Data Privacy and Data Masking
VoIPmonitor provides data privacy features for compliance requirements (GDPR, PCI DSS). This page covers available privacy controls including phone number anonymization (PII masking), IP address anonymization, and SIP response masking.
Quick Reference
| Data Type | Storage Masking | GUI Masking | Configuration |
|---|---|---|---|
| Phone Numbers (PII) | Yes (since 2026.02.0) | Yes (stored value) | pii_enable = yes in voipmonitor.conf — see PII Masking below
|
| IP Addresses | Yes | Yes (stored value) | Groups > IP Anonymize |
| SIP Response Text | Yes | Yes | cdr_sip_response_number_max_length in voipmonitor.conf
|
PII Masking (Phone Number Anonymization)
ℹ️ Note: Available since sniffer version 2026.02.0. See also Sniffer Configuration — PII Masking for the full parameter reference.
PII (Personally Identifiable Information) masking anonymizes phone numbers before they are stored in the database and in saved PCAP files. The system physically never stores plaintext phone numbers, ensuring compliance with privacy regulations (GDPR, etc.).
What Gets Masked
PII masking covers all areas where phone numbers appear:
- Calls — caller number, called number, caller name (database and PCAP)
- Active calls — caller and called numbers in real-time view
- Registrations — from, to, contact numbers (active and stored records, database and PCAP)
- SIP messages — stored records and PCAP
- Livesniffer — description and downloaded PCAP
- Charts — source and destination numbers
Masking Modes
| Mode | Configuration | How it works | Correlation | Reversible |
|---|---|---|---|---|
| Hash (default) | pii_masking_mode = hmac_token (no secret) |
HMAC-SHA256 one-way hash, output prefixed with piih_ |
Yes — same number = same token | No |
| Encrypt | pii_masking_mode = hmac_token + pii_masking_secret = ... |
AES-128-CTR encryption, output prefixed with piie_ |
Yes — same number = same token | Yes — with the secret key |
| Redact | pii_masking_mode = redact |
Replace digits with character (e.g. XXXXXXXXXXXXX) or entire number with text (e.g. REDACTED) |
No — all numbers look the same | No |
The hash mode (default) is recommended for most deployments. It provides strong anonymization while preserving per-number correlation — statistics, graphs, and filtering by masked tokens still work. Phone numbers are normalized before masking (removal of spaces, dashes, parentheses; 00 prefix converted to +) so the same number always produces the same token regardless of formatting.
Quick Start
Enable with default HMAC hashing (one line):
pii_enable = yes
For reversible encryption (allows recovering original numbers with the secret key):
pii_enable = yes
pii_masking_secret = your-secret-key-here
⚠️ Warning: Keep pii_masking_secret safe. If the secret is lost, encrypted phone numbers cannot be recovered.
PCAP Anonymization
SIP headers in saved PCAP files are masked at the packet level. By default, all SIP headers are scanned for phone numbers. The SIP request line (INVITE, REGISTER, etc.) is always masked regardless of settings.
You can optionally restrict masking to specific headers:
pii_sip_headers = from; to; contact; p-asserted-identity; p-called-party-id
Additional PCAP anonymization options:
pii_anonymize_callername = yes(default) — masks display names like"John Doe"in SIP From/To/Contact headerspii_anonymize_username = yes(default) — masksusername="value"in SIP Authorization headers
Configuration Reference
Full parameter reference: Sniffer Configuration — PII Masking
| Parameter | Default | Description |
|---|---|---|
pii_enable |
no | Master switch to enable PII masking globally |
pii_masking_mode |
hmac_token | redact or hmac_token
|
pii_masking_secret |
(empty) | Secret key for AES encryption. Empty = one-way hash, set = reversible encryption |
pii_redact_mode |
char | Redact mode only: char (per-character) or text (whole number)
|
pii_redact_char |
X | Character for per-character redaction |
pii_redact_text |
REDACTED | Text for whole-number redaction |
pii_prefix_hash |
piih_ | Prefix for hashed output |
pii_prefix_encrypt |
piie_ | Prefix for encrypted output |
pii_sip_headers |
all | SIP headers to mask in PCAP files (comma/semicolon/space separated, or all)
|
pii_anonymize_callername |
yes | Anonymize display names in SIP headers |
pii_anonymize_username |
yes | Anonymize usernames in SIP Authorization headers |
Important Notes
- PII masking applies only to new data after enabling. Existing records are not retroactively anonymized.
