The market for Google Analytics alternatives is crowded. There's Plausible, Ahrefs web analytics, onedollarstats.com, PostHog, Matomo, Unami, Grafana, Microsoft Clarity (free at any scale), and so many others. Despite minor differences these products all compete for the same users (e.g. if someone is a PostHog customer they probably won't be using Ahref web analytics) yet most of these companies offer generous free tiers while rybbit only a free trial.
How do products like rybbit.io stay competitive without a similar free tier or major differentiation? Is rybbit generating revenue for its hosted plan?
As a founder in this space, it not as bad as you think. There are niches in this crowded yet broad space.
Plausible - good for self-hosting, but their SaaS is very expensive and FOSS vs SaaS offering differ.
Ahrefs - they will use your traffic to improve your competitor research, you really should use them cautiously.
Matomo - feature rich but can be overwhelming.
Posthog - its SaaS is US based so dismissed early by EU customers.
Clarity, like GA has serious privacy issues.
Our product, Wide Angle Analytics, has its own gotchas compared to competitors - its opinionated and there are folks who do not agree with our opinions, but the landscape of websites is so vast that you find your client nevertheless.
That said, we are still in business after 4 years, and we saw few competitors disappear or get acquired and extinguished.
So, all the best to the OP. Hope you find your niche :)
What's your sales strategy? Is cold calling companies with google analytics installed on their websites more effective than the blog? Have you been able to retain Next.js users after Vercel released Web Analytics?
This is pretty spot on. There's a couple of dimensions the major players sit on, and there's enough combinations that there's plenty of space for smaller players to survive in.
I'm not super familiar with all of these products, so some of these ratings will be based on vibes
1-----------------10
OSS <-> Proprietary
Small business <-> Enterprise
Simplicity <-> Complexity
Web analytics <-> Product analytics
Privacy <-> No privacy
# Rybbit (me) - just launched $0
OSS/Proprietary - 2
I use AGPL 3.0 which isn't as permissive as MIT
Small business/Enterprise - 5
I definitely want enterprises to use Rybbit, but it's hard to target them at this stage
Simplicity/Complexity - 6.5
I think Rybbit is going to end up as one of the more feature-rich OS analytics tools, but I hope it stays easy to use (famous last words)
Web analytics/Product analytics - 4
Want to target both eventually, but my product analytics is weaker relatively
Privacy/No privacy - 3
Can be as GDPR compliant as others, but can also be configured to be a bit more invasive
# Posthog - ~15M ARR
OSS/Proprietary - 4
Have a bunch of enterprise licensed parts of their repo and they tell people in their docs to not self-host it because it's too difficult.
Small business/Enterprise - 8
Seems like they hook startups in with generous free tiers and then milk the unicorns that come out
Simplicity/Complexity - 10
The scope of Posthog is awe inspiring. They are literally 10 startups in 1
Web analytics/Product analytics - 8
I believe product analytics was their first feature
Privacy/No privacy - 7
I think they use cookies?
# Google Analytics
OSS/Proprietary - 10
Small business/Enterprise - 9
Free for everyone but it's clear they don't care about regular users that want to track their small site
Simplicity/Complexity - 8
If there was a dimension for usability it would be 11/10 totally unusable
Web analytics/Product analytics - 6
Not too sure about this one
Privacy/No privacy - 9
i mean it's google
# Mixpanel - $200m ARR
I'm the least familiar with this one
OSS/Proprietary - 9
Small business/Enterprise - 8
Simplicity/Complexity - 8
Web analytics/Product analytics - 9
Privacy/No privacy - 7
# Umami - unknown ARR (maybe 500K?)
OSS/Proprietary - 1
MIT license, no enterprise only features from what I see
Small business/Enterprise - 5
Seem to have some big names on their site
Simplicity/Complexity - 4
Web analytics/Product analytics - 5
Privacy/No privacy - 5
They claim GDPR compliance but I've self hosted it and they clearly fingerprint users without any obvious opt out.
