
We ditched Google Analytics - AdriaanvRossum
https://missiveapp.com/blog/privacy-first-analytics
======
softwaredoug
On my personal blog, I just decided to go without any analytics. I feel like
I'm writing for myself and to engage a close group of friends. Maybe make some
new friends along the way.

I don't want to blog for page views or retweets, it just feels like it creates
a bad set of incentives. Ultimately the feeder bar of vanity metrics feels so
draining. The important post that 5 people deeply appreciate is just as
valuable as a shallow clickbait listicle post that 1000s of people scan
through.

~~~
mikro2nd
This! Exactly this! The moment you start worrying about _which posts /pages_
people looked at is the very moment you start getting sucked into the vortex
that's called "pandering to the crowd". The extreme end of that is "clickbait
content".

Down that road I wish not to go!

~~~
amelius
Yes, there are much better ways of getting user feedback, for example a
comments section.

~~~
exlurker
Disqus? Just joking. Any good alternatives?

~~~
kdheepak
I've seen a bunch of people just link to HN and reddit discussions of their
posts. On my blog I am using utteranc.es, which let's people make comments
using github issues. It does require making a github account though. Here's an
example of some comments on a post: [https://blog.kdheepak.com/writing-papers-
with-markdown.html](https://blog.kdheepak.com/writing-papers-with-
markdown.html)

------
masonhensley
Nice, idea for someone (I wish I had time)...

"Good Housekeeping Seal" for Analytics

\- Self host analytics

\- Don't use google analytics

\- Don't use tracking pixels (FB, Reddit, etc)

\- etc

"Good Housekeeping Seal" for Billing Practices (in same vein, a little off
topic though)

\- Can cancel your subscription online

\- Sends reminders prior to charging card (dark pattern on some sites)

\- Open receipt API to scrape out historical spend data - started some
thoughts here- [https://github.com/HipSpec/invoice-data-api-
specification](https://github.com/HipSpec/invoice-data-api-specification)

\- No sneaky trial => subscription without warning

\- etc

====

I think most of us here acknowledge that privacy or "how the sausage is made"
generally doesn't sell to businesses & consumers. But I think there's some
fertile ground between a self attestation (PCI style) and a $40-50k SOC Audit.

There are a ton of incumbents that at this point could not strip out spyware
from their application/data stacks even with 100 human years of engineering
effort... could be a competitive advantage for smaller/newer organizations to
leverage.

Good Housekeeping reference:
[https://www.goodhousekeeping.com/institute/about-the-
institu...](https://www.goodhousekeeping.com/institute/about-the-
institute/a31680/good-housekeeping-seal-faqs/)

Thanks for sharing the article, SimpleAnalytics, Posthog & Fathom are steps in
the right direction. Also shout out to Matomo/Piwik, one of the OG's in self
hosted/ Google analytics alternatives.

~~~
AdriaanvRossum
Together with jivings I'm working on a ethical code of conduct [1]. Please add
more if you want. Happy to make this a standard for websites. Maybe add a seal
as well.

[1]
[https://hackmd.io/EmPIHGhTRh6pDSJ1VEgkkA](https://hackmd.io/EmPIHGhTRh6pDSJ1VEgkkA)

~~~
edraferi
Looks good, but needs additional specificity / testability.

> No hidden costs

What is a "hidden cost"? Sometimes pricing is complicated. For example,
shipping and sales taxes vary based on the customer's location.

> No making it difficult to cancel/unsubscribe from a plan

Maybe: "An authenticated user must be able to review their past and upcoming
charges within 2 clicks from the default view. This page must provide
immediate options for cancelling/unsubscribing (2 additional clicks to allow
for confirmation)."

Or weaker: "Users must be able to cancel/unsubscribe by any mechanism that
they can use to sign up / subscribe. For example, if users can purchase a
subscription on the website, a they cannot be required to make a phone call to
cancel that subscription"

> Automated emails to not self generated mailing lists/social platforms

I don't understand what this means. Are you trying to prevent the companies
from using third-party advertising targeting? That seems like an unreasonable
ask. It would prevent using Google/Facebook/Twitter for basic marketing tasks.

> No spammy follow up emails

This is not testable. It would be more valuable to identify quantitative best
practices and publish those. e.g. "When a user cancels a subscription, do not
sent them more than 1 marketing email per month asking them to re-subscribe"

> Allow recipients to easily unsubscribe from mailing-list emails

This should be covered by the "no making it difficult to cancel" clause.

------
ken
Call me old-fashioned, but if developers really want to minimize their impact
on visitors, I wonder why they shifted away from using plain old log files. In
the screenshot of the dashboard, "screen size" is the only attribute I see
which can't be derived from a web server request log entry.

