
Show HN: I made a privacy-first minimalist Google Analytics - AdriaanvRossum
https://simpleanalytics.io
======
AdriaanvRossum
Creator here. As a developer, I install analytics for clients, but I never
feel comfortable installing Google Analytics because Google creates profiles
for their visitors, and uses their information for apps (like AdWords). As we
all know, big corporations unnecessarily track users without their consent. I
want to change that.

So I built Simple Analytics. To ensure that it's fast, secure, and stable, I
built it entirely using languages that I'm very familiar with. The backend is
plain Node.js without any framework, the database is PostgreSQL, and the
frontend is written in plain JavaScript.

I learned a lot while coding, like sending requests as JSON requires an extra
(pre-flight) request, so in my script I use the "text/plain" content type,
which does not require an extra request. The script is publicly available
([https://github.com/simpleanalytics/cdn.simpleanalytics.io/bl...](https://github.com/simpleanalytics/cdn.simpleanalytics.io/blob/master/hello.js)).
It works out of the box with modern frontend frameworks by overwriting the
"history.pushState"-function.

I am transparent about what I collect ([https://simpleanalytics.io/what-we-
collect](https://simpleanalytics.io/what-we-collect)) so please let me know if
you have any questions. My analytics tool is just the start for what I want to
achieve in the non-tracking movement.

We can be more valuable without exploiting user data.

~~~
pdkl95
> unnecessarily track users without their consent

Regardless of your intentions, you _are_ collecting enough data to track
users.

> I am transparent about what I collect ([URL])

That page doesn't mention that you are also collecting (and make no claim
about storing) the globally-visible IP address (and any other data in the IP
and TCP headers). This can be uniquely identifying; even when it isn't unique
you usually only need a few bits of additional entropy to reconstruct[1] a
unique tracking ID.

In my case, you're collecting and storing more than enough additional entropy
to make a decent fingerprint because [window.innerWidth, window.innerHeight]
== [847, 836]. Even if I resized the window, you could follow those changes
simply by watching analytics events from the same IP that are temporally
nearby (you are collecting and storing timestamps).

[1] An older comment where I discussed how this could be done (and why GA's
supposed "anonymization" feature (aip=1) is a blatant lie):
[https://news.ycombinator.com/item?id=17170468](https://news.ycombinator.com/item?id=17170468)

~~~
harianus
Good comment! I only store the window.innerWidth metric. I updated the what we
collect page ([https://simpleanalytics.io/what-we-
collect](https://simpleanalytics.io/what-we-collect)) to reflect the IP
handling. We don't store them. And fingerprinting is something that would be
definitely tracking, not on my watch!

~~~
samirm
There is absolutely no reason to collect and store window dimensions, other
than for fingerprinting and tracking. Sure it might be an interesting piece of
trivia for the dev, but it's not necessary for the dev to "make sure the
website works great on all of those dimensions", since that much is already
obvious and presumed when making websites these days.

~~~
Drdrdrq
Actually there is, this is one of the most interesting metrics. It doesn't
have to be precise though, rounding to nearest 50px would be more than enough.
I would argue that height and aspect ratio should be collected too. (I didn't
downvote you FWIW)

~~~
stordoff
Could you round to buckets as well - take the 10 (say) most common screen
sizes, and round users to the nearest? That way users with odd screen sizes
aren't identified.

------
phprecovery
At my work (The New York Public Library), we created a “Google Analytics
Proxy” that receives requests and then proxies them to Google’s Measurement
Protocol so you still get the benefit of using Google Analytics but can
control exactly what’s sent/saved in real-time.

It’s intended as a mostly drop-in replacement for the GA analytics.js API and
to be used as an AWS Lambda.

You can check it out here: [https://github.com/NYPL/google-analytics-
proxy](https://github.com/NYPL/google-analytics-proxy)

~~~
temuze
You all do great work! Love the NYPL :)

------
sondr3
I've moved away from using any kind of script embedded in my webpages for
tracking and instead just use Goaccess
([https://goaccess.io/](https://goaccess.io/)) to analyze my logs. Though
there are obvious caveats with this, you need to install it, configure the
server logging to match it and so on. But personally the benefits outweighs
the cons, it all runs on the server, you are the sole owner off all the data
and this tracking doesn't require any kind of JS on the webpage.

~~~
southerndrift
Isn't there a problem with GDPR compliance if you want to serve European
pages? You are allowed to log IP addresses for security reasons. However, as
far as I understand the situation, you need the agreement of the users if you
use their personal data, which includes IP addresses, for anything else.

Has somebody figured out how to resolve this situation with log files?