# Plausible - ~2m ARR
OSS/Proprietary - 4
AGPL v3 and some a some enterprise features the community version doesn't have. Also they use Elixir so i doubt anyone actually reads it/s
Small business/Enterprise - 6
Have to be selling to enterprises with that ARR
Simplicity/Complexity - 3
Tool is very simple at the surface, but there's a lot of config options under the hood
Web analytics/Product analytics - 3
Mostly just web analytics
Privacy/No privacy - 2
This is a big focus for them
# Simple Analytics ~500k ARR
OSS/Proprietary - 8
Closed source, but they are an open startup that shares their financials
Small business/Enterprise - 3
They show some big names, but the creator is an indie hacker
Simplicity/Complexity - 2
Self explanatory
Web analytics/Product analytics - 2
Privacy/No privacy - 2
Very GDPR compliance focused
If this was a multi-dimensional vector, I'm trying to fill the space between something like Posthog and Plausible, where we are as open source as either of them and fill the missing space between extreme simplicity and extreme complexity.
Builder of rybbit here - I will probably add a free tier in the following weeks. I didn't was because I was scared of being overloaded by an influx of free users, but that doesn't scare me anymore.
I started working on this 4 months ago and only publicly launched a few days ago.
As for monetization, I have no idea yet. I'm happy to collect stars for the time being. What do you think I should do?
Not sure, but I'm definitely interested in following your business and seeing what your strategy will become because I was building something similar but when larger teams starting releasing free solutions I couldn't think of a way to compete. Best of luck.
> if someone is a PostHog customer they probably won't be using Ahref web analytics
It's (un)surprisingly common to end up with multiple website analytics products on the same site; marketing wants these two, another department wants another. When I had ghostery show the list of things it was blocking I often saw multiple, overlapping-feature-set analytics integrations being blocked on the same site.
You would be surprised how many companies do in fact use multiple analytics services.
Only one tool will be a 'source of truth' but a company using a combination of something like GA4 (Business source of truth), Mixpanel (product insights), and Clarity (Landing page analysis) is not unheard of.
The types of companies that use multiple services are also the types of companies that are likely spending $1,000s per month as well, so overall quite a profitable industry for many companies to operate in.
I can only speak for myself (I made UXWizz): I feel like interest has always been there for different platforms, most are still too simple or too complex and hard to set up and use.
In my case, I am simply focused on the self-hosting niche, trying to make the best self-hosting experience. I have an advantage here, because most other tools earn their money from their cloud version, so they don't really want you to self-host, thus usually provide different "open-source" versions and rarely provide support for it.
Also, because "cloud-focused" analytics are built for scale, they are actually not optimal for tracking smaller amounts of traffic (most websites don't have millions of visitors per month), so they use more resources for running scale-proof stacks.
I'm working on releasing a product and I am trying to figure out between: self-hosted and SAAS model.
My question is: I want to release it as self-hosted, but I think the risk of giving the customer the source code is too high... they can just release it as open-source or sell it at a lower price, so my business is dead? how do you do it?
Is it worth trying to obfuscate code or compile it as a binary so they cannot access the code?
Also, with it being self-hosted, how are you chargin a monthly fee? If you are chargin for a monthly fee, can't the customer just remove the product licence validity check? e.g. they remove verification that they have purchased a licence?
Posthog is pretty good but very pushy towards using their SaaS (understandably). Self hosting is not really advertised on their main site however is buried in their gh repo as a footnote [1] with indications of vague issues past 100K events/month. Haven’t delved into how to scale it past that though and they do provide some docs that I have yet to review.
Also the primary repo is not FOSS, and that "100% FOSS" repo is buried in yet another footnote [2].
