privacy – Kownter https://blog.kownter.com Simple, private, self-hosted, cookie free website analytics...one day...maybe Thu, 10 May 2018 22:08:28 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.2 Tracking return visits with The Anonymous Cookie https://blog.kownter.com/2018/05/10/tracking-return-visits-with-the-anonymous-cookie/ Thu, 10 May 2018 22:08:28 +0000 https://blog.kownter.com/?p=65 Read more]]> I’m still working through the pros and cons of using cookies.

On the one hand, they seem like they will allow some super-useful things at relatively low cost, such as tracking a returning visitor in order to show “visitors” and “unique visitors”.

But adding non-essential cookies (analytics are classed as non-essential) means that, in theory, if you’re in the EU you’re supposed to have informed, but not explicit consent for that cookie, which I read as: “you need a pop-up, but not a checkbox”.

A session cookie is, I believe, an “online identifier” and this is personally identifiable and subject to DPA or GDPR in the UK/EU (though I would argue that because you can’t perform a lookup on the session ID it’s not, but who am I to argue). So session cookies aren’t great for tracking (and wouldn’t scale). But nor is any other unique ID stored in a cookie and sent to the server.

There’s been a great conversation about this topic in a GitHub issue in Kownter’s competitor/collaborator  Fathom (I love them, it’s all good). And I’ve realised (yeah, took a while!) that you don’t need an ID in the cookie.  You can just set tracked_with_kownter = 1 or whatever, and that will identify a returning visitor to the site you’re tracking.

So the next step is: what can I put in the cookie that is anonymous, but useful?

 

]]>
Thoughts on WHAT to track and report https://blog.kownter.com/2018/02/26/thoughts-on-what-to-track-and-report/ Mon, 26 Feb 2018 09:05:06 +0000 https://blog.kownter.com/?p=13 Read more]]> I’ve been thinking about not just HOW to track, but WHAT to track. And these are related. My tracking method will, to some extent, dictate what I can track.  For example, using a simple pixel image or reference to a URL in HTML or CSS will not be able to send me the URL of the referring page.

And in meeting my goal of not using cookies and not keeping any personally identifiable information, I won’t be able to track users paths through a website.

This is perfectly OK for some applications. It’s not OK for everyone, but if you need that level of detail, we can still report the ratio of conversions against page views.

I wasn’t going to add event tracking, but maybe I’ll add events after all to help with this.  This WILL require a JS tracking code to be installed.

We’ll see.  Initially I’m happy with views per page over time, browser usage metrics and referring pages/traffic sources. None of these need personally identifiable information. It’s all anonymised and aggregate.

IP’s are personally identifiable information and will be logged in server logs (unless I turn this off), but I’ve seen it argued that, as long as your careful with log rotation and deletion (including backups), there’s a case for keeping this data temporarily without consent.

]]>