~~~
joshyi
Looks like goaccess supports --anonymize-ip=true which sets the last octet of
IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros.

source:
[https://github.com/allinurl/goaccess/blob/master/config/goac...](https://github.com/allinurl/goaccess/blob/master/config/goaccess.conf#L416)

------
mdasen
First: really slick site. I'm not so into the video which takes a while to get
to the point, but the site makes it really easy to understand the point of
your product (and that's something a lot of sites lack).

I do have some questions/comments and I apologize if they seem a bit rapid-
fire.

* When I look at the "Top Pages", there are links. When I click the link, it brings me to that page on your site not a chart of hits for that page. Is that how it's meant to work?

* If I sign up for your service, do my stats become public? [https://simpleanalytics.io/apple.com](https://simpleanalytics.io/apple.com) just says "This domain does not have any data yet" (presumably because Apple doesn't have your script installed). But that kinda indicates that any domain with your script installed would show up there. It might just be an error in the messaging, but probably something to fix.

* What's your backend like? I'm mostly curious because analytics at scale isn't an easy problem. Do you write to a log-structured system with high availability (like Kafka) and then process asynchronously? How do you handle making the chart of visitors? Do you roll up the stats periodically?

* Speaking of scale, if I started sending thousands or tens of thousands of requests per second at you, would that be bad? Is this more targeted at small sites?

* What do you do about bots? Bot traffic can be a large source of traffic that throws off numbers.

* How long before numbers are available? It's September 19th, but the last stats on the live demo are September 18th. Is it lagged by a day?

* Do you not want to track user-agents for privacy reasons as well? Seems like a UA doesn't really identify anyone, but it can be useful for determining if you want to support a browser.

* You're not counting anyone that has the "Do Not Track" header. To me, DNT is more about tracking than counting (which is different). Even if you counted my hit, it wouldn't be tracking me if you didn't record information like IP address and there were no cookies.

Kudos for launching something. I think my biggest suggestions would be fixing
the live-demo page so it doesn't look like it's leaking other site's data and
providing some guidance about limits. It's easy to think that you don't want
to put limits on people, but any architecture is made with a certain scale in
mind. There's no shame in that. Sometimes what you want is a "let us know if
you need more than X" message. At the very least, it lets you prepare. People
sometimes use products in ways you wouldn't imagine and ways you didn't intend
which the system doesn't handle gracefully.

Good luck with your product!

~~~
vanler
Looks like it's public

[https://simpleanalytics.io/simpleanalytics.io](https://simpleanalytics.io/simpleanalytics.io)

------
nickdandakis
To everyone complaining about the price point for this service.

 __You are part of The Problem. __

This is a solo dev 's venture, that has a relatively pure and straightforward
goal. If you can't afford it, don't use it and pick one of the others.

Do NOT compare this with a B2C offering that has nothing to do with analytics.

Do NOT compare this with a B2B offering that's free and feeds your user's data
into the parent corporation's advertising revenue stream.

Do NOT compare this with a B2B offering that is open-source, with a team of a
dozen core contributors that has had a decade of development under its belt.

~~~
curun1r
Heh...I had the opposite reaction to the price. As someone building something
in the analytics space, $12/mo seems so low that it won't get traction beyond
the hobbyist demographic. If you want to sell to business, the price point
needs to be at least $200/mo.

Plus, I have zero confidence that someone using a naive postgres
implementation can scale an analytics backend with customers paying only
$12/mo unless all those customers get barely any traffic. Perhaps if he was
using Timescale on top of postgres, but even then, $12/mo seems awfully low.

