319 comments

[ 2.3 ms ] story [ 265 ms ] thread
Google Analytics has a "bot filtering" option that works pretty well (even though it's not perfect). Do the alternatives also have similar features? There is a lot of automated traffic on the internet.
Matomo has the same, works pretty well. Via plugin they can also track bots to show that separately but they're filtered by default.
I'm not sure if it's actually filtered - I think they're just tracked and classified. At least that's what I'm seeing in my instance.
It looks like GoatCounter does; it uses a library, https://github.com/zgoat/isbot by the same author to detect bots.

Detecting and deterring spam and sketchy behaviour while using open source software could be an interesting technical problem area.

Of course. Fathom filters bots on the client side and then looks for bot signs on the server. If it looks questionable, it doesn’t process it.
I’ve been pretty happy with Matomo (formerly Piwik), especially their non-cookie mode. But the interface is ugly, confusing, and makes finding information much more difficult than Google Analytics does.

Edit: One major thing I am unhappy with in Matomo is event tracking. GA makes it much easier (in my experience) to track conversions and events, and presents the data in a better way.

I found the Matomo interface to be a breath of fresh air compared to Google Analytics! As a non-power user, GA was too heavy and enterprise-like. Matomo is much cleaner, simpler, and more efficient for me to work with.
Hi Cenk, I have been building a tool[0] similar to Matomo, but the plan was to make the UI much simpler to use but also provide more premium functionalities (heatmaps, session recordings) for cheaper.

My idea was to focus everything on "segments". So for all the data you can quickly create user segments and instantly filter the data to see only stats for the users you want, or compare stats between segments.

There is a public dashboard that you can check, I would love some feedback if you have the time :)

[0]: https://usertrack.net/

If you decide to migrate off GA, there's very little reason to not use self-hosted analytics.

The only case when you'd get better analytics from a _service_ is exactly a GA-like setup that can track people as they go from one website to another. That is, the real value of an analytics service is derived directly from its ability to invade people privacy, at scale.

Granted, migrating to another service is usually simpler, but it offers NO insights into the traffic that you can't get from parsing server logs and in-page pingbacks. You do however get a 3rd party dependency and a subscription fee.

>The only case when you'd get better analytics from a _service_ is exactly a GA-like setup that can track people as they go from one website to another.

I was once making a service that provided cross site widgets for companies to embed. Obviously it was beneficial to track people as they go from one website to another, but at that point it was beneficial to do it with our own service.

Server logs only tell you about things that happen on your server. If you are using JavaScript it's likely there are plenty of events that might be valuable to you that never leave a trace in your logs.

For example, if you validate forms with JS you might want to track form submissions and validation errors.

> If you decide to migrate off GA, there's very little reason to not use self-hosted analytics.

My personal domain[0] was taken by domain squatters (forgotten bill in debit card shuffle, bought up within seconds of expire) so for now I have to host on github.io. Thoughts on an analytics service?

[0]: http://www.aarontag.com/

My reason is the server not being able to handle the traffic. We used Piwik but I couldn't trust it'd be able to handle big eventual spikes of traffic (which the site itself could, being static and on a CDN) or that it wouldn't slow the site down (if I remember correctly I had the option to call piwik asynchronously and not slow down the site, but at risk that it'd be less accurate if people closed the window / navigated to another page quickly.).

Of course you can run your own analytics on AWS or similar and have no issues with handling traffic, but that means higher costs / difficulty in setting up and maintaining it.

> that can track people as they go from one website to another

Note that even in Google Analytics, this requires extra set-up, has limitations, and tends to be pretty fragile in practice. GA identifies users by a first-party cookie and tracking cross-site visits requires decorating links with cookie values.

If you're interested just in aggregate traffic from one of your sites to another, rather than something that requires full-path analysis (like marketing attribute), then you can get that from looking at referrers. This should be more-or-less equally available in GA and server logs.

I'm honestly curious, are all the analytics tools, which rely on making third party queries, still efficient with extensive use of adblocking these days?

If not, then logs of webservers are the only 100% reliable place (if available of course), so old-style tools like awstats, Webalizer, etc [1] should have a rise in popularity again.

[1] https://en.wikipedia.org/wiki/List_of_web_analytics_software

The issue is that people often use free reverse proxies like cloudflare, that do caching, so not all requests reach the original server.

In this case, the source of truth is cloudflare's loadbalancer, but you have to pay them to get full analytics.

Server side Analytics are far from reliable. Go and try Netlify, then you’ll see how unreliable they really are.

For us nerds, we can always block things using DNS level blocking but Fathom’s custom domain feature has done really well for the majority: https://usefathom.com/blog/custom-domains-embed-code

Good adblockers do DNS lookup to see if subdomain points to tracking server anyway.

Only completely self-hosted (your domain, your tracking server) solutions are resilient to adblocking

You can set up a proxy, which isn't too hard (and operating a proxy is a lot simpler than operating an analytics service)
Interesting, then as a workaround trackers may create an image with pseudo-random src pointing to pageXXXwebsiteYYYclientZZZ.ad.yoursite.com (yoursite.com is the site which serves the actual content), while asking the owner to point NS record for ad.yoursite.com to IP of their DNS server. So HTTP/S request or DNS request can reach them anyway. Obviously DNS caching will prevent them from knowing how many times this particular page was accessed by this particular client, but at least they will know that it was accessed at least once.
Does anyone have experience with passive fingerprinting? I thought about implementing it into our Go backend as a middleware of some kind and track that way. I haven't found anything like it so far, but it would be ideal to track without cookies.
Device fingerprinting falls under European data protection laws, so might as well just use cookies if you're going that path.
That's really unfortunate. Well, at least it's easier to implement a cookie solution then.
I've recently whipped up my own self-hosted analytics solution [0] based on SQLite, Bash and Metabase. It's all self hosted, easy to install and very flexible with regards to the queries you can write and display. Metabase comes with a lot of cool features for display, live reload and other cool stuff. :)

[0]: https://funnybretzel.com/self-hosted-analytics-using-sqlite-...

