidden, and the masked data can’t be reversed to reveal the original values.

  Federated learning

  Federated learning is a machine learning approach that trains algorithms across multiple devices without centralising the data. This method allows organisations to leverage insights from distributed data sources while maintaining user privacy.

  For example, NVIDIA’s Clara platform uses federated learning to train AI models for medical imaging (e.g., detecting tumours in MRI scans). 

  Hospitals worldwide contribute model updates from their local datasets to build a global model without sharing patient scans. This approach may be used to classify stroke types and improve cancer diagnosis accuracy.

  Now that we have explored the various types of PETs, it’s essential to understand the principles that guide their development and use. 

  Key principles of PET (+ How to enable them with Matomo) 

  PETs are based on several core principles that aim to balance data utility with privacy protection. These principles include :

  Data minimisation

  Data minimisation is a core PET principle focusing on collecting and retaining only essential data.

  Matomo, an open-source web analytics platform, helps organisations to gather insights about their website traffic and user behaviour while prioritising privacy and data protection. 

  Recognising the importance of data minimisation, Matomo offers several features that actively support this principle :

  • Cookieless tracking : Eliminates reliance on cookies, reducing unnecessary data collection.
  • IP anonymisation : Automatically anonymises IP addresses, preventing identification of individual users.

  

  (Image Source)

  • Custom data retention policies : Allows organisations to define how long user data is stored before automatic deletion.

  7Assets, a fintech company, was using Google Analytics and Plausible as their web analytics tools. 

  However, with Google Analytics, they faced a problem of unnecessary data tracking, which created legal work overhead. Plausible didn’t have the features for the kind of analysis they wanted. 

  They switched to Matomo to enjoy the balance of privacy yet detailed analytics. With Matomo, they had full control over their data collection while also aligning with privacy and compliance requirements.

  Transparency and User Control

  Transparency and user control are important for trust and compliance. 

  Matomo enables these principles through :

  • Consent management : Offers integration with Consent Mangers (CMPs), like Cookiebot and Osano, for collecting and managing user consent.
  • Respect for DoNotTrack settings : Honours browser-based privacy preferences by default, empowering users with control over their data.

  

  (Image Source)

  • Opt-out mechanisms : These include iframe features that allow visitors to opt out of tracking. 

  Security and Confidentiality

  Security and confidentiality protect sensitive data against inappropriate access. 

  Matomo achieves this through :

  • On-premise hosting : Gives organisations the ability to host analytics data on-site for complete data control.
  • Data security : Protects stored information through access controls, audit logs, two-factor authentication and SSL encryption.
  • Open source code : Enables community reviews for better security and transparency.

  Purpose Limitation

  Purpose limitation means organisations use data solely for the intended purpose and don’t share or sell it to third parties. 

  Matomo adheres to this principle by using first-party cookies by default, so there’s no third-party involvement. Matomo offers 100% data ownership, meaning all the data organisations get from our web analytics is of the organisation, and we don’t sell it to any external parties. 

  Compliance with Privacy Regulations

  Matomo aligns with global privacy laws such as GDPR, CCPA, HIPAA, LGPD and PECR. Its compliance features include :

  • Configurable data protection : Matomo can be configured to avoid tracking personally identifiable information (PII).
  • Data subject request tools : These provide mechanisms for handling requests like data deletion or access in accordance with legal frameworks.
  • GDPR manager : Matomo provides a GDPR Manager that helps businesses manage compliance by offering features like visitor log deletion and audit trails to support accountability.

  

  (Image Source)

  Mandarine Academy is a French-based e-learning company. It found that complying with GDPR regulations was difficult with Google Analytics and thought GA4 was hard to use. Therefore, it was searching for a web analytics solution that could help it get detailed feedback on its site’s strengths and friction points while respecting privacy and GDPR compliance. With Matomo, it checked all the boxes.

  Data collaboration : A key use case of PETs

  One specific area where PETs are quite useful is data collaboration. Data collaboration is important for organisations for research and innovation. However, data privacy is at stake. 

  This is where tools like data clean rooms and walled gardens play a significant role. These use one or more types of PETs (they aren’t PETs themselves) to allow for secure data analysis. 

  Walled gardens restrict data access but allow analysis within their platforms. Data clean rooms provide a secure space for data analysis without sharing raw data, often using PETs like encryption. 

  Tackling privacy issues with PETs 

  Amidst data breaches and privacy concerns, organisations must find ways to protect sensitive information while still getting useful insights from their data. Using PETs is a key step in solving these problems as they help protect data and build customer trust. 

  Tools like Matomo help organisations comply with privacy laws while keeping data secure. They also allow individuals to have more control over their personal information, which is why 1 million websites use Matomo.

  In addition to all the nice features, switching to Matomo is easy :

  “We just followed the help guides, and the setup was simple,” said Rob Jones. “When we needed help improving our reporting, the support team responded quickly and solved everything in one step.” 

  To experience Matomo, sign up for our 21-day free trial, no credit card details needed. 