Plausible follows in PH footsteps but is not fully faithful to open source. If you want to self host, you won’t have same set of features as their SaaS and need to rely on long term releases for their "community edition" [3]
On "Ahrefs", is there even an open source version of their product? I couldn’t easily find it (on mobile). [4]
Maybe I’ll take a look at others you mentioned later but if rybbit can remain faithful to their FOSS roots then I think there’s a real chance of it becoming huge.
For thosw that don’t want to self host (mostly corporate shitholes), rybbit can milk them with their managed SaaS product.
I think Posthog is incredible, and there's no way I (it's just been me building rybbit for the past few months) will be able to compete with them on their full scope of features for the foreseeable future.
I tried to self host Posthog for my other project as it far exceeded even the generous free tier. I have a Hetzner bare metal server with 64gb of ram https://www.hetzner.com/dedicated-rootserver/ax42/ and it was running all 16 cores at 100% and didn't end up working. So I think Posthog's stack is just way too heavy to self host effectively, and it's just not in the same category as Plausible, Umami, or Rybbit.
I'm trying to build best OSS analytics out there - and even though it's super crowded, most non-trivial websites run one so there is space for everyone to survive in.
> "Self hosting is not really advertised on their main site"
How would rybbit.io make money if they are only better at self hosting? Wouldn't the users they are targeting only self host anyways?
> "On "Ahrefs", is there even an open source version of their product? I couldn’t easily find it (on mobile)."
Not all of these companies are open source but they are still competitors because they have generous free tiers so the cost of self hosting an alternative wouldn't be justified.
Yeah, this is why I think cloud-based with free self-hosted version doesn't work, because they are basically competing with themselves if the self-hosted version works too well.
PostHog and Plausible are both open source and not backed by big corporations but if sharing data to third parties and being open source is a concern (which seems to be the selling point rybbit.io is targeting) I would expect users to self host instead of paying for a hosted plan anyways?
Which ones are embeddable? Often I need to embed some analytic charts for users in my app e.g. blog views and very few support easy embedding+authentication.
I am actually implementing the widgets/embedding feature in UXWizz.
What type of authentication would you need? A simple token in the embedding URL? Or you want a way in which you can publicly share the URL, but require a password/auth?
Grafana isn't a Google Analytics alternative. You can build a lot of what you need with it (I've done that), but you still need to manage the actual Analytics part separately, Grafana only gives you the visualization.
It's okay, but I probably wouldn't choose it again. The ease of setting up Dashboards and Panels is great at first, but you pay for it with a low ceiling of what you can do (without building around it) and a "we trust everyone" approach to security.
My experience is that out of my other logs/metrics (cloudflare & server logs) Umami was the only one that didn't overinflate by counting bots and crawlers.
I know the true state of my site visitors: the vast majority of legit visitor traffic is from my own home IP, and my own mobile IP. Umami was the only one to show that.
For me, the best Google analytics replacement has been nothing. Just don’t do analytics at all. Your web site will still work without it. In fact, it will work better!
> Your web site will still work without it. In fact, it will work better!
It objectively won't.
Analytics tell you where your website isn't working, so you can fix it. Buttons you thought were obvious that users are blind to. Pages where nobody scrolls because they didn't realize there was more content. Figuring out where users get stuck because they don't understand the navigation you designed. Etc etc etc.
If you have a hobby website, then sure maybe analytics don't matter. But the idea that sites work better without analytics makes as much sense as saying you'll see better when you wear dark sunglasses.
Once upon a time we did analytics and error analysis by running shell scripts executing awk, sed and grep over a apache or nginx access log or error log.
What I am trying to say is that you can still do analytics, even pretty advanced stuff with some more elaborate scripting, if you want. The only thing you need is the access log.
Something which has been largely forgotten ever since tools like Urchin became a thing :)
Except if any of your pages are cached between eyeball and your server and so your server logs don't capture everything that is going on. You can get fancy with web server logs, but depending on what you're trying to understand it may not be the data you need.