Looks like a nice combo that can be used for other projects as well; thanks for the writeup! :-)
Thank you for the writeup. Always nice to see new applications of Metabase. Will try it out.
Thanks for the tutorial. Looks interesting.

I'm a fan of GoAccess. Unfortunately the queries are pre-made and there are nearly no options whatsoever. You can't (yet) filter by date for example.

One thing I realized is, that on small sites, like my blog, an overwhelming amount of traffic comes from search engines or bots which are looking for vulnerabilities. Filtering them out takes a lot of time in any self-hosted or self-made solution.

I use GoAccess too. If I want to filter by date (for example) I just run the log file through sed before feeding it to GoAccess.
What kind of server-side analytics are people using today, for personal blogs and things? Projects like GoAccess which eat an nginx log file and output some analytics seem like a nice middle ground for those of us who want some feedback on how people are using a website, without needing all the bells and whistles of something more like Google Analytics (not to mention the fact that it doesn't need any Javascript loaded or anything). Personally I've found GoAccess pretty good, but the interface a little difficult to use and understand, so I'm looking for projects like it.
Server side was how it was always done back in the early days of the web, and analog[0] was state of the art.

Around 1999/2000 there was a rise of ISPs needing to install reverse proxy caches because the growth of consumer access meant they were getting seriously contended on upstream access. I was working at the time at a UK 0845 white label ISP called Telinco (was behind Connect Free, Totalise, Current Bun and other 0845 ISPs), and to my knowledge we were the first in the UK to install a Netapps cache. It was the moment we realised (by checking the logs to see if it was working), just how much porn our customers were accessing.

Those caches blow server side analytics to pieces, because frequently you wouldn't even know the user had hit the page. What server side analytics was useful for is what we'd now call Observability: they gave reasonable Latency, Error Rate and Throughput metrics, which combined with some other system logs might also give you a sense of Saturation.

As such, they were not too useful for marketing. Google Analytics was the first product that allowed high fidelity analytics even if reverse proxy caches (and even browser caches), were all over the place.

And here we are. In a World where we are tightly surveilled by corporate entities in order to try and get us to click on things. Bit sad really.

I'd encourage people to think about what they need these analytics for.

If it's marketing, you might just as well using GA: it's the best product out there. We just need to lobby for better regulation (at least GDPR and cookie setting popovers give us choices on that regard now).

If you're stroking your ego, consider whether such an invasive technology is worth the price, and if you need those numbers.

If you're making sure your infrastructure can handle the traffic, use server side analytics alone. Parse your logs using the huge number of tools out there able to do that in near-realtime, and leave your users' browsers free of tracking cookies and javascript.

[0] https://www.web42.com/analog/

Caches are irrelevant now that the world has moved to HTTPS.
There are no public caches with HTTPS, but there are still private browser and CDN caches to contend with.

To ensure your origin server is hit on subsequent HTTPS requests, you would still need to configure response headers for cache validation [1] to be

  Cache-Control: no-cache
instead of

  Cache-Control: private
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Ca...
Yes, but those are caches that you control, so when it comes to analytics you would get the logs off them too in order to get accurate metrics.
I've setup GoAccess for a client's site, the problem is it doesn't have a great HA solution.

You either ship all your logs to one place (and hope that place doesn't go offline) or ship your logs to multiple places and hope both destinations are in sync. We've opted for #2 right now (hint: it's not perfect) but it's made me think about writing an alternative.

Rather than shipping all the logs all around, my plan is to have each source (i.e. web server) run a process on it's own logs, and use something like Redis to store the aggregated statistics.

Thanks for mentioning Simple Analytics [1]. We are at this point indeed only cloud based. We believe we need to make a business case/profit first before putting a lot of extra work in a open source version and maybe failing with the business. It's a dream to make it open source, but not at this time.

We are very firm on our values. We will never sell your data. We have many ways to get your raw data out of our system (API, download links, ...).

Our collection script [2] is open source and today we are also adding source maps to our public scripts. Open source does not guarantee that a business runs that same software as their cloud based option. We are looking into services that can validate what we collect on our servers. We never collect any IPs of personal data [3].

Great to see more products that care about privacy, I hope they will really care and commit to their values for a long time.

[1] https://simpleanalytics.com

[2] https://github.com/simpleanalytics/scripts

[3] https://docs.simpleanalytics.com/what-we-collect

TIL about European Union Public License:

https://joinup.ec.europa.eu/collection/eupl/introduction-eup...

OSI-certified, copyleft, non-viral, GPL-compatible, SaaS-aware, multilingual

how can it be both copyleft and non viral? isn't vitality a definitive feature of copy left?
> it has no "viral effect" in case of linking
Neither does the GPL or any other licence under European laws.
That's surprising, considering the virality is part of the license text, not the law; does the law prohibit that clause?
Here's a good explanation: https://joinup.ec.europa.eu/collection/eupl/news/why-viral-l...