• Server-side tracking vs client-side tracking : What you need to know

  3 juillet, par Joe

  Server-side tracking vs client-side tracking : What you need to know

  Today, consumers are more aware of their online privacy rights, leading to an extensive use of ad blockers and stricter cookie policies. Organisations are facing some noteworthy challenges with this trend, including :

  • Limited data collection, which makes it harder to understand user behaviour and deliver personalised ads that resonate with customers
  • Rising compliance costs as businesses adapt to new regulations, straining resources and budgets.
  • Growing customer scepticism in data practices, affecting brand reputation.
  • Maintaining transparency and fostering trust with customers through clear communication about data practices.

  Server-side tracking can help resolve these problems. This article will cover server-side tracking, how it works, implementation methods and its benefits.

  What is server-side tracking ? 

  Server-side tracking refers to a method where user data is collected directly by a server rather than through a user’s browser.

  The key advantage of server-side tracking is that data collection, processing, and storage occur directly on the website’s server.

  For example, when a visitor interacts with any website, the server captures that activity through the backend system, allowing for greater data control and security. 

  Client-side tracking vs. server-side tracking 

  There are two methods to collect user data : client-side and server-side. 

  Let’s understand their differences. 

  Client-side tracking : Convenience with caveats

  Client-side tracking embeds JavaScript tags, pixels or other scripts directly into a website’s code. When a user interacts with the site, these tags fire, collecting data from their browser. This information might include page views, button clicks, form submissions and other user actions. 

  The collected data is then sent directly to third-party analytics platforms like Google Analytics or Adobe Analytics, or internal teams can also analyse it.

  This method is relatively easy to implement. That’s because marketers can often deploy these tags without needing extensive developer support, enabling quick adjustments and A/B testing. 

  However, there are some challenges. 

  Ad blockers and browser privacy settings, such as Intelligent Tracking Prevention (ITP), restrict the ability of third-party tags to collect data. 

  This results in data gaps and inaccuracies skewing analytics reports and potentially leading to misguided business decisions. 

  Reliance on numerous JavaScript tags can also negatively impact website performance, slowing down page load times and affecting user experience. This is especially true on mobile devices where processing power and network speeds are often limited.

  

  Now, let’s see how server-side tracking changes this.

  Server-side tracking : Control and reliability

  Server-side tracking shifts the burden of data collection from the user’s browser to a server controlled by the business. 

  Instead of relying on JavaScript tags firing directly from the user’s device, user interactions are first sent to the business’s own server. Here, the data can be processed, enriched, and analysed. 

  This method provides numerous advantages, including enhanced control over data integrity, improved privacy, and more, which we discuss in the next section.

  Benefits of server-side tracking 

  Server-side tracking offers a compelling alternative to traditional client-side methods, providing numerous business advantages. Let’s take a look at them.

  Improved data accuracy

  This method reduces inaccuracies caused by ad blockers or cookie restrictions by bypassing browser limitations. As a result, the data collected is more reliable, leading to better analytics and marketing attribution.

  Data minimisation

  Data minimisation is a fundamental principle in data protection. It emphasises that organisations should collect only data that is strictly needed for a specific purpose. 

  In server-side tracking, this translates into collecting just the essential data points and discarding anything extra before the data is sent to analytics platforms. It helps organisations avoid accumulating excessive personal information, reducing the risk of data breaches and misuse.

  For example, consider a scenario where a user purchases a product on an e-commerce website. 

  With client-side tracking scripts, the system might inadvertently collect a range of data, including the user’s IP address, browser type, operating system and even details about other websites they have visited. 

  However, for conversions, the organisation only needs to know the purchase amount, product IDs, user IDS, and timestamps. 

  Server-side tracking filters unnecessary information. This reduces the privacy impact and simplifies data analysis and storage.

  Cross-device tracking capabilities

  Server-side tracking provides a unified view of customer behaviour regardless of the device they use, allowing for more personalised and targeted marketing campaigns. 

  In-depth event tracking

  Server-side tracking helps businesses track events that occur outside their websites, such as payment confirmations. Companies gain insights into the entire customer journey, from initial interaction to final purchase, optimising every touchpoint. 

  Enhanced privacy compliance

  With increasing regulations like GDPR and CCPA, businesses can better manage user consent and data handling practices through server-side solutions. 

  Server-side setups make honouring user consent easier. If a user opts out, server-side logic can exclude their data from all outgoing analytics calls in one central place. 

  

  Server-side methods reassure users and regulators that data is collected and secured with minimal risk. 

  In sectors like government and banking, this level of control is often a non-negotiable part of their duty of care. 

  Extended cookie lifetime

  Traditional website tracking faces growing obstacles as modern browsers prioritise user privacy. Initiatives like Safari’s ITP block third-party cookies and also constrain the use of first-party cookies. 

  Other browsers, such as Firefox and Brave, are implementing similar methods, while Chrome is beginning to phase out third-party cookies. Retargeting and cross-site analytics, which rely on these cookies, encounter significant challenges.

  Server-side tracking overcomes this by allowing businesses to collect data over a longer duration. 