<source: did fancy things with logs over the last 25 years, including running multiple tools on the same site in parallel to do comparisons (Analog, AWStats Urchin, GA, Omniture, homegrown, etc...)>
One of the greatest jobs I ever had from a technical perspective had terabytes of structured access logs hosted on prem inside of a VPN, with a few small bespoke tools to search through them (and many more pages of commands for common tasks not yet implemented in a UI).
Not a single line of tracking or analytics on the front end, we just tracked everything we cared about at the server level.
However, if you do this, you will still need to comply with all relevant privacy laws.
For example, in the EU, you need user consent to use server logs that include IP addresses for analytics. You also need to provide post-consent opt-outs and privacy statements and audit logs and all off a sudden you're building another analytics tool.
Urchin was acquired by Google and was ultimately sunset in favor of Google Analytics. It supported local and hybrid analytics models, the later arguably evolved into Google Analytics.
That's just not realistic though. People with marketing departments need analytics. Otherwise, they atrophy and reveal to everyone they are not as necessary as led to believe. People without marketing departments probably never look at the logs like you.
True, but for personal/hobby sites you probably are just better off just not knowing. Nothing good comes of tying your self-worth to how much attention you think you're getting.
> Otherwise, they atrophy and reveal to everyone they are not as necessary as led to believe.
In my experience, when analytics and the related ads tracking tools break, Marketing departments are revealed to be much more important than generally believed in the business.
Product people need analytics too. You need to know how many people use each feature to make informed decisions on what needs to be invested in, what should be cut, etc.
There were a gajillion of these things before Google Analytics. Probably the best options were those that relied on log analysis rather than having a JavaScript bug on every page.
The documentation states that rybbit does not use cookies and is compliant with the GDPR. The first part is true but, looking at the code (very nice to have it available), the tracking is done by IP address, trading one piece of tracking data for another.
I realize that this is probably the only way it could work but it is not clear to me that tracking by IP address (even over a single session and shredding the data once a day) is any better from a GDPR standpoint.
People seem to occasionally post cool new solutions, though it doesn't seem like Matomo has gotten that much attention, despite being a pretty strong alternative to Google Analytics (I haven't had that many issues while self-hosting it either).
I have been using Matomo along side GA4 for a month now. The amount of useful data coming from Matomo, even anonymized, is more expansive and easier to access than GA4. Plus self-hosting was pretty easy and it keeps the data on our servers, which just feels right.
I deal with GDPR daily and the truth is that GDPR enforcement doesn't understand what is acceptable from a GDPR standpoint and that is likely why they are in the process of revamping it. You can also anonymize data and that is no longer considered personal data under GDPR so it is possible to hash an IP address and that be acceptable.
> You can also anonymize data and that is no longer considered personal data under GDPR so it is possible to hash an IP address and that be acceptable.
That's not completely true. Recital 26 of GDPR stipulates that
> “information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”
Hashing does not meet this threshold. If the same IP address is hashed using the same method, the result will always be the same, meaning it can be matched. Hashing is therefore considered pseudonimization and under GDPR, pseudonymized data is still considered personal data.
Moreover, the act of anonymization itself is a form of processing and therefore falls under the scope of GDPR. So even attempting to anonymize personal data doesn't remove GDPR obligations for the anonimyzation itself.
If the IP address is hashed somehow it would no longer be personally identifying while still being unique enough for analytics purposes, correct?
Does geographic grouping data depend on the IP address? If so I suppose it would need to be extracted first before hashing the IP, and I wonder how much that weakens the anonymization.
The jury is out on ip address vs GDPR. Hashed IP address is not anonymous, nor is last digit anonymization anonymous.
So, let's not bother with it. I can say all IP address are located in earth and someone would be offended because now we are invading their privacy by knowing which planet they are from. GDPR is not clear on IP address or IP address derived metadata. There is no case law for it, nor acceptable methodology and everyone is speculating about what are the consequences of and it is mostly just opinions from IANALs. GDPR is astrology for non-enterprise companies.