The short answer is that there are certain protections that ensure interoperability, and that linking to software does not make it a derivative work.

That's an interesting analysis.

That directive is usually understood to be about reverse engineering in order to build compatible software: "to obtain the necessary information to achieve the interoperability of an independently created program with other programs" being a key bit.

It's not immediately clear to me - a programmer but not a lawyer - that this has any bearing on whether linking creates a derivative work.

Have any other experts, or courts, weighed in on whether this analysis is sound?

That's interesting, wouldn't that mean that the licenses themselves aren't in some sense 'legal' in the EU? How does the GPL prevent this from invalidating down the whole license?
I'm kinda confused about that, because https://www.gnu.org/licenses/license-list.html#EUPL-1.2 seems to say that it's possible to relicense the source to GPL which would go directly against Goatcounter's author who apparently wanted AGPL-ish license without ideological fluff.
GoatCounter author here: yeah, that's not perfect; this also came up in the HN discussion for the article a while ago[1]. I've been in touch with one of the authors of the EUPL since and the short of it is that they don't really think it's an issue.

I've thought about this for quite some time, and decided I'll use a slightly modified version of the EUPL which removes GPL from the compatible license appendix. Just haven't gotten around to that for no reason in particular.

[1]: https://news.ycombinator.com/item?id=21914245

Is nice to see Plausible gaining traction. Here is an blog post [1] about how they were asked for using it on site with tens or hundreds of million page view.

I am wondering if HN is interested in hosting analytics like plausible that is open for us to see. Sometimes I do wonder how many page view do HN get per day, where are we all from etc. For example the plausible demo site. 35% are using macOS. But only 15% uses Safari.

[1] https://plausible.io/blog/april-2020-recap

Still no real alternative when on a Github page, or am I missing something?

It's not that I really need statistics, but sometimes it would be nice to know if there is even anything going on or you're just screaming into a void.

But I refuse to spam visitors of my pages with GA.

I turned off Google Analytics, because I realized that it doesn't actually report any useful or actionable data, just vanity metrics, and many of them of dubious quality.

I run a SaaS and what matters for me is paid subscriptions. "Visits" (even if by humans, which is hard to tell) really do not matter much. Yes, I do want to increase conversion rates, and run bandit experiments, but I'm better off doing that myself.

What also matters are search terms, but Google's search console (or tools, or whatever it's called this week) provides that.

Turning off Google Analytics was hard to do psychologically — the Fear Of Missing Out is strong. But it turns out I'm not missing out on anything, except some dubious vanity data. And I'm making the web a better place in the process.

> I realized that it doesn't actually report any useful or actionable data

The actionable part never occurred to me, but makes so much sense. What action could anyone really take, based on the data presented by Google Analytics? On top of my head I can actually think of anything you could easily get from server logs.

One of the reason Google Analytics (and logging solutions like it) is popular is that people don't have access to server logs.
You mean unpopular?
Popular. Because adding lines of javascript is much easier than processing server log files.
Server side logs aren’t an accurate way of doing analytics and bring up compliance challenges (storing access logs and using them for purposes other than security etc.)
Can you talk a little bit more about why server side logs aren't accurate for analytics? I was planning on doing basic analytics (pageviews mostly) using Cloudfront access logs stored in an S3 bucket and queried through Athena for a site I'm working on which uses the AWS stack.

I know Cloudfront logs can sometimes drop, but is there a more important reason you're talking about?

I think with server-side only is harder to filter bots, crawlers and get accurate bounce rates or session length times.
> Server side logs aren’t an accurate way of doing analytics ...

Based on what? Server side logs records what the server itself sent. That sounds like it should offer far more accuracy than what a JS only solution would do.

That being said, if the code for analysing the server logs is lousy, it's not going to help. :)

Before looking at accuracy, you already have compliance challenges with logging IPs / user agents and using it for analytics purposes.
Please don't try and change the goal posts. You said:

> Server side logs aren’t an accurate way of doing analytics...

What is your thinking behind that statement, as it sounds incorrect?

What compliance is challenged by logging user agents?
The identifier in server logs is IP address, which is useless for distinguishing users. On the corporate side, NAT hides all the visits of many people behind a single IP. On the consumer side, ISPs change IP addresses all the time so a single person will show up as multiple IP addresses.

Note that I'm just talking about distinguishing people, not identifying or tracking. A basic question like "how many people came to my website today" is more accurately answered with client-side analytics than by analyzing web server logs.

> A basic question like "how many people came to my website today" is more accurately answered with client-side analytics than by analyzing web server logs.

How can client side analytics be more accurate, when ad blockers stop visits from even being registered by client-side analytics?

I find time spent on page is a great way to measure performance of redesigns on page. There are numerous actionable points.
It might be, assuming two things:

1) That you actually care about this metric. I don't, I do not get paid by the number of minutes spent on pages, I get paid by the number of signed-up subscribers who use my software to make their workflow easier. I can (and prefer to) use bandit testing to measure the performance of redesigns.

2) that it can be reliably measured, which I don't think it can.

We are a SaaS company also, and time spent reading manual/tutorial pages is important to us.

With regards to point two, being reliably measured sounds to me like perfection is the enemy of adequate. Perhaps in low volumes you can't measure certain stats like this reliabily but in large volumes I think it's useful.

