4 privacy-friendly Google Analytics alternatives
Published on Apr 5, 2022 by Iron Brands
This write-up was long due. The call for Google Analytics alternatives hasn’t been as loud as today. We believe it will become even louder in the future.
A changing business landscape in which data privacy plays a more prominent role has led organizations to rethink their digital practices.
In the real world, we value our privacy, and so do we in the digital world.
Measures to ensure this are already in place with the adoption of privacy laws such as the GDPR, PECR & CCPA. The most recent example of these laws in practice is the Schrems II ruling on the use of Google Analytics.
Consequently, the market for privacy-friendly alternatives is growing, but how privacy-friendly is everyone?
Let’s find out!
This write-up focuses only on privacy. A breakdown based on web insights, ease of use, and costs is also in the pipeline, but for now, we will be looking at how privacy-friendly everyone really is…
The following criteria will form the basis for benchmarking the Google Analytics alternatives:
- Use of IP Addresses
- Data Transfers outside the EU
- Data ownership.
We will be looking at Google Analytics (as a base case), Simple Analytics, Plausible, Matomo, and Fathom.
Let’s dive in
We are talking about alternatives, but it is good to use Google Analytics as a base case. They have received a lot of scrutiny over the past few months concerning privacy.
This is also why the call for privacy-friendly alternatives has never been this loud.
Google Analytics is free, but you pay with your data. The data they collect is not yours to keep. It’s theirs. They transfer the data overseas and share it with third parties.
Google Analytics will change to a new version next year. The change is driven by a changing business landscape that demands less privacy-invasive ways of internet tracking. GA4 is therefore supposed to be more privacy-friendly (but it really isn’t). You can check our analysis on GA4 here.
Yeeey… we made our own Google Analytics alternatives list. We might be biased, but we try to benchmark ourselves on the above criteria as well as any other alternative.
Simple Analytics focuses on privacy. We did not just build Simple Analytics to comply with regulations. We genuinely think we can make the internet a little bit better while still providing in-depth insights to track your website performance.
We believe that the future of web analytics is cookieless; hence Simple Analytics is cookieless by design.
In addition, we don’t collect any personally identifiable information, not even in an anonymized way. Unique visitors are based on the referrer domain sent to us by the browser.
The data is stored in The Netherlands, and the data is yours. The data will not be transferred overseas or shared with third parties.
At Simple Analytics, we respect Plausible. The owners, Marko & Uku, are dedicated builders. They are transparent about their revenue and processes and are highly motivated to make the internet a little bit safer, as do we.
Plausible is also cookieless by design. They store the data in Germany, and the data is yours. They don’t transfer data overseas and don’t share it with third parties.
The most significant difference between Simple Analytics is that Plausible collects IP addresses, albeit anonymized. This is better than just plainly collecting IP addresses, but we say it’s still personal data. Hashes of IP addresses can be used as fingerprints to identify a person online, which is also personal data.
There has been a lot of debate about this as the GDPR isn’t very explicit on different technologies used to identify a visitor (directly or indirectly). So let’s briefly explain what IP hashes are and why we consider them as personal data.
Are IP hashes personal data?
IP hashing is a cryptographic function that transforms an IP address (which simply is a numeric code) into an unrecognizable set of numbers. The hashed IP address can be used to obtain information about an individuals’ behavior without directly storing the IP address.
IP hashing might be more privacy-friendly, but at Simple Analytics, we consider this as fingerprinting. Usually, fingerprinting is a technique to identify a specific user indirectly based on combining information such as timezone, pixel density, device identifier, and default language. You can do the same with a hash of an IP address.
Article 4 of the GDPR states that personal data relates to any information relating to an identified or identifiable natural person (‘data subject’). It mentions various kinds of identifiers like cookies, device ID, and network IP addresses. It is written so that it doesn’t describe specific technologies, like fingerprinting. At the least, it is still a murky area that we stay away from.
The main takeaway: an IP address is a fingerprint in itself. An IP hash can create a fingerprint when combined with other data points.
Plausible, Fathom, and others create an IP hash for 24 hours. With that information, it is able to provide a bit more insights. For example, unique visitor tracking is more accurate (for 24 hours) using IP addresses, and bounce rates can be measured with the collected sessions.
Even if it’s only for 24 hours, we still think it’s tracking. At Simple Analytics, we believe it’s not needed to track visitors at all to provide valuable insights.
But how about the rest?
Matomo was the first Google Analytics challenger on the market. It is quite different from Simple Analytics and Plausible, and it looks more similar to Google Analytics. In terms of data collection, it also takes another stance. It is not cookieless by design.
You do own the data yourself. The data is stored in the EU and not transferred overseas.
It is possible to use Matomo in a cookieless way as well.
We explain this in our comparison between Matomo and Simple Analytics.
Fathom looks very similar to Plausible in their data collecting approach. Fathom also stores a hashed version of the IP address for 24 hours.
For privacy-friendly web analytics tools in general, it’s always a balancing act between providing as many data insights as possible and protecting the privacy of internet users.
Whereas Simple Analytics leans towards privacy-first, Plausible and Fathom try to balance privacy-friendliness and data insights.
Fathom is not an EU company but stores its data in Germany. The data is yours, and it never leaves their EU servers (for European visitors).
The market for web analytics tools is a crowded place. Capterra shows us 361 software products in the web analytics category. However, if you are looking for a privacy-friendly alternative, these are the ones worth looking at.
|Use of IP addresses||Data
|Plausible||No||Yes (IP hash for 24 hours)||Yes||No|
|Fathom||No||Yes (IP hash for 24 hours)||Yes||No|
Over the past few months, we’ve gotten a lot of questions about the differences between Simple Analytics and other privacy-friendly tools. I understand that you evaluate multiple alternatives (and you should) to determine what’s best for your organization.
To articulate the differences in privacy-friendliness between the Google Alternatives, you can use the following one-liners to explain them to your colleagues.
Simple Analytics: "They don't use any personal information, the data is ours, and they don't transfer the data overseas"