If you don't want to roll your own and don't care if its open source, I've used clicky.com for years. Simple, and shows everything I need. As others have said, it's a crowded market. Still cool though that people are launching these projects.
Check out our demo at https://demo.rybbit.io/1. We have a lot more features than Plausible, but they're still presented in a way that is intuitive to use. You shouldn't need to read pages and pages of documentation to be able to set up funnels on rybbit, for example.
Readit News
How do products like rybbit.io stay competitive without a similar free tier or major differentiation? Is rybbit generating revenue for its hosted plan?
Plausible - good for self-hosting, but their SaaS is very expensive and FOSS vs SaaS offering differ.
Ahrefs - they will use your traffic to improve your competitor research, you really should use them cautiously.
Matomo - feature rich but can be overwhelming.
Posthog - its SaaS is US based so dismissed early by EU customers.
Clarity, like GA has serious privacy issues.
Our product, Wide Angle Analytics, has its own gotchas compared to competitors - its opinionated and there are folks who do not agree with our opinions, but the landscape of websites is so vast that you find your client nevertheless.
That said, we are still in business after 4 years, and we saw few competitors disappear or get acquired and extinguished.
So, all the best to the OP. Hope you find your niche :)
I'm not super familiar with all of these products, so some of these ratings will be based on vibes
1-----------------10
OSS <-> Proprietary
Small business <-> Enterprise
Simplicity <-> Complexity
Web analytics <-> Product analytics
Privacy <-> No privacy
# Rybbit (me) - just launched $0
OSS/Proprietary - 2
I use AGPL 3.0 which isn't as permissive as MIT
Small business/Enterprise - 5
I definitely want enterprises to use Rybbit, but it's hard to target them at this stage
Simplicity/Complexity - 6.5
I think Rybbit is going to end up as one of the more feature-rich OS analytics tools, but I hope it stays easy to use (famous last words)
Web analytics/Product analytics - 4
Want to target both eventually, but my product analytics is weaker relatively
Privacy/No privacy - 3
Can be as GDPR compliant as others, but can also be configured to be a bit more invasive
# Posthog - ~15M ARR
OSS/Proprietary - 4
Have a bunch of enterprise licensed parts of their repo and they tell people in their docs to not self-host it because it's too difficult.
Small business/Enterprise - 8
Seems like they hook startups in with generous free tiers and then milk the unicorns that come out
Simplicity/Complexity - 10
The scope of Posthog is awe inspiring. They are literally 10 startups in 1
Web analytics/Product analytics - 8
I believe product analytics was their first feature
Privacy/No privacy - 7
I think they use cookies?
# Google Analytics
OSS/Proprietary - 10
Small business/Enterprise - 9
Free for everyone but it's clear they don't care about regular users that want to track their small site
Simplicity/Complexity - 8
If there was a dimension for usability it would be 11/10 totally unusable
Web analytics/Product analytics - 6
Not too sure about this one
Privacy/No privacy - 9
i mean it's google
# Mixpanel - $200m ARR
I'm the least familiar with this one
OSS/Proprietary - 9
Small business/Enterprise - 8
Simplicity/Complexity - 8
Web analytics/Product analytics - 9
Privacy/No privacy - 7
# Umami - unknown ARR (maybe 500K?)
OSS/Proprietary - 1
MIT license, no enterprise only features from what I see
Small business/Enterprise - 5
Seem to have some big names on their site
Simplicity/Complexity - 4
Web analytics/Product analytics - 5
Privacy/No privacy - 5 They claim GDPR compliance but I've self hosted it and they clearly fingerprint users without any obvious opt out.