Tom Gilb once said that "everything can be measured so accurately that the result is better than having no measurement at all" or words to that effect. I'm sure he phrased it better. In this case, some users aren't measured, which drags down the accuracy of the measurement.

Even if the numbers are off by quite a few per cent, I can easily see how some site operators might benefit from knowing e.g. that visitors close one tutorial much quicker than the others.

As long as your measurement is a random sample everything is okay. Even if it is not, it is much more information than you had before. You just need to keep it in mind when evaluating conclusions. We are not talking about drug tails here and no one dies if the measurement is not 100% accurate.

I am able to measure everything 100% accurate. But this is really really expensive. It's a trade-of.

Hook into onbeforeunload and call your own javascript to post back to your own site to let you know when they've left.
I know how I'd do this, but have no reason to do it.
Unless your page is google.com, where more time spent on page means the experience is worse, not better.
Context is important, and it's one metric amongst others that should be used.

The point is, there are clearly actionable points GA can offer. It's disingenuous to think there are not.

I agree, saying that there are no actionable points in GA is like saying analytics in general are useless.
Counter example: I search for information on a subject. I get many interesting and relevant results and therefore spend more time on the page.
This makes it even more obvious that a longer or shorter session length is not clearly better or worse, it depends on a lot of other things.
Well, you don't specifically need GA for it, but tracking referers to sales, for example...is often actionable. Similar for a funnel view to see where visitors drop off. Especially combined with some A/B testing.
Examples I saw in a website I launched last year: * High bounce rate showed that people did not find the content engaging / not what they were looking for, confirming a hypothesis I had; this was particularly true for certain sections of the website. * Time spent on pages was another metric that was helpful to find problems in some sections. * Easy slicing of traffic sources by referrer and country, showed me that most of my "good" traffic was coming from facebook, so I invested more time there.
To optimize the bounce rate metric even further a funnel can be created and measured. This allows to see bounces for each part of the funnel up to your conversion(s). It is often really valuable to see how a change on your website improves one part of the funnel but impairs another one, and than to think about the reason why this happens.
There are millions of possible answers to this question... Examples:

- Conversion rate grouped by browser and browser version to find browser specific bugs. - Total revenue per user per marketing channel / search keyword / ... to optimize budget allocation. - Revenue by mobile OS version share to decide testing procedures to not optimize for users that don't contribute to your bottom line. - Client side loading times per user location and provider to optimize infrastructure placement. - ...

Analytics may give you the number of paid subcriptions but that is not the reason it exists. Modern analytics systems are build to give you a statistical view of all events/interactions leading up to a conversion or, more important, to a conversion that did not happen. With this information it is possible to optimize all touchpoints a user has with your services.

It is easy to track all aspects of subscriptions including recurring revenue. The data quality depends on the data you send to google analytics and is not "dubious" but in your own responsibility. And google analytics is really good in separating bots from human visits.

If google analytics did only report vanity metrics to you, you most likely did not use it the right way. Maybe you missed the segmentation tools to find groups of users for whom your service did not work out?

> google analytics is really good in separating bots from human visits

That certainly wasn't my experience.

But more generally: I optimize touchpoints using automated Bernoulli bandits with multiple variants. And I track the metrics that really matter (like signups, MRR, churn, etc) very, very carefully. My point was that just adding GA doesn't bring much value, and makes the web worse.

Another example of how page visits don't matter: it's easy to get a huge spike of HN users clicking through. But if my SaaS has no relevance to HN users (except as a technical curiosity), this doesn't matter at all. It won't change my revenue, so it's irrelevant.

Unless you run a site with ads, focusing on page visits doesn't make sense: it's like measuring the performance of a supermarket and getting excited about increasing traffic on a nearby highway. Could it influence your sales? Possibly. Is it actionable? Nope.

GA used to be good in separating the bots from the humans, but now I don't think so. I see a huge number of visitors from Dublin that seem to be AWS sourced bots (and Asburn, both have bounce rates like no other city). Millions of visits, from a place where we would expect thousands.
GA's "Filter bots" setting simply applies the IAB bot filtering list[1]. The resources required to operate a page rendering bot[2] used to be a high enough bar that the ones doing so were large actors and would make their way onto that list pretty quickly.

The IAB list is still a helpful baseline (if overpriced if you want to lease the list itself[3]), but all it's doing is applying suppression based on things like known bot IP ranges and user agents. It's far less effective than it used to be since it's so incredibly easy and cheap nowadays for anyone with an interest to spin up a rendering bot. Now you've got to supplement it actively with your own set of filters and heuristics if you really want to get rid of bot traffic polluting your data.

[1] https://iabtechlab.com/software/iababc-international-spiders...

[2] Scraping bots were cheap and easy to run before, but didn't render the GA javascript code so never showed up in analytics. It's only bots that use something like a headless browser to render the page that show up in GA, and those have only become commoditized and cheap/easy relatively recently.

[3] Google applies the IAB list to your traffic for free if you check the setting for it, but if you want to use the IAB list yourself you have to pay $4k - $14k annually to lease it from IAB.

The bots got better and harder to detect.

You can actually set analytics to exclude traffic from a certain ISP or set of IPs on the View's Filters page. There is some legit traffic that comes from data centers, but only a tiny fraction.

It's more like the supermarket keeping track of what isles people are going down and what items they are looking at. Which supermarkets would do if they could because it's extremely valuable data.
> Which supermarkets would do if they could

They can, and they do. Here[1] is a random example of applying that to a supermarket (the other pages on that vendor's site shows some of the other ways the tech can be used).