I was using Analog to analyze Apache logs back in the 1990's -- it's older
than JS.

~~~
pimterry
Analytics from server logging breaks in the cases where either:

\- Page navigation often happens client-side (so most dynamic SPAs)

\- Content is often cached and/or served from a CDN (so most non-trivial
static sites)

In reality, nowadays most page loads don't ever touch the origin server, for a
wide range of good reasons. Including analytics in the client-side page
sidesteps that whole problem.

~~~
elcomet
CDN could give you your logs though. I think cloudflare gives you analytics
for example (not very detailed in the free version, but you can get more by
paying).

~~~
cpach
AFAIK Cloudfront also let’s one store access logs.

------
XCSme
I also made the switch two weeks ago and I don't miss anything. I even removed
google-fonts from my site and host the .woff files myself, so I don't force my
users to send requests to Google. I replaced GA with my own self-hosted
analytics platform[0] and I plan to add a lot more privacy features to it.

[0]: [https://www.userTrack.net](https://www.userTrack.net)

------
wgx
I put this line:

 _This site collects no analytics and calls no third-party scripts_

On the footer of [https://remotivo.com](https://remotivo.com) and I've already
had a couple of people comment that they thought it was a nice touch. I just
built this site/bot for a fun side-project, I don't care how many views it
gets.

------
beardbound
I have been in the process of moving all of my stuff off of Google services
(while I have an excessive amount of free time during Shelter In Place. So I
recently moved from Google Analytics to
[https://usefathom.com](https://usefathom.com) . I quite like it. I would like
to see how many people read my stuff, but I value my privacy and would like to
do the same for others. It's pretty good, and

~~~
KingOfCoders
My problem with usefathom is that their analytics hasn't been prooved in court
or by a European GDPR data watchdog to be in the clear of not storing personal
information. If you only want to ditch GA because you don't trust Google, then
I'd also use usefathom.

I think what they do is very clever, but we settled with SimpleAnalytics
instead (not as sophisticated and less analytics, but determine unique
visitors by referral is cleaner and enough for us).

~~~
nicbou
I'd still prefer Fathom because the data isn't fed into Google's fine-tuned
tracking machine. Even if it's not a perfect solution, it's likely better than
Analytics in that regard

------
nwellnhof
You can talk to the Google Analytics API directly and control exactly what is
sent to Google's servers. This also allows to create custom identifiers for
users or sessions, or to track no personally identifiable information at all.
A good starting point is Minimal Analytics which also removes lots of
unnecessary bloat:

[https://minimalanalytics.com/](https://minimalanalytics.com/)

~~~
XCSme
That's cool! Isn't the client-side request to `www.google-analytics.com`
enough for Google to track users between sessions and domains?

~~~
Nextgrid
Yes definitely. They collect the IP address and a browser fingerprint at the
very least.

I'm not sure if this is doable by proxying through the server, so only custom
events (with an unrelated IP - the server's one) are sent.

~~~
nwellnhof
Google Analytics never uses browser fingerprints. The default tracking scripts
only use first-party cookies. If you call the GA API directly, you don't even
need cookies or local storage. This will make some of the reports meaningless,
of course. The user's IP address is obviously sent, but it can be truncated by
setting an option.

~~~
Nextgrid
> The user's IP address is obviously sent, but it can be truncated by setting
> an option.

The IP address is inherently sent due to how the internet operates (unless you
proxy GA calls through your server, which I'm not sure is even possible).

The option to "truncate" the IP address just tells Google you don't want to
store it for _your_ analytics. It has no effect on whether Google still keeps
it on their side for their own benefit.

------
dpcan
Is anyone using an open source statistics system that's as simple as simple
analytics? Maybe even something that can be setup to run stats for multiple
clients from our own VPS?

~~~
rkwz
Freshlytics -
[https://github.com/sheshbabu/freshlytics](https://github.com/sheshbabu/freshlytics)

* Cookies are not used

* Personally identifiable information (PII) is not collected

* See the pageview in different dimensions like page urls, referrers, browsers etc

* Supports multiple projects

* Supports RBAC

Screenshots -
[https://github.com/sheshbabu/freshlytics/blob/master/docs/sc...](https://github.com/sheshbabu/freshlytics/blob/master/docs/screenshots.md)

~~~
edraferi
Looks useful, but it depends on PipelineDB, a PostgreSQL extension for
streaming data. Unfortunately PipelineDB hasn't been updated since May 2019
[0] when they were acquired by Confluent [1]. The former PipelineDB team
appears to be focused on Confluent's KSQL product [2]. There's an open source
"ksqlDB" but it appears to depend on Kafka, so it's not a 1:1 replacement for
PipelineDB[3].

[0]
[https://github.com/pipelinedb/pipelinedb](https://github.com/pipelinedb/pipelinedb)

[1] [https://www.confluent.io/blog/pipelinedb-team-joins-
confluen...](https://www.confluent.io/blog/pipelinedb-team-joins-confluent/)

[2] [https://www.confluent.io/blog/confluent-cloud-ksql-as-a-
serv...](https://www.confluent.io/blog/confluent-cloud-ksql-as-a-service/)

[3] [https://ksqldb.io/quickstart.html](https://ksqldb.io/quickstart.html)