# Plausible - ~2m ARR
OSS/Proprietary - 4
AGPL v3 and some a some enterprise features the community version doesn't have. Also they use Elixir so i doubt anyone actually reads it/s
Small business/Enterprise - 6
Have to be selling to enterprises with that ARR
Simplicity/Complexity - 3
Tool is very simple at the surface, but there's a lot of config options under the hood
Web analytics/Product analytics - 3
Mostly just web analytics
Privacy/No privacy - 2
This is a big focus for them
# Simple Analytics ~500k ARR
OSS/Proprietary - 8
Closed source, but they are an open startup that shares their financials
Small business/Enterprise - 3
They show some big names, but the creator is an indie hacker
Simplicity/Complexity - 2
Self explanatory
Web analytics/Product analytics - 2
Privacy/No privacy - 2
Very GDPR compliance focused
If this was a multi-dimensional vector, I'm trying to fill the space between something like Posthog and Plausible, where we are as open source as either of them and fill the missing space between extreme simplicity and extreme complexity.
Posthog has had an EU server for years. I'm not sure what you mean by this.
I started working on this 4 months ago and only publicly launched a few days ago.
As for monetization, I have no idea yet. I'm happy to collect stars for the time being. What do you think I should do?
It's (un)surprisingly common to end up with multiple website analytics products on the same site; marketing wants these two, another department wants another. When I had ghostery show the list of things it was blocking I often saw multiple, overlapping-feature-set analytics integrations being blocked on the same site.
Only one tool will be a 'source of truth' but a company using a combination of something like GA4 (Business source of truth), Mixpanel (product insights), and Clarity (Landing page analysis) is not unheard of.
The types of companies that use multiple services are also the types of companies that are likely spending $1,000s per month as well, so overall quite a profitable industry for many companies to operate in.
In my case, I am simply focused on the self-hosting niche, trying to make the best self-hosting experience. I have an advantage here, because most other tools earn their money from their cloud version, so they don't really want you to self-host, thus usually provide different "open-source" versions and rarely provide support for it.
Also, because "cloud-focused" analytics are built for scale, they are actually not optimal for tracking smaller amounts of traffic (most websites don't have millions of visitors per month), so they use more resources for running scale-proof stacks.
Also, with it being self-hosted, how are you chargin a monthly fee? If you are chargin for a monthly fee, can't the customer just remove the product licence validity check? e.g. they remove verification that they have purchased a licence?
Any insight highly appreciated.
Also the primary repo is not FOSS, and that "100% FOSS" repo is buried in yet another footnote [2].
Plausible follows in PH footsteps but is not fully faithful to open source. If you want to self host, you won’t have same set of features as their SaaS and need to rely on long term releases for their "community edition" [3]
On "Ahrefs", is there even an open source version of their product? I couldn’t easily find it (on mobile). [4]
Maybe I’ll take a look at others you mentioned later but if rybbit can remain faithful to their FOSS roots then I think there’s a real chance of it becoming huge.
For thosw that don’t want to self host (mostly corporate shitholes), rybbit can milk them with their managed SaaS product.
[1] https://github.com/PostHog/posthog?tab=readme-ov-file#self-h...
[2] https://github.com/PostHog/posthog?tab=readme-ov-file#open-s...
[3] https://github.com/plausible/analytics?tab=readme-ov-file#ca...
[4] https://ahrefs.com/
I tried to self host Posthog for my other project as it far exceeded even the generous free tier. I have a Hetzner bare metal server with 64gb of ram https://www.hetzner.com/dedicated-rootserver/ax42/ and it was running all 16 cores at 100% and didn't end up working. So I think Posthog's stack is just way too heavy to self host effectively, and it's just not in the same category as Plausible, Umami, or Rybbit.
I'm trying to build best OSS analytics out there - and even though it's super crowded, most non-trivial websites run one so there is space for everyone to survive in.
How would rybbit.io make money if they are only better at self hosting? Wouldn't the users they are targeting only self host anyways?
> "On "Ahrefs", is there even an open source version of their product? I couldn’t easily find it (on mobile)."
Not all of these companies are open source but they are still competitors because they have generous free tiers so the cost of self hosting an alternative wouldn't be justified.