  When a website’s server directly sets a cookie, that cookie often lasts longer than cookies created by JavaScript code running inside the browser. This lets websites get around some of the limits browsers put on tracking and allows them to remember a visitor when they return to the site later, which gives better customer insights. Plus, server-side tracking typically classifies cookies as first-party data, which is less susceptible to blocking by browsers and ad blockers.

  Server-side tracking : Responsibilities and considerations

  While server-side tracking delivers powerful capabilities, remember that it also brings increased responsibility. Companies must remain vigilant in upholding privacy regulations and user consent. It’s up to the organisation to make sure the server follows user consent, for example, not sending data if someone has opted out.

  Server-side setups introduce technical complexity, which can potentially lead to data errors that are more difficult to identify and resolve. Therefore, monitoring processes and quality assurance practices are essential for data integrity. 

  How does server-side tracking work ? 

  When a user interacts with a website (e.g., clicking a button), this action triggers an event. The event could be anything from a page view to a form submission.

  The backend system captures relevant details such as the event type, user ID and timestamp. This information helps in understanding user behaviour and creating meaningful analytics.

  The captured data is processed directly on the organisation’s server, allowing for immediate validation. For example, organisations can add additional context or filter out irrelevant information.

  Instead of sending data to third-party endpoints, the organisation stores everything in its own database or data warehouse. This ensures full control over data privacy and security.

  Organisations can perform their own analysis using tools like SQL or Python. To visualise data, custom dashboards and reports can be created using self-hosted analytics tools. This way, businesses can present complex data in a clear and actionable manner.

  How to implement server-side tracking ?

  Server-side tracking can work in four common ways, each offering a different blend of control, flexibility and complexity.

  1. Server-side tag management

  In this method, organisations use platforms like Google Tag Manager Server-Side to manage tracking tags on the server, often using containers to isolate and manage different tagging environments. 

  

  (Image Source) 

  This approach offers a balance between control and ease of use. It allows for the deployment and management of tags without modifying the application code, which is particularly useful for marketers who want to adjust tracking configurations quickly.

  2. Direct server-to-server tracking via APIs

  This method involves sharing information between two servers without affecting the user’s browser or device. 

  A unique identifier is generated and stored on a server when a user interacts with an ad or webpage. 

  If a user takes some action, like making a purchase, the unique identifier is sent from the advertiser’s server directly to the platform’s server (Google or Facebook) via an API. 

  It requires more development effort but is ideal for organisations needing fine-grained data control.

  3. Using analytics platforms with built-in server SDKs

  Another way is to employ analytics platforms like Matomo that provide SDKs for various programming languages to instrument the server-side code. 

  This eases integration with the platform’s analytics features and is a good choice for organisations primarily using a single analytics platform and want to use its server-side capabilities.

  4. Hybrid approaches

  Finally, organisations can also combine client- and server-side tracking to capture different data types and maximise accuracy. 

  This method involves client-side scripts for specific interactions (like UI events) and server-side tracking for more sensitive or critical data (like transactions). 

  While these are general approaches, dedicated analytics platforms can also be helpful. Matomo, for example, facilitates server-side tracking through two specific methods.

  Using server logs

  Matomo can import existing web server logs, such as Apache or Nginx, that capture each request. Every page view or resource load becomes a data point. 

  Matomo’s log processing script reads log files, importing millions of hits. This removes the need to add code to the site, making it suitable for basic page analytics (like the URL) without client-side scripts, particularly on security-sensitive sites.

  Using the Matomo tracking API (Server-side SDKs)

  This method integrates application code with calls to Matomo’s API. For example, when a user performs a specific action, the server sends a request to Matomo.php, the tracking endpoint, which includes details like the user ID and action. 

  Matomo offers SDKs in PHP, Java C#, and community SDKs to simplify these calls. These allow tracking of not just page views but custom events such as downloads and transactions from the backend, functioning similarly to Google’s Measurement Protocol but sending data to the Matomo instance. 

  Data privacy, regulations and Matomo

  As privacy concerns grow and regulations like GDPR and CCPA become more stringent, businesses must adopt data collection methods that respect user consent and data protection rights. 

  Server-side tracking allows organisations to collect first-party data directly from their servers, which is generally considered more compliant with privacy regulations.

  Matomo is a popular open-source web analytics platform that is committed to privacy. It gives organisations 100% data ownership and control, and no data is sent to third parties by default.

  

  (Image Source) 

  Matomo is a full-featured analytics platform with dashboards and segmentation comparable to Google Analytics. It can self-host and provides DoNotTrack settings and the ability to anonymise IP addresses.

  Governments and organisations requiring data sovereignty, such as the EU Commission and the Swiss government, choose Matomo for web analytics due to its strong compliance posture.

  Balancing data collection and user privacy

  Ad blockers and other restrictions prevent data from being accurate. Server-side tracking helps get data on the server and makes it more reliable while respecting user privacy. Matomo supports server-side tracking, and over one million websites use Matomo to optimise their data strategies. 

  Get started today by trying Matomo for free for 21 days, no credit card required.