But as it is, the price point signals that he doesn't think it's a
particularly valuable service.

~~~
epicmuffin
How do you know the postgres implementation is naive? I've worked on several
analytics platforms...including offshoots of google analytics within Google
itself, and this problem domain is ridiculously easy to shard on natural
partitions. And after sharding, you can start to do roll-ups, which Google
Analytics does internally.

By 2014 when I left, we had a few petabytes of analytics data for a very small
but high traffic set of customers. Could we query all of that at once within a
reasonable online SLA? No. We partitioned and sharded the data easily and only
queried the partitions we needed.

If I were to do this now and didn't need near real-time (what is real-time?)
I'd use sqlite. Otherwise I'ld use trickle-n-flip on postgres or mysql. There
are literally 10+ year-old books[1] on this wrt RDBMS.

And yes, even with 2000 clients reaching billions of requests per day, only
the top few stressed the system. The rest is long tail.

1\. [https://www.amazon.com/Data-Warehousing-Handbook-Rob-
Mattiso...](https://www.amazon.com/Data-Warehousing-Handbook-Rob-
Mattison/dp/1847286658)

~~~
curun1r
There's a comment elsewhere in this thread where he talks about his backend.
He didn't explicitly say it was naive, but he definitely gave off that vibe.
Is it possible to use postgres in a sophisticated way to work as an analytics
store? Sure...Timescale does it and gives you the majority of what you'd need.
But it's hard to get right and the creator hasn't given the impression that
he's well-versed in this space.

------
whylo
This is a great idea and I love the design.

It looks like anyone can see the stats for any domain using the service
without any authentication. I added the tracking code to my domain and was
able to hit
[https://simpleanalytics.io/[mydomain.co.uk]](https://simpleanalytics.io/\[mydomain.co.uk\])
without signing up or logging in. I was also able to see the stats for your
personal site.

Is that intentional? If it is, it seems like an odd choice for a privacy-first
service. If not, it seems like quite a worrying oversight in a paid-for
product.

~~~
aembleton
I see what you mean
[https://simpleanalytics.io/adriaan.io](https://simpleanalytics.io/adriaan.io)

~~~
donaltroddyn
Some people are taking advantage of this to leave messages for us:
[https://simpleanalytics.io/simpleanalytics.io](https://simpleanalytics.io/simpleanalytics.io)

Edit: It seems to have been filtered now, but people were using spoofed
referer headers to leave offensive messages for HN users.

~~~
whylo
Yeah, I saw that too. Someone tested for XSS in the referer too (<script> tag)
but luckily it was escaped

------
teddyh
Please give a comparison to Matomo¹ (formerly Piwik), the current obvious
choice for doing this.

1\. [https://matomo.org/](https://matomo.org/)

~~~
harianus
There are open source alternatives that do similar things, I want to give
people not the hassle of setting up servers, maintaining their versions, and
having no updates if they don't. See it as non-self hosted solution like
Heroku is for deployment. I believe it should be simple as installing a Google
Analytics code.

~~~
teddyh
Matomo has both “cloud-hosted” and self-hosted options. What is the advantage
to using this compared to Matomo’s “cloud-hosting”?

~~~
saudioger
I guess you're not paying Matomo and don't need to have another company
controlling your data?

~~~
dvko
But you're paying a closed-source and for-profit company instead, so how
exactly is that better than Matomo or Fathom?

------
eli
I think there are a lot of misconceptions about how Google Analytics tracking
works. I'm pretty sure a vanilla GA setup does not, in fact, create profiles
that track you across the web. For one thing, all the cookies it creates are
first-party (on your domain).

I still get objecting to Google products on principle, but their privacy
policy for GA seems pretty reasonable to me:
[https://support.google.com/analytics/answer/6004245](https://support.google.com/analytics/answer/6004245)

~~~
amichal
Also:

> When a customer of Analytics requests IP address anonymization, Analytics
> anonymizes the address as soon as technically feasible at the earliest
> possible stage of the collection network. The IP anonymization feature in
> Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits
> of IPv6 addresses to zeros in memory shortly after being sent to the
> Analytics Collection Network. The full IP address is never written to disk
> in this case.