I'm choking on the irony
> more than 90% of companies use PostHog for free.
https://posthog.com/pricing
What type of authentication would you need? A simple token in the embedding URL? Or you want a way in which you can publicly share the URL, but require a password/auth?
It's okay, but I probably wouldn't choose it again. The ease of setting up Dashboards and Panels is great at first, but you pay for it with a low ceiling of what you can do (without building around it) and a "we trust everyone" approach to security.
I've never used google analytics before. What's the marginal value over statsd?
You usually have:
All-in-one analytics: Posthog, Matomo, UXWizz (I made it!)
Simple analytics: Plausible, Umami
Qualitative analytics (heatmaps/recordings): Hotjar, Clarity, FullStory, Mouseflow, LuckyOrange, etc.
I think Clarity also added more analytics features, but you're still sending all your data to Microsoft.
Dead Comment
I know the true state of my site visitors: the vast majority of legit visitor traffic is from my own home IP, and my own mobile IP. Umami was the only one to show that.
It objectively won't.
Analytics tell you where your website isn't working, so you can fix it. Buttons you thought were obvious that users are blind to. Pages where nobody scrolls because they didn't realize there was more content. Figuring out where users get stuck because they don't understand the navigation you designed. Etc etc etc.
If you have a hobby website, then sure maybe analytics don't matter. But the idea that sites work better without analytics makes as much sense as saying you'll see better when you wear dark sunglasses.
What I am trying to say is that you can still do analytics, even pretty advanced stuff with some more elaborate scripting, if you want. The only thing you need is the access log.
Something which has been largely forgotten ever since tools like Urchin became a thing :)
<source: did fancy things with logs over the last 25 years, including running multiple tools on the same site in parallel to do comparisons (Analog, AWStats Urchin, GA, Omniture, homegrown, etc...)>
Not a single line of tracking or analytics on the front end, we just tracked everything we cared about at the server level.
For example, in the EU, you need user consent to use server logs that include IP addresses for analytics. You also need to provide post-consent opt-outs and privacy statements and audit logs and all off a sudden you're building another analytics tool.
Urchin was acquired by Google and was ultimately sunset in favor of Google Analytics. It supported local and hybrid analytics models, the later arguably evolved into Google Analytics.
In my experience, when analytics and the related ads tracking tools break, Marketing departments are revealed to be much more important than generally believed in the business.
Deleted Comment
I realize that this is probably the only way it could work but it is not clear to me that tracking by IP address (even over a single session and shredding the data once a day) is any better from a GDPR standpoint.
People seem to occasionally post cool new solutions, though it doesn't seem like Matomo has gotten that much attention, despite being a pretty strong alternative to Google Analytics (I haven't had that many issues while self-hosting it either).
That's not completely true. Recital 26 of GDPR stipulates that
> “information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”
Hashing does not meet this threshold. If the same IP address is hashed using the same method, the result will always be the same, meaning it can be matched. Hashing is therefore considered pseudonimization and under GDPR, pseudonymized data is still considered personal data.
Moreover, the act of anonymization itself is a form of processing and therefore falls under the scope of GDPR. So even attempting to anonymize personal data doesn't remove GDPR obligations for the anonimyzation itself.
Does geographic grouping data depend on the IP address? If so I suppose it would need to be extracted first before hashing the IP, and I wonder how much that weakens the anonymization.
So, let's not bother with it. I can say all IP address are located in earth and someone would be offended because now we are invading their privacy by knowing which planet they are from. GDPR is not clear on IP address or IP address derived metadata. There is no case law for it, nor acceptable methodology and everyone is speculating about what are the consequences of and it is mostly just opinions from IANALs. GDPR is astrology for non-enterprise companies.
There is, see C-582/14 which concludes that IP address, even dynamic, are personal data.
And some features aren't available 1:1 with the CE version of Plausible either.