Solutions tend to use a mix of video camera data and cellular data (wifi and bluetooth beacons[2]) to track in-store movements and behavior.

Done well, they can also connect individual store journeys to specific point of sale transactions, and understand hoe variations of in-store behavioral patterns ultimately influenced actual transactions. Which opens the door to running in-store optimization experiments very similarly to how you'd run A/B optimization tests for websites/apps.

[1] https://retailerin.com/en/retailerINfor/customer-behaviour-a...

[2] https://www.thinkwithgoogle.com/marketing-resources/retail-m...

So far GA is answering two important questions for me - which marketing strategies are actually working (because it's hard to tell when you've got multiple going at once), and also making sure my marketing is actually hitting the geo-regions I need it to.

That said though once I know which marketing tools are effective, there's nothing more that GA does that CloudFlare couldn't just tell me anyway (i.e. am I getting more or less traffic) and I'll probably drop it as it's one less dashboard to look at - like you said that conversion to subscriber _is_ the ultimate metric for success.

I feel the same way.. mostly. I want one thing from GA and that is user flow. I've first hand seen this help a startup run landing page experiments and very quickly to improve their conversion rates. (The startup was selling a luxury consumer product)

This won't work for everyone and will be of little value to many. However that tool just doesn't seem to exist on most if not all of the lightweight alternatives. Matomo is the only alternative I have seen implement this feature, though those with more experience with the alternatives will hopefully show me I am wrong on that.

I also don’t think google analytics is that useful. It’s one of many possible tools for user tracking, and far from the best one. Thought it’s “free” so I guess that’s why it’s more popular than much better tools.

But the fundamental problem is that analytics provides data and information, when what people want is knowledge and wisdom. But you need to do the work to get it. No amount of analytics is going to tell you that your Facebook ads are underperforming their potential because your buy button is hidden by an overlay in the built-in Facebook browser, especially if Facebook is your best performing channel overall. Analytics can’t tell you what’s not there. There’s no substitute for having developers and marketers actually purchase your product, themselves, on the channels your customers use. And too many companies don’t do that.

Just a hypothesis I have, that most e-commerce companies are leaving millions to tens of millions of dollars on the table by not giving all their employees a corporate credit card and having them purchase their product on it, say, once a month. They’re losing out on far more than they’d end up paying for the few instances of fraud.

For a personal project everyone basically ignored every post I made about it. I used server logs to generate analytics and noticed people hit the first page and left (I assume they spent seconds and left).

I then broke up the main page to many smaller pages and notice people still leaving right away but my documentation page got more overall clicks since the main page didn't massively overload them

I guess analytics don't give you answers but know what pages they tend to click on and what happens when you make a page more simple/more heavy you can figure out a solution

However I didn't end up finding a solution and I'm planning to rewrite my project. I have a better idea how I should introduce it to people next time

This was my experience as well. Early on, when I was still learning, it helped me learn the importance of extremely low Time-To-First-Paint. But now, I just default to good designs that are easy to read. There's nothing new to be learned that GA could provide insight on.

Also, early on, I found the Referrer tracking to be useful for discovering the reach of my projects and to help me get into conversations with users on other sites to help them with using my software. But that feature of GA eventually became useless when Google did nothing to address Referrer spam.

The main product I work on does not use google analytics, but we do use mixpanel to see what our paid users are actually doing with the SaaS. We actually don't care who each user is, we just want the aggregate data. We believe this data is important for retaining paid subscriptions and attracting new ones. Let me explain.

There's one feature that 100% of our subscribers use. I mean, it's the main thing we do and everyone who subscribes needs that function. Even without analytics, we know that we have to continually make that feature faster and smarter to stay ahead of our competition. We know that if we fall behind our competitors, our subscriptions will dwindle.

But, then we have a bunch of other features that help customers solve some edge case problems around that main thing. It's very important for us to know which of those functions are being tried, used, and reused (or not). Not all customers use these features, but some are tools we have that nobody else in our space does. So, having insights on which ones are getting traction and which ones need improvement help us spend our marketing and engineering time better to attract new customers and retain our existing ones.

I can't imagine not having any analytics. I feel like we need them to continually make small course corrections that ensure we're providing the best value to our existing customers.

> We actually don't care who each user is, we just want the aggregate data.

> It's very important for us to know which of those functions are being tried, used, and reused (or not)

Aren't these 2 at odds with each other, or else how can you tell when the same person re-uses a feature? Surely you need some kind of user identifier for that?

Yes, good point, I should have been more clear. You're right that we track unique users, but we do so in abstract. I suppose with some work we could pull together enough data from different sources to determine who a particular user was in a particular session. I just meant that we don't do that and it's not easy for us to do that because we don't care about that type of data. We only care about what each abstract user does in the sense that we want to know the aggregate of how many users did that thing.

Additionally, unlike google analytics, we do support the browser's "do not track" flag. So if a user doesn't want to be tracked at all, we completely respect that.

Good for you! This is the right method. Analytics -- in the sense of watching mouse clicks and reference urls -- are only trying to close the feedback loop FAR sooner than when it actually matters.
Do you not find value in adding events to your pages so you have user funnels for conversions? Or do you think bots cause too much noise for this?
Depends how big you plan on getting. Be infinitely easier to hire someone who knows how to use GA to make decisions, and historical data will be useful at that point.
If you only need page views, for example for a personal blog, try goaccess (https://goaccess.io/).