[https://support.google.com/analytics/answer/2763052?hl=en](https://support.google.com/analytics/answer/2763052?hl=en)

~~~
marichards
Why do we trust this statement? It's coming from a company that plays loose
with the law and has had some of the biggest fines ever thrown at it. Sorry,
but with no way to validate this claim, it is meaningless.

~~~
amichal
I'm just quoting them.

I'm well aware that all we have is "certification" and "audit" programs to
verify their claims. I am also that these are less then perfect and they have
been found out to misleading/"lying" before and appeared to prefer large fines
rather then fix the the issue. It is 100% likely that their public statements
don't match reality perfectly.

I posted the quote because there seemed to be a lack of understanding that
this feature even _exists_ in GA. The author of the Show HN post didn't even
have a statement on how IP address logging (and various other PI in the GDPR
sense) was handled when it was originally posted.

BTW, I think it's great that someone is starting fresh with privacy in mind
but even with them we will still no way of trusting what they do with the
packets sent their way...

------
huhtenberg
I assume that it's more of a feeler/prototype than a real product, but even
then it is _really_ basic and through that it's ultimately useless.

A Summary page should show traffic volume, who exactly is driving it and where
it arrives. That's the bare minimum needed to make shown information actually
_useful_ and _actionable_. Things like "Top Domain Referrers" and "Top Pages"
are aggregate vanity metrics, their effective utility is zero. If you have a
spike in traffic, you want to know the reason and with your current design you
can't.

~~~
AdriaanvRossum
These are helpful comments, I will make it more actionable, but please also
understand I need to test if there is a market for it, first. So that is what
I'm doing now and I will improve the product to show actionable information.
Just give me some time.

------
ciex
I am using fathom [1] for this. They allow hosting the backend yourself and
your analytics are not publicly accessible. Biggest con is that each
installation can only track one domain as of now.

[1]: [https://usefathom.com](https://usefathom.com)

------
markstos
I would consider a self-hosted option to be the privacy-first approach.

------
r1ch
Are there any plans to support SRI? It's a pretty big security risk to
incorporate 3rd party JS onto all pages - if someone compromises your CDN
account then they have full control over every site that's using this code.

This is one of the top ways that credit card breaches are happening lately -
e-commerce sites include tons of 3rd party tracking / analytics / remarketing
/ etc code on their checkout pages, one of them gets hacked and the modified
JS posts the credit card form to some compromised server.

------
stephenr
I don't doubt your intentions, but I simply don't believe that any kind of
user analytics as-a-service is ever going to be good enough privacy wise.

Do you know what isn't creepy and privacy invading? Analysing the attributes
of the visitors to FranksKebabShop.com, as part of the tooling that runs
FranksKebabShop.com.

This could be analysing web server/cache logs. It could be a more active piece
of software that operates via JS and reports back to a service running on the
same domain.

I know, I know "everything is SaaS now, nobody installs software". Nobody
_can_ install it if you don't make it installable. Be part of the solution not
part of the problem.

~~~
snaky
> No plans to go open source with the backend

That's the main problem I suppose.

~~~
stephenr
Installable doesn't necessarily mean open source.

I personally wouldn't use one that isn't OSS, but plenty of people don't care
about that, but _do_ care about privacy, including the privacy of their site
visitors.

------
MrQuincle
Well done brother. :-) The more privacy-aware tools, the better!

Something that would interest me, is a little explanation of
[https://github.com/simpleanalytics/cdn.simpleanalytics.io/bl...](https://github.com/simpleanalytics/cdn.simpleanalytics.io/blob/master/hello.js).

You already have very brief comments at strategic points. If you would explain
these one by one, I would learn a lot about optimizing for number of requests,
skipping stuff to load, etc. Maybe a technical blog post at a later time when
the dust settles?

------
pistoriusp
This is very cool - I'm literally building the same thing right now!

~~~
harianus
Thank you! I hope you can learn a lot from my failures! Let's chat some time
if you want.

------
mosselman
For a project of mine I created an 'actions' table in my database. For every
visit (only server-side data) I make an entry into that table. That way I keep
track of key metrics that I am interested in (basically which page is loaded
and where did the visit come from?). I also store the request id so that I can
differentiate between different visits. Entries into this table are made in an
new thread in order to prevent any issues or slow-downs on that end to
influence load-times, etc too much. Works very well.

~~~
Reedx
What did you make to view it? Or do you just run SQL queries?

~~~
mosselman
Haha, yes I just use SQL-queries as harianus suggested. How does he know? I
assume getting on top of the front-page and staying there for a few hours
makes your quick-draw the responses to the comments a bit. Good for him.

~~~
harianus
I indeed did not realise this was a comment on your comment. I guessed
correctly, lucky me.

------
petemill
Screen sizes is ambiguous here - are you measuring viewport width
(`window.innerWidth` - helpful) or the display the window happens to be on
(not too helpful)? Also something to make that data useful would be show the
range of sizes, instead of the top specific size. E.g. 1280 may be _the most
popular_ but there may be more users using larger width windows, just more
variation in those sizes (1320, 1440, etc), so a top level range could be a
nice differentiator here.

But, how useful are these stats going to be without being able to see user
journeys through a path of pages / actions? Yes, it's good to know which pages
are getting how many views. But, in order to improve the UX, we often need to
know how many users are able to go from Page A to Page C and whether they went
through Page B first. Or e.g. if 90% of sessions that start on Page A (so we
know what their purpose was), end on Page B but the main (perhaps beneficial)
action for the user was on Page C. You can't just look at the pageviews for
each, because you don't know where the session started.

I fear that this would reduce people to "inferring" (guessing) too much about
the data that they see, and making decisions they feel are backed with data
when there's not enough data to conclude. Then again, I'm sure that happens
when the data is there too :-)

------
sincerely
Just a heads up, it looks like the Referrals section of your Analytics is
being vandalized

------
Cpmly
It doesn't even offer close to the features Google Analytics offers and costs
$12/month. The same such a service as Netflix costs. The idea is nice but
looking at the actual product here:
[https://simpleanalytics.io/simpleanalytics.io](https://simpleanalytics.io/simpleanalytics.io)

It disappoints in every way, you can't even check yesterdays stats.

~~~
nicksergeant
> The same such a service as Netflix costs

It's a business service, not a consumer service. Apples to oranges. People
will pay for it.

~~~
Cpmly
I doubt that Analytics is a B2B only product, the majority of users will be
private persons running their blog or hobby forum using it.

------
rodolphoarruda
I'm a potential user/customer. I support two small scale websites that give my
two business a presence on the web. By 2013 I guess I started to feel too
anxious when accessing Google Analytics because the service was getting bigger
and bigger. I could not see its "UI boundaries" anymore, and with that I got
the impression I was leaving useful views/analysis behind. Unfortunately I am
the kind of user who needs somebody to provide a set of pre-built
views/analysis I could make sense of. I don't have the time to rationalize on
what I need at various levels and then build the views.

With that said, a minimalist approach to web analytics is attractive to me,
specially if I can see its "boundaries", the set of reports etc.

The argument on privacy (or lack of it) has no impact on my perception about
this service's value proposition.

------
jackgolding
Hi I work in digital analytics and have a question. A problem with Piwik is if
that PSQL database goes down (a database is NEVER 100% up) what happens to the
data your JavaScript snippet is sending?

Will also add a lot of comments here are very unfair I hope you take them with
a grain of salt.

~~~
Findus23
Just FYI: With Piwik/Matomo you can replay your access.log and therefore never
miss any data even if the instance goes down completely:
[https://matomo.org/faq/log-analytics-
tool/faq_19221/](https://matomo.org/faq/log-analytics-tool/faq_19221/)

~~~
jackgolding
Thanks!

------
dna_polymerase
Just a quick reminder, that Fathom started its Pro offering only a few days
ago: [https://usefathom.com/](https://usefathom.com/)

It's also Open Source so you can see for yourself what is going on, or even
self-host.

------
gator-io
Data collection for legitimate purposes came up in our GDPR compliance review.

This product ([https://truestats.com](https://truestats.com)) collects the
I.P. address and user agent for the purpose of detecting fraud (not selling
data or profiling users). It is used for frequency checking and other patterns
that would indicate fraud. We are still going through the legal analysis of
how to deal with this, even though we have no idea who the visitors are.

I think considering the I.P. address as PII is a little much if you are not
using it in a way that would violate privacy or selling the data.

------
pierrefar
Looks good! I'm the founder of a similar service (Blockmetry). Obviously non-
tracking web analytics is the future!

I'm curious why you chose to host the data yourself instead of giving
customers the data immediately at the point of collection. That's the path we
chose for Blockmetry as it genuinely required to be a non-tracking web
analytics service and makes it impossible to profile users. Any service that
hosts its data would still be open to being untrusted on the "no tracking no
profiling" argument.

Thanks, Pierre

PS - YC Startup School founders: ping me via the forums and get an extended-
period free trial.

~~~
cbnotfromthere
Similar service????

Simple Analytics is a real service. Blockmetry is a 90's-looking page with a
"contact sales" button and not even a demo (nevermind a real product).

~~~
ficklepickle
I like to give people the benefit of the doubt. If criticism is necessary,
then might as well make it constructive.

Sure, the blockmetry site has some issues. The menu is unusable on my mobile
(android) and there are no screenshots or explanation of how it actually works
(server/client side, self/cloud hosted?). There are some style choices that I
don't agree with, like the binary background pattern.

But I like to assume good faith unless I have some solid evidence otherwise.
Do you know for a fact that there is no product? If so, please share :)

It is, however, poor form to plug your competing product in a Show HN. It's a
fine line between mentioning and plugging, but I think offering a discount
falls on to the wrong side of the line.

All these things can be pointed out politely.

------
marichards
This is not GDPR friendly.

Executing third party JS on your website is an access to the page content, so
unless the customer never had any user data or sensitive data on the page,
they'll have to categorise simpleanalytics as a data processor.

Referers are often on their own private data, for example
[https://www.linkedin.com/in/markalanrichards/edit](https://www.linkedin.com/in/markalanrichards/edit)
identifies not just you looked at this user, but that you are this user as it
is the profile editing page, unique to this account.

The difference between whether simpleanalytics get or store data might remove
a GDPR issue for them, but it certainly is for customers. Having access to the
IP addresses is sufficient for privacy to be invaded at any point or by
accident (wrong logging parameter added by the next new dev), malice (how can
we illegally use this and lie to customers) or compromise (hackers take
control of the analytics system) and therefore puts users at risk of full
tracking at any point. As mentioned earlier GDPR is also about access, it is
definitely about storage but the part in between of being given data (not just
access to take it and not putting it on disk) is definitely included too.

In summary, simpleanalytics need to stop lying and redo their privacy impact
assessments. Meanwhile don't use third party analytics (I have no idea how you
maintain security control on third party JS) and if you're silly enough to,
then it definitely is a GDPR consideration that needs to be assessed, added to
audit, added to privacy policies, etc.

------
sleepyhead
"We don't use cookies or collect any personal data."

IP-address is considered personal data. So when the browsers visits a page
with the JS, the IP-address of the user is transferred to your server. So that
means the website I am visiting is sharing my IP-address with a third-party
(you).

~~~
xrisk
The IP address isn't stored though.

~~~
sleepyhead
I don't think that is relevant. What matters is that it is transferred to a
third-party. And regardless if it is stored in a database, the servers are
still processing the data (and maybe storing the log of it).

~~~
LyndsySimon
How would you do analytics without the IP address being "transferred to a
third party"? Outside of self-hosting, either the user's browser is going to
be making a request to the analytics provider (and therefore exposes their
IP), or you're going to have to have some sort of proxy mechanism on the
site's server that strips that information and sends it from there.

Am I missing something?

~~~
ecnahc515
It's exactly as you state. This is the problem. The IP address needs to be
stripped before storing or sending to anyone else, or it's still something you
need to consider as personal data. This matters for GDPR. So in effect, this
service still has to adhere to GDPR, because it is in fact receiving IP
addresses, regardless of them getting stored or not.

~~~
iDemonix
GDPR bores the hole off of me so I haven't done much reading, but I do
remember a court dismissing a piracy case recently because 'IP addresses alone
are not enough to identify an individual' \- how would this play in to this
scenario?

------
sergiotapia
>No Evil Corp. Just me.

I would remove this, any company would hesitate to buy a service from a single
guy.

------
vassilyk
I think everyone starts like that.

Then, clients that help keeping lights on start asking for this and that.

And suddenly you end up providing a service with user level insights, cross-
device tracking and advanced behavioral segments powered by ML because why
not.

GA was simple, before.

~~~
harianus
Good thing that you mention this. I get a lot of requests of users that ask
for adding support for custom events. I'm very strict in what I allow. If it
could be named tracking, I say no. Custom events could allow tracking (if
people use it like that or not), I will say no to those requests.

------
tedivm
Is there a way to track country and language as an aggregate? For businesses
this information is extremely useful as it gives an idea of what countries to
expand to or what languages should be supported.

------
tzury
So this is open to everyone?

I mean, can I just see stats of a site that uses the service?

e.g.

[https://simpleanalytics.io/simpleanalytics.io](https://simpleanalytics.io/simpleanalytics.io)

~~~
harianus
No, only if you make it public.

~~~
whylo
I was able to add the tracking code to my site without signing up and could
see the stats without any authentication (see my other comment:
[https://news.ycombinator.com/item?id=18024886](https://news.ycombinator.com/item?id=18024886)).
Is that by design?

~~~
AdriaanvRossum
That is by design. For a very short period I supported a free plan which had
only public data. So that’s why you see the behavior. It will be gone soon.

------
pcmaffey
Very cool! Was just looking into how to configure GA to not use cookies...

Just want to point out for all the front-end devs out there: 12% of traffic to
this site atm is coming from screen-width < 375px.

~~~
harianus
Yes, want to point this out per website. I have websites where there are no
mobiles visits, and some with a lot.

------
chpmrc
Did Google just install your tool?
[https://simpleanalytics.io/google.com](https://simpleanalytics.io/google.com)
:)

------
exikyut
My feedback: someone else mentioned making the tiny live demo button bigger. I
suggest scrapping it entirely... and embedding the demo statistics directly
under the video, or very close to it, to go straight from "why" to "what it
looks like". The chart/stats page design is sufficiently clean that shoving
the whole thing onto the homepage won't actually be an information overload.

Speaking of the video, it's ridiculously professionally done, by the way;
excellent acting to begin with and perfect line delivery (confident, well-
timed, no hesitancy/awkwardness) as far as I'm concerned.

-

Apart from this, my only other advice is - reject buy offers, reject partner
offers, sleep on VC offers for as long as you can (if, ideally, you don't
outright reject these as well), and take this as far as possible on your own.
I say this considering two standpoints.

a) Considering the developer: this is incredibly well done and you clearly
have the competency to drive this forward without assistance. The website and
video presentations are both great; the product defaults easily tick "sane
enough"; and the only thing stopping me throwing money at the screen is that I
have no projects that need this right now - but others definitely will, and I
look forward to seeing this go viral.

b) Considering the product: "oooo internet privacy" is a well-trodden path
with a thousand and one different options which are all terrible in their own
way. You have the opportunity to differentiate by offering something that
gains a reputation for _actually not compromising, even months and years down
the track_ by working to eliminate some of the sociopolitical cascade that can
contribute to dilution of quality. Customers have sadly had good reason to
associate buyouts with rapid decline in quality, so that sort of thing just
looks bad at face value too.

To clarify what I mean by taking this as far as you can on your own: it's
obvious others have already provided assistance - filming and acting in the
video, and for all I know beta testing and maybe other development support -
and I'm not pointing at that and suggesting it will bite you. I mean that, if
you ever bring help on, find a good lawyer who will ensure the project remains
_yours_ and make sure there are no implicit "50/50" partnership agreements or
the like.

I can't find the references right now but I've read of a couple of
projects/products that have exploded sideways (very sadly) because of
jealousies and impedance mismatches creating imbalances that provoke partners
brought onto projects to assume control and pivot things out of a creator's
control, without the creator having any legal recourse.

~~~
harianus
I made the live button huge under the video, thanks for the feedback! Thank
you for the kind words, means a lot! I will read this comment threat a hundred
times after today, for sure!

------
borncrusader
Really slick! Could you throw some insight about the techstack, architectural
decisions etc.? Would love to understand more about those.

------
RealDinosaur
Few Questions: How likely is this to be blocked by uBlock Origin/Firefox
private mode (easy-list etc). Do they have any rules what they consider to be
'ethical analytics'? How much overhead does this analytics package have on
page load.

Have you considered a free tier for up to 1k page views a month for example?

How can this track conversions for A/B testing? This is one of the most common
usages of analytics in my experience. Is there a way to have user based
conversion tracking whilst still being GDPR compliant?

~~~
harianus
If people want to block you, they should. I also respect the Do Not Track
setting. If it is on, I just don't register the visit. I have considered the
free version, but I only want to do this when I have enough customers. A/B
testing is not simple anymore, so probably not doing that.

------
smolsky
This is a fun, self-monitoring prophecy of a kind. You can see clicks
originating from ycombinator after this post went to ycombinator.

------
MentallyRetired
I love it. More of these, please.

As an author of SPAs and PWAs, though, I'd really like the ability to push a
page hit programmatically.

~~~
harianus
This will be added in the near future. Thanks for the support!

------
Reedx
Great work! Nice design and everything has a genuine touch to it. The video is
surprisingly amusing and well done too.

Best of luck with it!

~~~
harianus
Thank you for your kind words, the video was a lot of fun making!

------
aembleton
How can I view a graph for for individual pages? For example, how would I see
the graph for /what-we-collect ?

~~~
harianus
I don't at the moment, this will be done later for sure.

------
ksec
anyone here uses clicky

[https://clicky.com](https://clicky.com)

------
eXorus84
I'm feeling exactly like you. Each time I need to install GA, I am reluctant.
Thanks.

------
xwvvvvwx
In case some people are unaware, after GDPR google released an addon that
allows you to opt-out from google analytics tracking across the web:

[https://tools.google.com/dlpage/gaoptout/](https://tools.google.com/dlpage/gaoptout/)

~~~
lucb1e
There is no such thing as opt out in GDPR. If it's opt out, it isn't compliant
in the first place.

------
fiatjaf
This feels like a rant, but I've posted my
[https://trackingco.de/](https://trackingco.de/) here multiple times, which
has very similar proposal (and is cheaper) but never got a single line of
feedback.

~~~
ianwalter
Here is some feedback:

The example
([https://trackingco.de/public/9ykvs7rk](https://trackingco.de/public/9ykvs7rk))
does not work for me. Also, the first time I visited the site I saw Lightning
Bitcoin and then left. You lost me as soon as I read that because I'm not
interested in that. I was just trying to find a simple (but useful) analytics
service that's easy to use.

~~~
fiatjaf
Well, it didn't have anything to do with Bitcoin until some months ago. I just
changed that because no one was using it anyway so it might as well serve as
another Bitcoin experiment no one uses.

The example should work, however. Well, I guess your feedback was very useful.
Thanks!

------
artur_makly
i love the personal video on a privacy-first site. its a really nice touch.
(no sarcasm) It's really refreshing.

We will consider it. Thanks for making this. hopefully more companies will
follow suit.

------
lcnmrn
Yandex Metrica offers a pixel only tracking option.

------
JepZ
The live-demo button needs to be better visible.

~~~
harianus
Added a big button under the video, thanks.

------
cvaidya1986
Why don't ya apply to YC with this

------
gryzzly
The idea is great, but price is way too high for a simple site. Many people
are interested in anonymised data like pageviews and geographical
distribution, for example, but these people pay 10€/year for domain and often
0 for hosting for static site generators. 12€/month is just really expensive
at this level, but good luck and I’m sure for many people it’s totally fine
price.

~~~
IshKebab
I agree. It would be better to make the pricing proportional to traffic and
have a free tier. With a single price you're both pricing out small people who
just host blogs or whatever and aren't going to pay more than $10/year, and
also way undercharging businesses who don't really differentiated between
$10/month and $50/month.

~~~
harianus
I thought about this, but I love the unlimited part, competitors start with $9
a month for limited visits, for my your credit card charge will be always the
same. No matter how popular your website will get. No surprises.

