How can I make usage statistics of a website without breaching privacy?

I am running a small static website and would like to see statistics about unique visits. My understanding of popular solutions such as Google Analytics is that they track an excessive amount of user data I am not interested in. I would prefer to only count the number of unique visits and not collect any further data in order not to scare away privacy-conscious users. For the sake of making it easier to comply with the GDPR I would prefer not to share personal data with a third party; I would rather go for a self-hosted solution. Currently, I do not process any data for which I need user consent. It would be greatly appreciated if a solution would not change that and require me to add a "cookie banner".


this task is very hard even if you want to track their GDPR relevant data. If a person connects from a different device, their IP and cookie is usually different. Also, how to treat the same IP with different cookie? Or double visits? The questions are endless and there is no one size fits all solution
Ondrej Brichta - Mon, 12/20/2021 - 11:19 :::
3 answers

I strongly recommend examining some of the key federal laws affecting online privacy:
1. The Federal Trade Commission Act (FTC)[1914]
2. Electronic Communications Privacy Act (ECPA) [1986]
3. Computer Fraud & Abuse Act (CFAA) [1986]
4. Children’s Online Privacy Protection Act (COPPA) [1998]
5. Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003]
6. Financial Services Modernization Act (GLBA) [1999]
7. Fair and Accurate Credit Transactions Act (FACTA) [2003]


For small web applications, I can recommend where you can just enter your URL and get the data you are looking for. Maybe not the solution in the long run but if you just want a number it is great.

GoatCounter is an open-source solution to this problem that respects privacy concerns and can be self-hosted. It calculates a hash of a site identifier, the user agent and the IP for each request. That way, unique visitors can be counted without saving any data from which a person could be identified. Unfortunately, this approach is somewhat imprecise since IPs are transient. A user who changes the wireless network also changes their IP address. However, there seems to be no correction for this that does not involve collecting a whole lot more data.


Great option without too much of a hassle, especially regarding the avoidance of GDPR compliance popups. The transient IP "issue" personally does not seem that big of a deal to me,, especially considering the use case.

Sascha Pleßberger - Mon, 12/13/2021 - 15:03 :::

It is very difficult to find something that also takes into account the legal aspect. I will most definitely keep this tool in mind in case I ever need it. Thanks for sharing this!

Anna Lackinger - Wed, 12/15/2021 - 13:27 :::