I've used goatcounter on my site for more than a year and have been very happy with it.
I don't need anything complex- I want to know if any pages are getting big traffic and it's nice to know which external links are getting clicked the most. Because I'm very low volume and non-commercial, I can use their free hosted service without guilt.
One warning: the site claims you don't need a "cookie popup" since it doesn't use cookies. That's false. The ePrivacy directive states that reading or writing any data from the user device other than for the purpose of serving the site needs permission.
This thing uses the user agent string and IP to identify users, so you need a permission popup. It's great that they put much effort into not storing those things, using hashes etc, but that does not remove the requirement for permission under the ePrivacy directive.
At this point, why doesn't the browser implement the cookie popup so every site doesn't have to re-invent it? Just don't allow access to cookies programmatically until the user has allowed it via the browser's built-in popup.
This already happens for things like notifications and location access, is this something being worked on for the future?
Spot on. The author acknowledges that cookies are actually more privacy friendly, but then concludes with “it is what it is”. Kind of disappointing.
This is my major gripe with all the privacy friendly analytics (disclaimer: I authored two, namely Fathom when it was still open-source and Koko Analytics) tools that submerged over the past few years. Elaborate work went into bypassing cookies, only to make things worse from a privacy perspective in the end.
I don't know how bypassing cookies does literally anything, at least not since the GDPR came into effect (let alone ePrivacy). It doesn't matter if the data is collected via cookie, header, HTTP request or carrier pigeon. If you're processing, storing or transferring PII for non-functional (read: immediately necessary to provide the service the user specifically requested) purposes, you need revokable consent via opt-in and you need to be able to provide information to the user about what data you collected and what you did with it.
Now that the GDPR and ePrivacy are in effect, PII is radioactive. You need containment, handling and disposal procedures, you need to allow users to inspect it at any time and if you accidentally expose anyone to it that's a major emergency incident.
Very cool thanks for whoever posted. One of the best parts of HN is if you kind of just wait long enough you'll see a post for something you low key need/were looking for.
It's just not the same as web searching for "open source/self hosted web analytics" (even though goat counter is top 10 results for that search on ggle hehe)
For some basic analytics a la "I want to know which of my blog posts are read the most", I highly recommend GoAccess[1]. It doesn't require JavaScript and uses access logs instead. There are of course some pros and cons of that approach. When I've migrated from Google Analytics a few years ago, I've ran both at the same time for a while, and the relative numbers were pretty close.
Lots of people making open source web analytics recently, Plausible, Fathom, Umami, and now GoatCounter. I have one of these for my sites but I honestly don't really look at it, it's not critical really.
Now I was thinking of making an analytics solution for tracking site performance instead, like an uptime monitor mixed with tracking how long sites are taking to resolve, and from which areas of the world. As well, something like tracking user events too, like Mixpanel, but a lot easier to use rather than their enterprise solution. Is that something people would find useful?
The biggest shortcoming here, from what I can tell, is custom event tracking (eg, click tracking). That was a high priority for us when we moved some projects from GA/universal.
It took less than five minutes to create an account and get my blog updated with GC tracking. Love the early early web look of the site too. Thanks for the share!
Given the extreme complexity of the modern CPU chips and the parallelism of their internal processes, as well as the fact that the “architecture” (the instruction set, registers, etc.) is now far removed from how things are done at the hardware level, - does the notion of a “CPU cycle” still make sense?
I tried self hosting it, but could never log in. I would even follow the password reset emails that tell me the password was changed, but then login never worked. I wish I could have gotten it to work, but ended up giving up on it.
Out of curiosity, I just checked: ~/goatcounter-files on my VPS was created 2021-03-12, and that was also the last time I thought about it beyond checking the stats. Great, very stable piece of software.
I was so sick of using GA for my personal projects and found GC to use as a simpler approach. I LOVE this tool. It is so simple and easy to use and has everything I need for simple stuff.
Hi Jamie, check out https://uxwizz.com , I made it, it's most similar to Matomo, but it includes some of their cloud-only/premium features in the (paid) self-hosted version.
My mistake. As I said I only guessed based on a brief look at both homepages and the self hosting was not visibly advertised as an option when I had a look but I stand corrected.
Ah - their use of EUPL was actually modified so it is only compatible with "AGPL v3 and OSL v2.1, v3.0" (https://github.com/arp242/goatcounter/blob/master/LICENSE). So really it seems this should be considered as licensed as those two.
The EUPL is copyleft for any derivative work (as defined by EU law) so the scope of copyleft is not clearly defined.
But EU law allows linking without producing a derivative work [1] "linking two programs does not produce a single derivative of both (each program stay covered by its primary licence)".
So this is weak copyleft. It's something like LGPL with network protection.
They have modified the EUPL license though, which means they have created another license which is incompatible with EUPL. I believe they should use a different name for the modified license. This is confusing.
> So really it seems this should be considered as licensed as those two.
If you create a different work based on the original (EUPL licensed) work and some AGPL code, you still have to abide by the EUPL but you license the resulting work as AGPL, so others have to abide by the AGPL only.
I don't need anything complex- I want to know if any pages are getting big traffic and it's nice to know which external links are getting clicked the most. Because I'm very low volume and non-commercial, I can use their free hosted service without guilt.