Don't be coy. Call it what it is - an analytics service.
And as such it falls largerly in the same bucket as GA, because if someone's using Simple Analytics, my surfing data - against my wishes - is being shared with some random third party. Whether it's less, more or comparably evil as GA is secondary.
It's disingenuous to have problems with websites collecting entirely anonymous browsing data -- that goes beyond any arguments for privacy and just steers into "yelling at clouds" territory.
In what way? I agree that personally tracking an individual and using psychology tricks and whatnot to trick them into buying stuff is bad, but if it's just a company knowing what works well for them, I don't see the argument.
Information is valuable, but it is not holy.
Analytics isn't that. Analytics is tracking a customer walking into the store and looking for which store they came from. Analytics is noting down how long a customer spent holding a blue item, if they looked at a big red item, and noting it down because it might matter. Analytics is seeing how the customer went back and forth between one aisle and another. Whether looking at one item made them less inclined to look at the next. Analytics is hoarding all of that information and keeping it even if the customer doesn't make a purchase.
Of course stores have been looking at how and why and when customers shop for years, but through consensual studies. They learnt to put the fruit at the entrance and the sweets at the exit. They learnt to put their high value items at eye level. And they didn't do it through spying and analysing the behaviours of everyone walking through their doors. They didn't keep years of CCTV with the sole excuse that they might want to see how long you lingered between deciding on diaper brands.
The web has no excuse.
How, you don't enter your name when you pay with cash.
Also in EU is illegal to share any personal info in physical world too, say you go and make a subscription to a gym they can't share your data with a third party unless they make you sign a paper first.
Edit:typos
You don't need to be identified by name, just by a "fingerprint". If you go there regularly you will be identified by your "fingerprint".
"Oh, it's that one privacy nut again who always wears sunglasses and a hoodie and only pays in cash"
(By the way, a gym can and usually does share contract data including personal information with numerous third-parties such as external bookkeepers. This is legal under the GDPR without explicit consent.)
GDPR requires data sharing to be done for a defined purpose.
The purpose of sharing data with an external company bookkeeper for bookkeeping is not remotely connected to any purpose an analytics service fulfills. So while the shared data is capable of the same insights, it's explicitly illegal for it to be processed that way without a defined purpose (which is it's own can of worms).
>entirely anonymous browsing data
It's never entirely anonymous, because how useful data is, is inversely related to how anonymous it is.
ergo it would only be truly anonymous if it was truly useless.
I think you are wrong. What they receive is a set of purchases in a given period of time that allow them to make many important decisions (when people buy most, what purchases are more likely on a given date etc.) but there is no way of finding out my shopping habits.
Extreme case: you are the only person that ever buys product X around time Y, so that fact can be used as an anchor to build a profile.
You need to be way more paranoid if you want to be a true privacy warrior.
There is a big difference between "a person's surfing data" or "surfing data of all visitors combined". That's what we promise with Simple Analytics.
[1] https://blog.simpleanalytics.com/why-simple-analytics-is-a-g...
I'm OK with websites using self-hosted tools such as Matomo as long as the data never leaves their servers. Analytics is important to any business. But I choose to do business with said business, not with Shopify, not with Google, not with Facebook or Twitter (I'm looking at those "sign in with" widgets that run social media code in my browser) or whatever 3rd party "SaaS" service the website is outsourcing my data to for ease of development or convenience. I don't consent to my data being shared with people I don't know about and did not consent to give a single shred of my information to.
What you're asking for would require a fundamental restructuring of the internet, and of software business models, and a lot of other stuff. I can't see that happening any time soon.
In the meantime you can try using Tor, but good luck not getting blocked on half the websites you want to visit - and you can't blame the website for that (they need DDoS/spam defence).
This is kind of ridiculous in the cloud era, isn't it?
The analogy with external accountant up this thread is a good one. It's not about where data are processed, it's about how it's used.
So do you want “we want to load JS from a CDN like literally everyone does, is that okay” popups on every website?
Arguably, they provide code that can be run in your browser, but your browser chooses to run it. And since your browser is a user agent, you choose to run the code by way of installing and configuring a browser that makes that choice by default.
You might never know that they backfeed data into external analytics services. Under this assumption, wouldn't you need to stop using _any_ website, at all?
It's not an "also" analytics service. It _is_ an analytics service.
If a website poped a question saying "Do you consent to your visit data being passed to Simple Analytics for processing?", how many people would say Yes? Close to zero. Just look at the stats on 3rd party cookie refusals - when done easily, the refusal rates are in high 90%. People may be lazy, but they sure as heck know they don't want to be tracked IF it's actually mentioned.
So what you offer is a GA alternative that makes website operators feel better about themselves for not using the GA. The situation with the visitors remains exactly the same - the still getting shafted with something that none of them wants.
The only way to do analytics in a way that's respectful to the visitors' privacy is with an installable on-host software. That's it.
This is an argument taken to a naive extreme. You can't expect every business to also be in the business of analytics, it's not realistic. There's a reason companies have business partners who specialize in certain services.
It's why you have accountants, lawyers, marketers, etc.. Not every company can afford to have all these specialists on payroll, so you work with a service provider that lets you afford the services in a fractional way. You give them access to your data, including customer data sometimes, and in return they provide you with insights and information from that data.
Analytics is just another service provider like that.
You should of course work with a reliable and trusted partner that treats your customer data appropriately and has strong privacy guarantees.
The problem with GA is not "third party", it's "third party that uses my data for its own purposes" because that's the actual cost of using a free service.
Saying "no third parties at all" is not how businesses have operated since forever.
The difference with GA is that GA offers to fill this need of website owners for free while it actually processes and sells the visitors data for immoral ends. The whole "the customer is the product" deal.
I don't understand why simply sending data from one server to another is seen as such a big deal, the problem with Google and Facebook and the rest is how they build extremely detailed personal profiles that they use to cause social harm. Surely that is very different from tracking which pages get the most views or how much time - on average - people spend on your website?
How is that more respectful? I can fingerprint you pretty much the same with server logs (IP, user-agent, ...), don't I? I can even use cookies without any JS.
In this case, Google is non-compliant but the gp's service/tool does appear to be. I think you're underplaying the distinction here quite severely.
TL;DR this is about what's illegal, not what's "evil".
Matomo is the privacy-friendly analytics tool that comes to my mind anyway.
(I have nothing to do with Matomo other than I used PhpMyVisites a few years ago. It had time to change its name twice since then)
If you walk into a grocery store, and cameras record which aisle you walk down, which items you stop to look at and which things you buy. Is that legal?
What if the cameras block out your face and all identifying features. Is that legal?
Do you own a blob of a person walking down an aisle? Does the grocery store?
In the EU, this would fall under the same data protection regulation as websites, and other local regulations regarding camera surveillance. In short, a store owner can't just secretly record customers.
Do they have to get explicit consent from each customer and save that info for audits?
