The principal privacy-related concern with any form of analytics is that of tracking by _a 3rd party_ across _unrelated sites_. And this concern is fully addressed by simply not using external analytics services and relying on a self-hosted one instead.
So I really don't understand the whole exercise with not using random techniques that may be abused by 3rd party analytics services and then somehow claiming pro-privacy focus, whereby the solution is to NOT make yet another analytics service.
The only right way to do "privacy-focused" analytics is to offer a self-hosted option. Whoever makes a proper clone of the the original Urchin, before it mutated into GA, will strike pure gold.
What features are missing from those platforms that the original Urchin had?
And if it's a 3rd party service, then it's not option for anyone who genuinely cares about visitors' privacy.
Always wanted to experiment with the empty_gif module from nginx, and process the logs offline. A quick search shows a bunch of guides offering exactly that.
(Yes, it would obviously need a bit more than just a log parser but that would be the easy part, IMO. Separate the backend from the front and let JS folks write their own UI for This Weeks New JS Framework. Maybe you could even use PiratePx as the frontend.)
Like mentioned by other you of course lose a little bit of accuracy and you don't have front-end tag manager related features (like listen to scroll positions and element events). Although you gain a bit of accuracy too, because some privacy tools block analytics calls which isn't possible with the access logs approach :)
Cloudflare analytics suffer heavily from the problems I mentioned.