Alternatives to Google analytics

natvps_uk

Not exactly an alternative but goaccess is pretty useful

maxxxxx

@febryanvaldo said:
Paid? There are some.

Fanthom Analytics

or Matomo Analytics

There is a lot about anonimization on their website and even a step by step explanation of their method. Somehow they think not using cookies and inventing a roundabout method of acheiving the same, that is fingerprinting and tracking users makes them GDPR compliant without an informed user consent. If it sounds too good to be true it's because it is. Makes no difference what kind of method is used, user consent is still necessary. There are plenty of articles on the web about it and at best it can be called a gray area.

@Daniel15 said:
It's cookie-less, and user session IDs are derived from a hash of the IP address and user-agent, which means it's GDPR- and CCPA-compliant. It also lets you import all your old Google Analytics data.

Same as the above. Plausible also combines IP address and user agent with a daily rotating salt which is discarded after one day. Why not one minute or one year? What makes one day so special that their fingerprinting method does not require user consent?

Disclaimer: I am not a lawyer.

bibica

@vitobotta said:
I self host https://umami.is/ and it's awesome. It's similar to Plausible Analytics (which can also be self hosted) but uses regular Postgres instead of Clickhouse so it's easier to maintain and back up.

I'm also using Umami, same reason as you

Umami mainly configures, installs, backups and restores very simply

Daniel15

@maxxxxx said:

@Daniel15 said:
It's cookie-less, and user session IDs are derived from a hash of the IP address and user-agent, which means it's GDPR- and CCPA-compliant. It also lets you import all your old Google Analytics data.

Same as the above. Plausible also combines IP address and user agent with a daily rotating salt which is discarded after one day. Why not one minute or one year? What makes one day so special that their fingerprinting method does not require user consent?

Disclaimer: I am not a lawyer.

The hash lasts a day so that multiple visits from the same user on the same day count as a single unique user (subject to the caveats I mentioned earlier like not working properly for CGNAT users).

Every HTTP request sends the user's IP and user agent to the server. If Plausible's approach violated GDPR then practically every website also violates GDPR, since server-side hit logs almost always contain IP and user agent, not anonymized. Plausible anonymizes it using the hash, so you can't actually see any user data.

maxxxxx

@Daniel15 said:
Every HTTP request sends the user's IP and user agent to the server. If Plausible's approach violated GDPR then practically every website also violates GDPR,

There are two exemptions where informed consent is not required. When PII is used for the sole purpose of carrying out the transmission of a communication over the network. Second one when PII is strictly necessary to provide the service explicitly requested by the user. That is very limited to cases where without PII communication would not be possible and where it would be impossible to provide the explicitly requested functionality without PII.

Notice how I use PII instead of cookie. It's for a good reason. Makes no difference what kind of thechnology you use, you can use genetic engineering to encode PII in pigeon dna and send it off, informed consent is still necessary unless exempt. Web analytics is not exempt, it's neither required or necessary, your website will work fine without it.

User-agent is already being deprecated in chrome and replaced by client hints which need explicit request so the browser is aware when a website is using it.

If your use case is exempt you don't have to use cookieless gmo pigeons, reducing security in the process. You can as well use cookies and not display any banner at all.

@Daniel15 said:
since server-side hit logs almost always contain IP and user agent, not anonymized.

I recommend you disable IP and UA logging if you don't need it. If you need it inform users in adequate way depending on what legal basis for processing you have.

@Daniel15 said:
The hash lasts a day so that multiple visits from the same user on the same day count as a single unique user (subject to the caveats I mentioned earlier like not working properly for CGNAT users).

The point being to be able to single out users, which requires consent.

@Daniel15 said:
Plausible anonymizes it using the hash, so you can't actually see any user data.

Fathom uses hashing. Plausible uses salted hashing. Similar with other "GDPR compliant" analytics.

They are calling it anonymisation wrong, what they are actually doing is called pseudonymisation. Thus, it is still considered PII. I'm sure you will find WP Opinion on Anonymisation Techniques interesting, it clearly clarifies this common misconception. It also discusses some common pseudonymisation techniques, among those are hashing and salted hasing.

Anonymisation is meant to acheive irreversable de-identification, but then it would be useless for the purposes they are using it for. Even if you assume they are doing it right(which they are not, but for the sake of argument). PII is still being collected and processed and it has to be done legally in GDPR compliant manner, which in this case means you need infromed user consent. See section 2.2.1. Lawfulness of the Anonymisation Process.

pikachupokemon

@Daniel15 said:
I'm self-hosting Plausible and it's working well enough for me. I tested a few others, and it was the best option. https://plausible.io/

Their tracking script is <1KB and it can be bundled directly into your app's JS (via their npm package) instead of having to load it separately.

It's cookie-less, and user session IDs are derived from a hash of the IP address and user-agent, which means it's GDPR- and CCPA-compliant. It also lets you import all your old Google Analytics data.

It also uses a column-oriented database (Clickhouse) which makes it extremely efficient - aggregating 5 years worth of data is no problem. Column-oriented databases are optimal for data where you mostly aggregate columns (e.g. get total number of hits in the past year, get average visit duration over the past month, etc). If you want to self-host, look for something that uses Clickhouse.

It has the same downside that all cookieless trackers have: Unique visitors are undercounted. If multiple people access your site with the same browser from the same IP, they'll just be seen as one unique user. The same with ISPs that use CGNAT - every person with the same browser and the same public IPv4 will be seen as the same person. All other metrics should be OK though.

It's pretty basic though. If you want something more fully-featured, Matomo is a good option, but it's huge and inefficient. Queries are far slower than something that uses Clickhouse (like Plausible) and it uses more storage space.

Does plausible slow your site down?

pikachupokemon

@ailice said:
I using GoatCounter (https://www.goatcounter.com) on my website and its simply amazing
EDIT: Looks like you aleardy mention goatcounter perhaps test matomo?

@ailice said:
I using GoatCounter (https://www.goatcounter.com) on my website and its simply amazing
EDIT: Looks like you aleardy mention goatcounter perhaps test matomo?

I installed this but couldn't get it ot work with cyberpanle. maybe reverse proxy is needed

pikachupokemon

@Edi said:
Matomo (self hosted), Matomo free tier ( matomo.org), or , if you are using wordpress, you can use the matomo wp plugin.

It's good but it can slow a site down.

usacomputer

Definitely a fan of Matomo. Curious about some of the other services mentioned here but I've used Matomo for a few years and it works great for me and my customers.

Goldflag

Rybbit is a good modern one that can handle a huge amount of visits. https://rybbit.com

david

I've been using Matomo for many years (and Piwik, before they changed the name to Matomo).

buggedout

https://liwan.dev super light and works fine.

DrNutella

Umami is great