It uses your server logs for simple analytics.

Just be sure to check with your legal team regarding using web logs for analytics purposes
But then you can't use it on Github Pages, right?
I actually use GoAccess on my personal site, which runs on GitHub Pages. Obviously you don't get the actual web server logs (only GitHub has those), but I have a few lines of JavaScript that hits a 1x1 image on CloudFront with the page and referrer information, and then I download the CloudFront logs and use those with GoAccess. Read more here: https://benhoyt.com/writings/replacing-google-analytics/
seems like... way too much work.

Ive changed to Goat Counter, but thanks

Analytics isn't count a pageviews.

GA also counts - social interaction, events, Ecommerce and many more.

Tangential but...

"Analytics" is rarely useful or unuseful because of the tool. These tools need to be treated as data collection, not reporting.

If your goal is to inform certain decisions, track success or identify problems... a spreadsheet (or napkin) is usually where that happens.

Say you do analysis systematically, make a list of questions and use your tools to answer them... usually you find that the tool itself doesn't matter much, and GA doesn't answer most of your questions out-of-the-box anyway.

Say you want a "funnel." That usually consists of a handful of data points. GA usually doesn't have them by default, without tinkering configuration, etc. Decide what they are beforehand. Understand them. Use GA (or whatever) to get the data.

Finding the tool for the job is much easier once you know what the job is. GA is extremely noisy, bombarding users with half-accurate, half-understood reports.

I've recently been pondering whether to create a log receiver that will produce Prometheus metrics as well as logs for Loki.

Why?

Because there are several open source projects that if joined up in a relatively simple way would provide a full RUM / Analytics solution.

For collecting the analytics: Akamai Boomerang, which is a descendant of Yahoo tooling https://github.com/akamai/boomerang and BSD licensed

Then insert a collector that will produce Prometheus metrics and write log lines. The metrics will provide the timing information and in many ways will be richer than Google Analytics, and the log lines will provide the potentially high cardinality of string based data like user agents, URIs, etc and Grafana supports PromQL queries against logs such that you can gain metrics from the log lines too.

Then add in a free Grafana Cloud https://grafana.com/products/cloud/ and configure Prometheus to scrape from the collector, and Loki to consume the logs.

This is an end-to-end cloud hosted RUM / Analytics solution that for a single user would be free and one can even add alerting.

The missing link is that collector, to consume the Boomerang output and produce Prometheus metrics and log lines for Loki.

All of this is open source and can be self hosted, the only piece you would have to host today would be that custom collector to receive the Boomerang requests.

I too wished for a simpler, less invasive but still Javascript based, esthetically pleasing and free analytics solution (I am a cheap student) : https://github.com/Karalix/feu-analytics

The Firebase free tier seemed perfect for my use case. It is far from being perfect, but Good Enough For Me™

I've been happily using Fathom Analytics: https://usefathom.com and I have zero complaints.

No tracking. Privacy focused. Lightweight. You embed from your own domain. They even do site monitoring now!

Some weeks ago I discovered fathom and I am fully satisfied with it.
Thanks James. You wait till we launch V3 ;)
I have zero use for your product but I just want to say that I love your website ! From the minimal design to the clear and concise copy, to the signup process. It's all frictionless and smooth, you nailed it :)
That means a lot, thank you. We’ve been running Farhom since 2018, and we’ve put a lot of thought into the user experience :)
What's new for V3?
We're not announcing anything just yet but it'll be our best release to date
> "We're not announcing anything just yet but it'll be our best release to date"

not a knock on you or fathom, but it seems like you're in fast-response sales mode here (which is totally fine)... the above is a particularly empty statement. why would any next release not be the best to date?

maybe say it should be an exciting release, which is similarly anticipatory without being meaningless sales-speak.

Good point, heh. We're going to be improving speed of aggregation, real time dashboard, page / ref level metrics, more advanced goals and various other pieces.
thanks! in a background thread, i'm on the lookout for a privacy-focused analytics offering. it's for small personal things for now, so leaning toward simple and free, but who knows what the future holds.
My company switched to Fathom from GA about 4 days ago.

We build privacy software so it felt slightly hypocritical to use a privacy-intrusive service like GA. So far so good.

I went from 0 to Fathom in under 20 mins and for our basic requirements it works really well .

Good job Fathom team :)

Thanks so much, glad you had such a good experience :)
When I try to view your demo page I get 'Secure Connection Failed' every time. Firefox 77.0.1 on Windows 10.
From the site:

> Our on-demand, auto-scaling servers will never slow your site down. Our tracker file is served via our super-fast CDN, with endpoints located around the world to ensure fast page loads.

This suggests that this solution is not self hosted. Is there a solution like this which is really self hosted? This service is one small change away from actually tracking.

Edit: Piwik/Matomo[1] appears to be the most mature one. [1]: https://matomo.org/

Fathom Lite is self-hosted. Lots of people start off self-hosting but it’s typically useful for people with low traffic, or for people whose time is worth less than money, or even those who enjoy it. Because you have to maintain anything you self-host. We like to cater for both.
I am also buliding something similar: https://usertrack.net/

I think the main differences compared to Matomo is that it's simpler (less features), but provides for much cheaper some of their premium features (heatmaps, session recordings).

