A quick look at privacy-focused analytics for small sites

software analytics privacy

This blog has been analytics-free since 2013. Before that I used Google Analytics, then removed it as Google became too pervasive for my taste. I wasn’t looking at stats much, anyway.

Was I getting sweet sweet views? Once in a while I’d get an email with comments or questions, and some of my articles would get shared a few times on Twitter; At times I’ve used Twitter’s search to check if an article was getting traction.

Perhaps that is vain. But if I’m going to spend whole days writing and editing, I need something to feed into my brain’s reward system. It’s a bit out of whack, my brain. Needs a gentle push on the regular.

So I ended up looking at analytics tools that:

  1. Are privacy-conscious, and don’t feed information to Google, Amazon, Microsoft or Palantir.
  2. Tell me which pages are the most visited, because it can feel nice, and it tells me which old articles may benefit from updates.
  3. Are cheap enough.

A lot of paid analytics services have an entry price for monthly pageviews below a 10k limit. I’ll be looking at the price above that as well, because historically my site has been slightly above that limit (though it’s probably lower than that now).

GDPR and Do Not Track

Cookie banners are an ugly and tacky distraction, and I’d rather have zero analytics data than put one up.

I’m hoping that if a service that doesn’t use user ids — not storing IP addresses, no fingerprinting, no cookies or localStorage, etc. — then it doesn’t count as tracking or as requiring user consent.

Sounds reasonable to me, but don’t take it as legal advice that it’s okay to do that; especially on sites with user accounts or user data entry or payments.

One thing I’m not sure about: the DNT (Do Not Track) HTTP header. Should I disable analytics for every visitor with DNT: 1? If the analytics is private and minimal enough, does it count as “tracking”? I’m tempted to ignore it, as long as I’m using a private enough analytics service. But maybe that’s dropping the ball on a commitment to privacy and respecting user intent?

I was wondering if some browsers where sending a DNT: 1 header by default. Looks like virtually no browser is doing that. You’re most likely to get this header from Firefox users, if they set their Tracking Protection level to “Strict” (not the default level). Brave has a fairly hidden preference. Safari doesn’t support DNT at all; I think they removed support at some point, citing inefficiency and a fingerprinting risk.

A random collection of tools

Not a review. I haven’t tried most of these.

Server logs

The received wisdom is that server logs are not reliable since, unlike client-side analytics, they record a lot of bot requests. (There’s nothing special about client-side analytics that filters out bots, but the majority of bots don’t run full browsers to make HTTP requests, because it costs a lot more to do that.)

Still, it was interesting to see Netlify take a stab at building analytics out of server logs, and maybe they got it right enough to be useful. If you’re on Netlify and can pay $9/month, do check it out.

Matomo (formerly known as Piwik)

The big, old, PHP-and-MySQL open source alternative to Google Analytics. Available as a paid hosted service too, but at a price point too steep for hobbyists (€19/month). Does a lot out of the box, and has plugins for more.

Looks like an option, and my web host has an instance already set up. But maybe not simple or minimal enough? It looks like they have a lot of settings or steps to follow to increase user privacy or avoid having to show a cookie consent banner.

Fathom

Best known of the handful of small analytics tools that cropped up recently, Fathom starts at $14/month. Looks nice. I’m a bit concerned that the first item on their Features page is “Bypass ad-blockers”.

Looks like the open-source version, was set aside when the Fathom team focused on building a commercial offer.

Simple Analytics

Privacy focused, built by a 2 person team, starts at $19/month. They do have instructions for bypassing ad-blockers, looks like a common request. They’re European based and do seem to focus on GDPR compliance though; their What We Collect page is a good read.

They seem to have nice features, plus a public roadmap. Overall Simple Analytics tries to balance a strong privacy focus with catering to businesses and marketeers’s needs.

Plausible

Initially built by a developer who wasn’t convinced by Fathom or Simple Analytics — though while they built Plausible it’s likely that those tools improved too. Now a two-person team.

I like that it focuses on bloggers and freelancers as a target market, and its pricing might be the most accessible yet: $12/month for 100k pageviews, and yearly billing gets you a nice 33% discount. Roughly half the price of the competition.

Plausible is also fully open-source (unlike Fathom), but its hosting requirements are a bit complex; this will probably rule out self-hosting for single users, but could be interesting for companies.

Friendly Analytics

Stylized as “🙂 Friendly”. Launched in March 2020, hosted in Switzerland, GDPR-compliant, etc. Looks like they’re based on Matomo, but with customs settings and maybe a custom UI? Not cheap: starts at €9/month, but for very few page views (5k max), so you’ll probably need the €19/month plan instead.

They’re an “Open Startup” and publish detailed revenue numbers on their blog. Could make for some interesting reading.

Metrical

Another 2-person team, this time from Italy. Does not track visits for users with a Do Not Track header. Currently free while in beta, and pricing is announced at $7/month or $50/year (for a 50k monthly pageviews limit).

I read about Metrical in this comparative review of Fathom, Simple Analytics and Metrical.

Goatcounter

An open-source, self-hostable analytics package written in Go (requires a SQLite or PostgreSQL database). Also available as a hosted service, with a generous free tier that should cover most small sites; when using the free tier, the developer recommends donating money to help the service stay up.

The app’s design is maybe a bit less appealing than others, but it has a nice “early Basecamp” vibe if that’s your thing. Goatcounter chooses to ignore DNT headers.

Umami

An open-source project built in 30 days by Mike Cao, Umami is a simple, self-hosted analytics app. The project was announced less than a month ago, but it has seen steady releases since then.

If you’re comfortable installing and running a Node.js app with a MySQL or PostgreSQL database, it could be a fun option.

Ackee

Another open-source, self-hostable project. Version 2.0 was published last month and requires the latest Node.js (Node 14) and a MongoDB database.

I tried the demo quickly, and it looks really good but I didn’t find it as usable as Umami (for example).

Shynet

A Python-based open-source project (self-hosted, requires a PostgreSQL database). Looks pretty good. Their recommandation:

Shynet isn’t for everyone. It’s great for personal projects and small to medium size websites, but hasn’t been tested with ultra-high traffic sites. It also requires a fair amount of technical know-how to deploy and maintain, so if you need a one-click solution, you’re best served with other tools.

Though that is probably true of all the new-ish, self-hosted solutions listed here.

Offen

An open-source web app that you need to deploy yourself (binary executable plus a database, SQLite by default). Offen has a different take on user privacy than all other services and software listed here:

  1. Your site’s visitors must opt in to analytics.
  2. Visitors can access the data that Offen collected about them, and can delete it.

End users get a view similar to what you get as a site administrator, but with only their own visits and pageviews in the data set. Try it out by visiting offen.dev, accepting tracking, then looking for the “Try as user” link.

What I’m picking

I’ve only had broad impressions of the different services and software packages so far. For a small business, I might go with Plausible or Simple Analytics. For this small blog, plans around $15–20/month are excessive, but Metrical and maybe Plausible might work.

I’m also considering giving Umami a try. It should run on my current web host, at no extra cost.

Updates

Changes to this article since initial publication: