Are you using Google Analytics on your website?

Consider replacing it with a simpler, privacy-friendly solution. I helped work on the new version of the Plausible Insights app:

No cookies,
No personal data collected,

Take a look 👇

@markosaric hello Marko, this one is a new gem to replace Google Analytics, as free software it is MIT licensed, as service it offers a gratis trial. Thanks!

#plausible #freesw #degoogle #alternative #google #analytics

@ademalsasa thanks, glad you like it! perhaps you could try and run it on your site and see how it compares with google analytics?

@markosaric I am sorry I am low in technical things and currently I am very busy I cannot help test it out at the moment.

@markosaric "No personal data collected" is perhaps a goal, but looking at your dashboard I bet you can't guarantee it. A referrer or mistyped URL would be enough to uniquely identify a user.

You are also tracking "visitors" which means you have some way of linking page views for the user, and this must be on some key that can uniquely identify that user.

The website also talks about tracking devices and country, which again could uniquely identify a user.

Other than big claims, what steps have you taken to protect privacy? I'd love to read a design document or something like that.

@irl thanks! i wrote a data policy and it should hopefully answer all the questions when published in a day or so. idea is to provide a good alternative to GA. only country code is used (no more granular info than that), only brand of operating system (not even the version number). page visitors is just the total number of ip addresses. ip addresses are hashed and never stored which is considered anonymized data under gdpr

@markosaric I'm not going to claim to be a GDPR expert, but that's irrelevant as the claim is that you've not collected personal data. I think it is reasonable to say that personal data would include personally identifying data.

The main concern when storing data if you want to protect privacy should be to prevent linkability, however to count unique visitors precisely requires linkability. You may hash IP addresses but when the user returns, you'll hash the IP address again and be able to confirm that it is the same user. In this way, you've stored personally identifying data.

You've not anonymised data, you've given users pseudonyms, which is not the same thing.

I bet that the combination of country code and brand of operating system would be enough to uniquely identify a visitor too in a non-zero number of cases.

@irl that's for the old product. the new product was just released and it has no cookies. new data policy with details is being updated and will go online soon

@markosaric Does it see my site visitors who run their browsers free of javascript?

@markosaric That's a shame. The service looks promising. I'll give it a spin with projects where javascript is required.

@markosaric GoatCounter is a nice similar project, if you're into that. I self-host an instance and so far it's been pretty great. Super light on resources and easy to deploy (It's all packed into a single binary!).

@brian thanks for sharing! we need more and better google analytics alternatives, way too many websites run GA!

@brian @markosaric Looks like GoatCounter does some generalisation (only storing GeoIP results, not unique identifiers) and so is at least going in the right direction for privacy. Thanks for sharing.

I should do a blog post at some point to dig into these privacy policies for self-hosted analytics tools and see how they compare.
Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.