New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
π¬ Umami β Self-hosted privacy-friendly analytics
Been using Umami lately and it's honestly such a breath of fresh air.
It's a self-hosted alternative to Google Analytics, but way lighter and actually respects privacy. No cookie banners, no bloated scripts tanking your page speed. Just clean data: visitors, referrers, popular pages, device types β the essentials you actually need.
Super easy to spin up on your own server, or you can run it on PikaPods if you want something managed (we offer free starting credit to try it out).
Anyone else here using privacy-friendly analytics? What made you make the jump?
Comments
Been using umami for almost 2 years now, good stuff π
plausible
I use this https://github.com/plausible/analytics
I tried using it on Pikapods and tracking an active forum.
But it demands at least 8 GB of RAM, which is expensive.
Curious. Average reported RAM usage is about 250MB.
Quoting AI:
"While some reports suggest a minimum of 2GB of RAM, the actual resource consumption is very low, often around 1% of a CPU core and approximately 240MB of RAM."
For Umami, minimum RAM is set to 500 MB only.
If any app has wrong minimums, we can correct that.
I've also been self-hosting Umami for 2-3 years but major migrations are a pain!
Currently trying out One Dollar Stats and Databuddy on new projects just to see how they are but so far Umami still has more features.
Bonus mention to PostHog and their unconventional website.
EDIT: fixed ODS link
@m4nu years ago I requested Nginx Proxy Manager maybe its possible, also n8n will be nice addition.
Been using Umami for some months and I like it to be honest, didn't self-hosted until now but I thill I'll do this someday.
https://goaccess.io/ for the win.
Ghostery, by default, blocks Umami.
I've been testing https://openpanel.dev/, which seems to be great so far.
This looks great for logs/origin hits but doesn't give you a true representation of your user base if you're optimized for CDNs.
You would need something client-side for that, not server-side. Many clients block it, but you still get very useful information about your average local/global userbase from the clients that don't.
I mean, for a website that has 2-3K real-time online Umami via Pikapods, it can't run it on 4GB RAM.
I've been self hosting Matomo (piwik) for many years. I wonder how it compares.
I'm using liwan (https://liwan.dev/) for some months now, very lightweight (written in rust), bundle in a single binary, uses maxmind geopip and data is stored in DuckDB. Very portable and doesn't need mysql/postgres.
For Umami, you can customize the script name to avoid this. Done via env var, which we expose on PikaPods AFAIK.
I donβt put limits, but the application and database containers combined take about 310 MB on my server
The UI for this is a lot better but Umami is much lighter weight while doing most of it
Umami will soon release v3 with a new GUI
I have been using Rybbit lately and I really like it. The ui is clean and appealing.
I will try this and see how it handles 2-3k website visitors.
Daily or simultaneous?
https://384.cz/navbar.js
And
grep clicklink.txt /var/log/nginx/access.logSimultaneous, or real-time, but that happens mostly during peak hours.
I will probably host both Plausible and Umami and see which one performs better and feels better to use.
I'm into cooking and stuff, but in my experience, people who say "umami" like four times in one paragraph are the most annoying people. Having a project named after it was not a first good impression so I'm glad you recommend it so highly and therefore haven't turned me off it forever.
For those who are not aware. EDPB has issued updated guidelines in october 2024. The law did not change, it's just clarified a bit; because of the "ambiguities" that have "created incentives to implement alternative solutions for tracking internet users and lead to a tendency to circumvent the legal obligations".
Thus, even first-party analytics require informed consent and for the users to opt-in, same as if you use cookies (it has always been cookies or "similar technologies"). This maens all the "privacy-friendly" analytics tools, including ones mentioned in this thread are illegal without informed consent.
Rule of thumb, if you can turn it off and your visitors can view your website then it requires consent. You can use only what is technically strictly necessary for the website to function. Even the so called "anonymous statistics" require explicit consent and opt-in. A small list of what is not allowed without explicit informed consent and opt in.
Any kind of tracking, this includes url and pixel tracking and whatnot.
Using unique identifiers.
Fingerprinting, based on ip, device or whatever.
URL parameters such as "utm_" and others.
Tracking based on just the IP address, for example if you use IP address to determine the country.
Things like "open rate" and "click rate", etc.
Even if you use just the user-agent consent is required.
Any kind of tracking tools to measure user activity like mouse movements, heatmaps and so on.
Disclaimers like "by using this website you consent to tracking" will not do.
This list is far from complete.
The law does not apply just to using PII, it applies even if you use and kind of "information", thus even non personal data is covered. It also applies to information used not just for tracking of natural persons, but to tracking of companies or legal persons as well.
All those "privacy-respecting" analytics tools operate under a false assumption that replacing cookies with something else makes tracking magically legal.
I modified umami to track UA and IPs.
Though you can already done this with webserver logs.
So no geoblocking?
That's fine if you first get consent from the users before using this data for analytics.
You should turn off webserver logs if you don't need them. If you need them for security like preventing bruteforce login attempts or similar it's ok. But it's not ok to use it for different purposes like analytics without consent.