There is a big difference between "a person's surfing data" or "surfing data of all visitors combined". That's what we promise with Simple Analytics.
[1] https://blog.simpleanalytics.com/why-simple-analytics-is-a-g...
I'm OK with websites using self-hosted tools such as Matomo as long as the data never leaves their servers. Analytics is important to any business. But I choose to do business with said business, not with Shopify, not with Google, not with Facebook or Twitter (I'm looking at those "sign in with" widgets that run social media code in my browser) or whatever 3rd party "SaaS" service the website is outsourcing my data to for ease of development or convenience. I don't consent to my data being shared with people I don't know about and did not consent to give a single shred of my information to.
What you're asking for would require a fundamental restructuring of the internet, and of software business models, and a lot of other stuff. I can't see that happening any time soon.
In the meantime you can try using Tor, but good luck not getting blocked on half the websites you want to visit - and you can't blame the website for that (they need DDoS/spam defence).
[1]: https://europa.eu/youreurope/citizens/consumers/internet-tel...
This is kind of ridiculous in the cloud era, isn't it?
The analogy with external accountant up this thread is a good one. It's not about where data are processed, it's about how it's used.
But I agree with your conclusion: what matters is how it's being used. In this case - whether you share/sell it to others or not.*
[*] But not only: it also matters if you take adequate care in protecting personally identifiable information or not.
The problem with Google Analytics here is not that it's a third-party but that it's under US control.
So do you want “we want to load JS from a CDN like literally everyone does, is that okay” popups on every website?
- reduces the number of TCP connections - reduced the risk of failure if the relevant edge node can't be reached
Browsers don't support cross-site caching of 3rd-party content so whatever limited benefits there might have been of using a library CDN are long gone
It's about getting jquery physically closer to your users. And sure upload it to your "own" CDN that you pay Azure or whoever for.
Well, carry on and load it, it's your server.
Oh, wait, you mean you want ME to load it, into MY browser? That's a problem - my browser only loads JS from the origin server, and only if I give it explicit permission.
As a developer, I deplore the use of CDNs to serve javascript libraries; you don't know what the CDN is going to serve to your users, it could change without warning and break your site.
https://developer.mozilla.org/en-US/docs/Web/Security/Subres...
Arguably, they provide code that can be run in your browser, but your browser chooses to run it. And since your browser is a user agent, you choose to run the code by way of installing and configuring a browser that makes that choice by default.
You might never know that they backfeed data into external analytics services. Under this assumption, wouldn't you need to stop using _any_ website, at all?
It's not an "also" analytics service. It _is_ an analytics service.
If a website poped a question saying "Do you consent to your visit data being passed to Simple Analytics for processing?", how many people would say Yes? Close to zero. Just look at the stats on 3rd party cookie refusals - when done easily, the refusal rates are in high 90%. People may be lazy, but they sure as heck know they don't want to be tracked IF it's actually mentioned.
So what you offer is a GA alternative that makes website operators feel better about themselves for not using the GA. The situation with the visitors remains exactly the same - the still getting shafted with something that none of them wants.
The only way to do analytics in a way that's respectful to the visitors' privacy is with an installable on-host software. That's it.
This is an argument taken to a naive extreme. You can't expect every business to also be in the business of analytics, it's not realistic. There's a reason companies have business partners who specialize in certain services.
It's why you have accountants, lawyers, marketers, etc.. Not every company can afford to have all these specialists on payroll, so you work with a service provider that lets you afford the services in a fractional way. You give them access to your data, including customer data sometimes, and in return they provide you with insights and information from that data.
Analytics is just another service provider like that.
You should of course work with a reliable and trusted partner that treats your customer data appropriately and has strong privacy guarantees.
The problem with GA is not "third party", it's "third party that uses my data for its own purposes" because that's the actual cost of using a free service.
Saying "no third parties at all" is not how businesses have operated since forever.
Privacy-respecting analytics should be self-hosted. No one's arguing against an average business using an analytics service, but that shouldn't be bundled with any "privacy" monickers.
If Simple Analytics were pitched as "not a Google Analytics", this would've been perfectly fine. But they insist on the privacy angle and it just demonstrates they don't grok what tracking concerns are about.
You're clearly a tech person so maybe it feels self-evident or easy for you to do that, just like taxes and law seem self-evident to accountants and lawyers, but the average business owner doesn't have time or money - or the skills - to figure all that out on their own, so they hire a service provider.
Do you think accountants and lawyers come to the business and work on their computers exclusively? No, they receive copies of the confidential business data and work on it within their own business environment.
And do you think accountants and lawyers don't include "privacy" in their pitch?
How is that different from analytics saying "we will keep any data you share with us private, and for your use only".
Based on your argument, as a business owner I should purchase and co-locate my own server, because even if I self-hosted my analytics, I'm storing that data on a third party server owned by my hosting provider!
The difference with GA is that GA offers to fill this need of website owners for free while it actually processes and sells the visitors data for immoral ends. The whole "the customer is the product" deal.
I don't understand why simply sending data from one server to another is seen as such a big deal, the problem with Google and Facebook and the rest is how they build extremely detailed personal profiles that they use to cause social harm. Surely that is very different from tracking which pages get the most views or how much time - on average - people spend on your website?
The only real advantage Simple Analytics has here is that they aren't Google, so they aren't as much of a political target and don't have deep pockets to attract legal predators on the lookout for an oversize payout—which is a pretty thin justification for treating them any differently.
The advantage of a service like Simple Analytics remains; it does not store or process any user data.
How is that more respectful? I can fingerprint you pretty much the same with server logs (IP, user-agent, ...), don't I? I can even use cookies without any JS.
