Randomized, daily rotated un-guessable component is added to every hash. There is whole bucket of these such that across single day, per group of users there is small overlap. These are transient, strictly never logged. After 24h there is no way for us to reverse the IP. To reverse the IP we would need this transient value (long gone by that point), the EXACT user agent and the IP itself.
We mentioned "Unlike some other vendors" because we noticed that not everyone is (or was, at the time of our research) adding a random component. Without that component, salt if you like, you cannot guess the IP, but knowing the user IP and agent, you could find their historical traffic, hence attribute the traffic to an individual.
Our solution can't do it.
This practice has been used and documented in software engineering for now.
We mentioned "Unlike some other vendors" because we noticed that not everyone is (or was, at the time of our research) adding a random component. Without that component, salt if you like, you cannot guess the IP, but knowing the user IP and agent, you could find their historical traffic, hence attribute the traffic to an individual.
Our solution can't do it.
This practice has been used and documented in software engineering for now.