Let me know if you have any questions about userTrack or any suggestions! :)

Apparently this repo contains "Fathom Lite", a (from a codebase perspective) unrelated predecessor of what is currently being sold as a SaaS.
And it seems that Fathom Lite misses one of the main selling points of Fathom - cookieless tracking.
Yes - Fathom Lite would need a good refactor to not use cookies.
That's the old project- they have decided not to open source the new one.

The open source project is barely maintained at this point- they update the readme and get the occasionally pull request, but it's not really being developed.

I unfortunately switched to Fathom back when they were telling people they were committed to open source, so now I'm looking to migrate off to something a bit more trustworthy.

You've been saying this since last year. If I can help you migrate off of Fathom Lite to something else, please let me know.
Yeah, I've been busy.
I've been using a similar tool: https://simpleanalytics.com/.

I wish they'd offer more plans between the first 2 cheapest, though. My open-source project is hitting the basic plan limits and the next offer is too expensive for me.

SA is good, and Adrian prices their services responsibility. Fathom charges $24 / month as our 2nd tier and I do believe Adrian should offer a middle tier too. But I know nothing about his business behind the scenes, so I can’t comment. Ultimately, you can be confident that he prices his service to be sustainable, which we really respect.
> No tracking

Personally, I think that Fathom strikes a good balance between privacy and usability, but it does still use tracking (or at least it did when I was looking at it a few weeks back) - the difference is that it uses fingerprinting instead of cookies. I think it's implemented in a privacy-focused way, but it does look like they are ignoring some of the EU ePrivacy guidance, which explicitly states that consent should be obtained before using fingerprinting, even if PII can't be reverse-engineered from the fingerprint.

As I say, I think their implementation makes a lot of sense, and even as a privacy advocate myself I think those particular pieces of ePrivacy guidance focused on fingerprinting is excessive. But the EU doesn't seem to agree.

We're not ignoring the guidance, it's just such a grey area when it comes to PECR / ePrivacy. Even the ICO's guidance, it talks about "cookie-like" technology. Our technology isn't cookie-like. And our processing isn't cookie-like either. We've had lawyers look at our documentation and all of them have said it's a grey area.

You'll know this but some people reading might not: Under GDPR, there are multiple legal bases for processing and we rely on legitimate interest. PECR / ePrivacy is the grey area for us and other services.

Having said all of this, we're fortunately moving away from requiring any compliance at all... by avoiding the complexities all together. We're rolling a refactor to our data collector over the next few weeks, and we won't have to have these conversations about grey areas anymore :) We've hired a top-tier privacy consultant and are going to be deploying a huge update, putting us at the top of the list for compliant analytics. Every single privacy-focused analytics service is in a grey area right now (some think they're not but they are). We will be the first to move out of this GDPR / ePrivacy grey area dance.

As you say, you see the logic behind the implementation we had, but we're dealing with politicians who don't understand the difference between Google Analytics and privacy-focused analytics. And that's fine, the work they've done has lead to better privacy for everyone, so we appreciate them.

> We're not ignoring the guidance, it's just such a grey area when it comes to PECR / ePrivacy. Even the ICO's guidance, it talks about "cookie-like" technology. Our technology isn't cookie-like. And our processing isn't cookie-like either. We've had lawyers look at our documentation and all of them have said it's a grey area.

That sounds like you are trying to pick and choose the bits you want to hear :)

There have been several ammendments since the original ePrivacy guidance. There is at least one such directive that is very explicit about fingerprinting specifically. If doesn't use ambiguous language, it states clearly that consent is required for fingerprinting.

As I said, I personally think it's just bonkers, and I think your service is absolutely in the spirit of the ePrivacy rules. But you can't say the rules on fingerprinting are not clear.

I'm keen to see what you've got coming, as the only way I see to avoid consent is not to associate identifiers with users at all - so each page hit would be a completely independent object. Can you say anything about your plans here?

Like I say, we've had lawyers review our docs. Even the term "fingerprinting" has more nuance to it. Fingerprinting is used as a way to attempt to set a permanent cookie / identify an individual, and their actions. We don't do this.

And we definitely agree that it's bonkers.

I can't say anything here until we've got our press release out.

> Like I say, we've had lawyers review our docs. Even the term "fingerprinting" has more nuance to it. Fingerprinting is used as a way to attempt to set a permanent cookie / identify an individual, and their actions. We don't do this.

Ouch, I kind of wish you hadn't said that, because it sounds like you're straying dangerously close into weasel words and deliberately incorrectly interpretations. Sorry if that sounds harsh, but what I've read is very clear.

As before I like your solution, and I think it's absolutely in the spirit of privacy. But the guidance is really clear here, and gives examples of fingerprinting. Nobody said a fingerprint has to be a permanent identifier; as far as I recall, Fathom does use fingerprinting to identify individuals, so that a sequence of page views can be attributed to a single visitor. I understand that those fingerprints include a timestamp, and so are only valid for some time (2 hours, or whatever it is).

Thanks for your input here, Gordon. It doesn't sound harsh at all, you clearly care about privacy regulations and you're trying to help. Ultimately, we had moved based on conversations with lawyers. But as I say, we are rolling out changes this week & next, so it doesn't matter what we think about the regulation :) And thanks again for the challenge.
Thanks for the debate, and I'll be looking out for what you've got coming next!
I run fathom self hosted. I don’t love it and am looking for an alternative. But this is because they don’t update the self hosted version.

I get it that I’m asking for a free service, I just kind of wish they never offered it if they were going to ditch it. I don’t make money off my sites. I wish they had a less than X income version to self host. Oh well.

