Eventually I started making my own web analytics. Which actually isn't that hard. It took me about a month of working on my spare time every now and then. Being GDPR compliant basically means to not save any personal identifiers. At first I thought it would be easy since something like a public IP adress can't count as a personal identifier right? I was very wrong.
How it works: When a user visited my website I saved the IP and Header for 24 hours. Then if they visited again I checked the combination of IP and Header against the ones saved in my DB. If they were the same I simply added 1 view to my data. If they weren't the same I added 1 unique daily user and 1 view.
That's in short how it works. A few weeks later I realized if I had this problem then other would also have it. So I started working on Simplytics.dev. I had to do a lot of new stuff and re-build my code from the ground-up twice. Small things like OAuth was completely new to me and took up a lot of time.
But eventually I got here and just launched something that with the knowledge I have today wouldn't even take a third of the time recreating today. It's my first real "Launch" and it feels really good finally creating something AND publishing it. Instead of a montly fee I opted to make it a pay-once service. Right now it's priced at 49$ but I'll see how it works out.
If you got any questions on how it works Id love to answer them.
On the other hand, a one time fee for analytics I could deploy on my server a) makes financial sense for you and b) is an intriguing value proposition for me.
Have a look at https://once.com/
But I have thought about making it self-hosted too. But there already is so many great products for that out there.
I wish there was a perfect way to do this. I despise subscriptions, I dislike pay as you go becasue it's too complicated, and finally, a one-time fee dosent really work when sold as a service as you said. But I guess these are the options for people not willing to self-host.
If you got any interesting reads on this topic please send em my way.
...from the company behind Basecamp and Hey.com, both subscriptions.
You can self-host Plausible yourself if you don't feel like paying $9 a month.
My problem with self hosted Plausible is that the backup-restore of the clickhouse db isn't as easy. If my service blows, I currently have to start the stats from zero.
You should also list your data processors, for example your CDN and host.
Before this I created a website displaying snow conditions for a few hundred locations in Sweden. I love skiing and ski-touring and wanted a better way to find the best conditions.
Right now I don't have much time to work on my projects since I'm doing mandatory millitary service, which is part of the reason Simplytics.dev took so long to launch. But I'm hoping I might soon make my first buck selling zeros and ones.
Id love to recieve feedback, Hugo
But you're right, might be a good idea to change the name of the key or work it out completely, it does look like it could be a vulnerability from an outsiders persepctive.
I'm also concerned about your claim for GDPR compliance. Keeping an IP address for a day and then incrementing against it is still storing personal information, even if it's not in a cookie. Using a server to do the tracking doesn't automatically exempt it from cookie notices.
Storing the IP address for a day doesn't automatically make it non-PII, either. At the very least you should be hashing it. See what Plausible does at https://plausible.io/data-policy or read up on the GDPR discussion at https://ec.europa.eu/justice/article-29/documentation/opinio...
- Unlimited and free but basic metrics are public for everyone to see (similar to what Github did before)
- Paid but priced at page view consumption, for example: 12,000 page views a month will be charges 1.20 USD, 140,000 page views a month something like 5.20 USD etc...
This is something I might be willing to subscribe to.
If you want to create an analytics product and learn by doing it and sell it, that’s fine. But don’t say you did this because the problem was paying for Plausible.
Also, are you still using IP address?
Your are basically replacing a unique identifying attribute(ip address) with a unique attribute and a maybe unique attribute, to generate a unique attribute.
The problem is not the ip address, the problem with analytics is that your want to count unique visitors but are not allowed to track any properties of the visitor that are unique and hence a protected property of the visitor per the gdpr.
Matomo is a well known open source Analytics alternative, GDPR compliant, used by millions, and it seems to solve the same problem while being freely self-hostable and offering more features. Its cloud version price is more expensive than yours thought.
=> https://matomo.org/
Assuming you had the public IP of an actual user though, how would you link it to a person without asking the ISP?
Ofcourse this evolves as the landscape changes. And it isn't always the case. But the comment is accurate.