~~~
rkwz
Yes, I'm relying on the "continuous views" feature of PipelineDB which is like
autorefreshing materialized views. I'm planning to swap PipelineDB with
TimescaleDB in near future

Most of the heavy lifting is done by Postgres/PipelineDB with Node.js as a
simple wrapper so it's both performant and consumes less resources.

[http://docs.pipelinedb.com/continuous-
views.html](http://docs.pipelinedb.com/continuous-views.html)

[https://docs.timescale.com/latest/using-
timescaledb/continuo...](https://docs.timescale.com/latest/using-
timescaledb/continuous-aggregates)

------
honksillet
Question: If you don't use google analytics are you penalized in google SEO?

~~~
markosaric
No. Google employees have denied that on multiple occasions[1]

[1]: [https://plausible.io/blog/google-analytics-
seo](https://plausible.io/blog/google-analytics-seo)

~~~
rplnt
The answer to "will using other analytics penalize you?" is "probably". Now
let's rephrase the original question, "Will using other analytics penalize you
more than using ones from Google?".

------
je42
To remove google analytics, I will be implementing snow-plow. First PoC was
quite good.

Dashboards via BigQuery + Google Datastudio + Custom stuff.

------
pst
I ran for quite a while without any analytics after removing GA. I've now
settled on Fathom for Kubestack.

It was important to me to be mindful about the privacy of my visitors but at
the same time I need some data to see if I'm on the right track. Fathom seemed
like a good compromise.

------
kmfrk
How private is using localStorage for ID persistence instead of cookies for
Google Analytics - and in general? It's what I'm using, but obviously it takes
an expert to figure out just how much of an improvement it is.

Apparently Service Workers can also be used.

[https://developers.google.com/analytics/devguides/collection...](https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-
user-id)

~~~
nerdponx
Seems to me like LocalStorage in this case is just a way to get around people
deleting/blocking cookies. What would be the legitimate use?

~~~
dgb23
> What would be the legitimate use?

Caching/storing GUI state and user configuration.

You (the server) doesn't need to know about LocalStorage contents. You can
read and write from it via JS without ever sending that data somewhere. It
actually improves privacy if done this way, because then the user owns the
data and you just act upon it.

Unfortunately Apple thinks otherwise, they clear LocalStorage in Safari after
a while by default.

~~~
itsthisjustin
Yeah we use this on our Chrome Extension Next Up to avoid sending data to our
server. Keeps everything cached locally and lot less data in transit

------
unnouinceput
Both google analytics and google tag manager are blocked in NoScript for me.
If your site is using them they're useless for me and my actions on your site.
Also every single one of my clients are blocking them too. Part of talk with
my clients is to also make them install NoScript + uBlock Origins.

------
luxurytent
I was just in this place two days ago, wanting some basic analytics from
nginx, but not wanting to add GA tracking to my site.

I found: [https://goaccess.io/](https://goaccess.io/)

Had not heard about Simple Analytics before but I will check it out!

------
tarun_anand
Let me first of all congratulate you. And secondly throw my hat in the ring.
We offer a commercial alternative to Google Analytics and have seen massive
interest in this space.

Please let us know if you are looking for alternatives.

------
rado
My personal blog also ditched GA and uses an alternative tool without cookies.
Admittedly, it's harder for businesses whose management is steadily being
replaced by analytics.

------
raverbashing
Sounds great! Though I think GA has a "more-private" mode (though it still
requires cookies).

Their product looks interesting, something like a collective inbox + Google
Wave builtin

> How to run analytics without a consent banner? It is simple; don't use
> cookies nor collect personal information.

Again, please. Louder for the people in the back. Thanks

------
hayksaakian
if all you need is counting a number of users, then you can use cloudflare
analytics

~~~
cj
Does Cloudflare have decent user permissions yet?

Last I checked, it wasn't possible to grant permissions to (for example) a
marketing employee who you don't also want permission to edit DNS records.

Edit: I see "Role based account access" is a feature of their "Enterprise" /
"request pricing" tier...

------
hosanex
Why don't you use mixpanel or something. You'll write the code so you won't
have to use JavaScript snippets that do shady things with cookies etc.