- Searching by phone number will not work after enabling (you can search by masked tokens instead).
- In hash and encrypt modes, per-number statistics, graphs, and CDR filtering by token still work because the same number always produces the same token.
- In redact mode, all numbers are replaced with the same character/text, so per-number correlation is lost.
IP Address Anonymization
Anonymize IP addresses at database storage level for privacy compliance or hiding internal network topology.
Configuration: GUI > Groups > IP Anonymize Rewrite Rules (see Groups)
Key Points
- Applies only to new data after saving configuration
- Existing records are not retroactively anonymized
- Supports full CIDR notation (0-32) for flexible rewriting
- Can preserve host portion while masking network prefix (1:1 mapping)
Configuration Parameters
| Field | Description |
|---|---|
| IP to anonymize | Original IP address or network to match |
| Mask (source) | CIDR mask for source (32 = single IP, 24 = /24 network) |
| Anonymous IP | Replacement IP to store |
| Mask (target) | If same as source, preserves host portion |
SIP Response Text Masking
Mask phone numbers appearing in the lastSIPresponse field (e.g., "404 Not Found for 123456789").
Configuration: Set cdr_sip_response_number_max_length in /etc/voipmonitor.conf
See Sniffer Configuration for details.
On-Demand CDR Sharing with Anonymization
Generate anonymized versions of CDRs and PCAP files for sharing without modifying database records.
Steps:
- Configure anonymization rules in GUI > Groups > IP Anonymize Rewrite Rules
- In CDR view, select the record to share
- Click Menu > share CDR > show link (with anonymization)
- Download anonymized PCAP from the generated link
ℹ️ Note: This applies anonymization only to shared/downloaded data. Original database records remain unchanged.
Role-Based GUI Masking
Role-based display masking (showing masked values based on user permissions while storing complete data) is not currently implemented in VoIPmonitor.
See Also
- Sniffer Configuration — PII Masking Parameters
- Groups: IP Anonymize Rewrite Rules
- Sniffer Configuration
- User Management and Access Control
- Blog: PII Masking Announcement
AI Summary for RAG
Summary: VoIPmonitor provides IP address anonymization at database storage level via Groups configuration, and SIP response text masking via sniffer config. On-demand CDR sharing feature applies anonymization only to shared data without modifying original records. Phone number (DID) masking is NOT supported because full numbers are required for CDR filtering, statistics, alerts, and routing analysis. Role-based GUI display masking is not implemented. Prefix Lookup provides number-to-name mapping for operational convenience but is not a security feature. For phone number privacy compliance, use external solutions: database triggers, API proxy, or separate masked database instance.
Keywords: privacy, GDPR, PCI DSS, data masking, anonymization, IP anonymization, phone number masking, DID masking, Prefix Lookup, CDR filtering, compliance, IP anonymize rewrite rules, on-demand CDR sharing, anonymized pcap, cdr_sip_response_number_max_length
Key Questions:
- Can I anonymize IP addresses in VoIPmonitor for GDPR compliance?
- Does VoIPmonitor support phone number masking?
- Why is phone number masking not supported?
- What is the difference between Prefix Lookup and phone number masking?
- How can I achieve phone number privacy compliance?
- Does IP anonymization apply to existing records retroactively?
- How do I share a CDR with anonymized data?
- Can I download anonymized PCAP files?
- Is role-based GUI display masking available?