If you are making money and willing to pay I have a feeling Fathom is great.

You can check out https://usertrack.net, but it's currently $99/life. I do plan to add a free version with some limited features (no heatmaps, no session recordings, no multi-domain, etc.), but the free version should be anyway better than most of the alternatives (fast interface, segments, quick user filtering, easy to install).

If you want, you can contact me on Twitter to tell me what the free version should contain for you to consider using it, or if the current price for the lifetime version is too high for you.

Fathom started out with much fanfare as being Open Source, but as soon as their paid service gained enough traction they went proprietary only.

Can't recommend a company which pulls crap like that. :(

Interesting take. For every star we had on GitHub we did 21 cents in monthly revenue for (around $1300). We needed to turn Fathom into a viable competitor to Google Analytics. We can't do that if we are working a few hours a week on it, we needed to be full time.

Here's a comparison I've always looked at. Here are 2 solid database tools:

Table Plus - https://tableplus.com/ SQLite Browser - https://sqlitebrowser.org/

Table Plus is about 3 years old, SQLite is 6 years old. I have used both but Table Plus is 10000x better and more popular. Everyone talks about it and they innovate fast. They work full time on it too, $59 a license. They are so active, and have so many great features. Full time salaries help with that. SQLite has $102 in Patreon support. Table Plus makes that in 2 sales.

Look at Sequel Pro. One of the best products in the game but it never built a sustainable business model and it wasn't economically viable to continue, and look at it now.

I'm happy to say that we're achieving our goal every day. Our goal is to build a sustainable, profitable business (profitable businesses don't typically close down) that we can we can work full time on every day, moving people away from Google Analytics. For every 1 negative comment we get, hundreds / thousands of people signing up for Fathom.

We've spoken about it here too: https://usefathom.com/podcast/opensource

> For every star we had on GitHub we did 21 cents in monthly revenue ...

Who gives a crap? You guys started out as OSS and said it would continue to be. That turned out to be bullcrap, just looking for exposure.

> I have used both but Table Plus is 10000x better and more popular.

sigh Table Plus supports many different types of database. If people are looking for a macOS specific solution that does that, Table Plus might be a decent choice.

"SQLite Browser" on the other hand is specific to a single database. Though is cross platform and fairly popular in it's niche.

That being said, where are you getting "more popular" for Table Plus from though? Measured by what things?

> SQLite is 6 years old

Huh?

> SQLite has $102 in Patreon support.

You seem to be meaning DB Browser for SQLite.

Do we seem like a commercial project to you?

We recently added a Patreon link to our download page, after forgetting to put it out there much. The Patreon was originally created to cover our server costs (about US$75/mo from memory) some years ago, a goal we reached in 3 days.

That being said, we're trying out various things for a SaaS model as well because - like yourselves - we recognise success there will help with sustainability.

But we're sure as hell not going to bait and switch anyone.

> Look at Sequel Pro. ... and look at it now.

Seems like a commercial product whose organisation went broke, released the software as OSS, and couldn't get traction for that either?

People do appear to have picked up the project again recently, in an attempt to move it forwards:

https://github.com/sequelpro/sequelpro/issues/3679#issuecomm...

> Our goal is to...

Sure. You guys started out by bullshitting people. Unfortunately, the lack of integrity doesn't seem to be directly hurting. :(

One can hope it'll mean missed important opportunities for yourselves later, but who knows. You seem to be really leaning into the sales thing here on HN though.

> We've spoken about it here too ...

With an established history of lying, who cares?

We are 2 indie developers trying to build a sustainable business. We are trying to compete against Google. The idea that the open-source package is responsible for our success is ludicrous. Our success came from thousands of hours of work. You’ll believe the narrative you choose. You’re entitled to that. We will always be “liars” to you because we chose to spend our time building up the paid service. You feel like we should open source all of our code, that’s fine. This conversation isn’t productive, and you seem spiteful, so I’m retiring. And I hadn’t realized that you were the creator of DB browser, that was just a recent example I’d been discussing with friends. Good luck with your chosen path. Please hug your family and take some time to relax.
I'm still trying to understand why your current "production" (eg SaaS) version of Fathom can't also be FOSS.

Other places (eg Redash) do so, and are doing extremely well.

The change from FOSS to non-FOSS, especially throwing away the goodwill you'd started out with... makes no sense. :(

Popularity of DB Browser for SQLite wise, you might want to check our stats page:

https://sqlitebrowser.org/stats/

We're doing decently well, and our GitHub organisation has more active developers now than ever before. :)

I think the biggest peeve people have isn't so much that Fathom v2/PRO is closed source, but rather the "we'll open source it soon" kind of "dangling the carrot" stuff.

In the GitHub issue you mentioned "since people are confused [..]", but people are confused because your communication has quite frankly not been very good. Even today just looking at the Fathom README it's not at all clear that Fathom v2 (or "PRO") is an entirely different codebase/product which merely shares the name and branding, and not much else, and it's not clear that the "Lite" version is essentially unmaintained either.

We're going to make our stance clear with our next release of Lite. We definitely made some mistakes with regards to V2. Originally we had planned to open-source it, but then we decided against it.
Note that Fanthom had a change of ownership, and that the original author doesn't seem entirely happy with the change of direction either.
Ahhh. I thought the original owner sold the project, but didn't realise they didn't have further involvement.

Is that info about the original author being unhappy somewhere public?