by Marnix Dessing
This pages sets the goal of giving a detailed description of the tracking implementations of Google Analytics and Matomo. We have concluded that there are four main tracking techniques and we will now deep dive into the implementation of both tools.
Google explains that first-party cookies are used for:
By default, cookies are set on the domain specified in the document.host browser property and the cookie path is set to the root level (/).
However, if one chooses to enable advertising features, third-party cookies are set. Those third-party cookie domains are set to the domains of different google marketing products such as: DoubleClick.net, gstatic.com etc. This kind of third-party cookie can be used to track users across the web. For each site containing a reference to one of these domains the cookie is send to Google. (See HTTP Cookies)
User identification over multiple sessions is done via the first-party cookie. Which contains a random generated ID (the client ID) to identify a user. Google Analytics also provides a feature to use a custom user ID besides the client ID. One problem this overcomes is tracking the same user across different browsers and devices (when the user ID is known and provided). By only using the client ID it is not possible to recognize the same user on different browsers or devices. 
The parameters of the GIF request described above, have been documented by Google a overview of parameters is displayed below.
|utmac||Account String. Appears on all requests.|
|utmcc||Cookie values. This request parameter sends all the cookies requested from the page.|
|utmcn||Starts a new campaign session. Either utmcn or utmcr is present on any given request. Changes the campaign tracking data; but does not start a new session|
|utmcr||Indicates a repeat campaign visit. This is set when any subsequent clicks occur on the same link. Either utmcn or utmcr is present on any given request.|
|utmcs||Language encoding for the browser. Some browsers don’t set this, in which case it is set to “-“|
|utmdt||Page title, which is a URL-encoded string.|
|utme||Extensible Parameter Value is encoded. Used for events and custom variables.|
|utmhn||Host Name, which is a URL-encoded string.|
|utmhid||A random number used to link Analytics GIF requests with Google AdSense.|
|utmipc||Product Code. This is the sku code for a given product.|
|utmipn||Product Name, which is a URL-encoded string.|
|utmipr||Unit Price. Set at the item level. Value is set to numbers only in U.S. currency format.|
|utmiva||Variations on an item. For example: large, medium, small, pink, white, black, green. String is URL-encoded.|
|utmje||Indicates if browser is Java-enabled. 1 is true.|
|utmn||Unique ID generated for each GIF request to prevent caching of the GIF image.|
|utmp||Page request of the current page.|
|utmr||Referral, complete URL.|
|utmsc||Screen color depth|
|utmt||Indicates the type of request, which is one of: event, transaction, item, or custom variable. If this value is not present in the GIF request, the request is typed as page.|
|utmtid||Order ID, URL-encoded string.|
|utmtrg||Billing region, URL-encoded string.|
|utmtsp||Shipping cost. Values as for unit and price.|
|utmtst||Affiliation. Typically used for brick and mortar applications in ecommerce.|
|utmtto||Total. Values as for unit and price.|
|utmttx||Tax. Values as for unit and price.|
|utmwv||Tracking code version|
Matomo uses first-party cookies only. Unless it is configured to place a third-party cookie which can be configured when tracking over multiple domains for example.
The first-party cookies are listed in the documentation (by name, time to live and details):
It is possible to disable cookie usage in Matomo. Matomo will fall back on other identification methods such as browser fingerprint. The cost of not using cookies is loss in data accuracy, reports such as “Days since last visits” or “Visit by visit count” will be affected.
Matomo has several options to identify new or returning users:
Matomo defines the following list of data that is tracked by default:
Bullet points market with a asterisk (*) are mentioned as data possible containing Personally Identifiable Information (PII). Besides the marked points above, the follwing list is also data that can contain PII.
The tracking of downloads is not always registered with Google Analytics, at least not by default. Matomo provides features for automatically registering downloads. This works by detecting links to a file (based on the file extension in the URL). If a URL does not always contain a file extension a work around is to add a CSS class to the link. This will register the link as a download in Matomo. 
|Name||The name of the cookie.|
|Expires||The expiration date and time.|
|Secure||If set the cookie is send over HTTPS only.|
|Domain||The domain on which the cookie is active.|
|Path||The path within the domain in which the cookie is active ‘/’ is the root.|
The distinction between first and third-party cookies is important in the field of Web Analytics and tracking. Third-party cookies are mostly used for advertising and tracking. Browsers and add-ons such as ad-block are now often blocking third-party cookies.
For cookies placed by a website that is being browsed (lets say example.com), a cookie with the domain example.com is a first-party cookie. A cookie with another domain e.g. doubleclick.net is a third-party cookie. This third-party cookie can be placed by an ad or banner that is loaded onto the page. Now a user can be identified on other websites with a ad or banner from that same third-party domain .
 Beacon usage
 No Cookies
 Tracking downloads
 Http cookies mozilla