Recherche avancée

Sur d’autres sites (6499)

• The 7 GDPR Principles : A Guide to Compliance

  11 août 2023, par Erin — Analytics Tips, GDPR

  We all knew it was coming. It’s all anyone could talk about — the General Data Protection Regulation (GDPR) took effect on 25 May 2018. 

  You might think five years would have been plenty of time for organisations to achieve compliance, yet many have failed to do so. As of 2022, 81% of French businesses and 95% of American companies were still not compliant.

  If you’re one of these organisations still working on compliance, this blog will provide valuable information about the seven GDPR principles and guide you on your way to compliance. It will also explore how web analytics tools can help organisations improve transparency, ensure data security and achieve GDPR compliance.

  What is GDPR ?

  The European Union (EU) created the General Data Protection Regulation (GDPR) to grant individuals greater control over their data and promote transparency in data processing. 

  Known by many other names across Europe (e.g., RGPD, DSGVO, etc.), the GDPR created a set of rules surrounding the handling of personal data of EU citizens and residents, to make sure organisations aren’t being irresponsible with user names, locations, IP addresses, information gleaned from cookies, and so on. 

  Organisations must assume several responsibilities to achieve GDPR compliance, regardless of their physical location. These obligations include :

  • Respecting user rights
  • Implementing documentation and document retention policies
  • Ensuring data security 

  Why is GDPR compliance important ?

  Data has become a valuable asset for businesses worldwide. The collection and use of data is a feature of almost every sector. However, with increased data usage comes a greater responsibility to protect individuals’ privacy and rights. 

  A YouGov study conducted in 17 key markets found that two in three adults worldwide believe tech corporations across all markets have too much control over their data.

  

  GDPR is the most extensive government framework aiming to tackle the increasing concern over data collection and handling. GDPR safeguards personal data from misuse, unauthorised access and data breaches. It ensures that businesses handle information responsibly and with respect for individual privacy. It also provided a foundation for similar laws to be created in other countries, including China, which is among the least concerned regions (56%), along with Sweden (54%) and Indonesia (56%).

  GDPR has been pivotal in safeguarding personal data and empowering individuals with more control over their information. Compliance with GDPR builds trust between businesses and their customers. Currently, 71% of the countries in the world are covered by data protection and privacy legislation.

  What are the risks of non-compliance ?

  We’ve established the siginficance of GDPR, but what about the implications — what does it mean for your business ? The consequences of non-compliance can be severe and are not worth being lax about. 

  According to Article 83 of the GDPR, you can be penalised up to 4% of your annual global revenue or €20 million, whichever is higher, for violations. For smaller businesses, such substantial fines could be devastating. Non-compliance could even result in legal action from individuals or data protection authorities, leading to further financial losses.

  Potential outcomes are not just legal and financial. GDPR violations can significantly damage your reputation as a company. Non-compliance could also cost you business opportunities if your policies and processes do not comply and, therefore, do not align with potential partners. Customers trust businesses that take data protection seriously over those that do not.

  

  Finally, and perhaps the most timid outcome on the surface, individuals have the right to complain to data protection authorities if they believe you violate their data rights. These complaints can trigger an investigation, and if your business is found to be breaking the rules, you could face all of the consequences mentioned above. 

  You may think it couldn’t happen to you, but GDPR fines have collectively reached over €4 billion and are growing at a notable rate. Fines grew 92% from H1 2021 compared with H1 2022. A record-breaking €1.2 billion fine to Meta in 2023 is the biggest we’ve seen, so far. But smaller businesses can be fined, too. A bank in Hungary was fined €1,560 for not erasing and correcting data when the subject requested it. (Individuals can also be fined in flagrant cases, like a police officer fined €1,400 for using police info for private purposes.)

  

  The 7 GDPR principles and how to comply

  You should now have a good understanding of GDPR, why it’s important and the consequences of not being compliant. 

  Your first step to compliance is to identify the personal data your organisation processes and determine the legal basis for processing each type. You then need to review your data processing activities to ensure they align with the GDPR’s purpose and principles.

  There are seven key principles in Article 5 of the GDPR that govern the lawful processing of personal data :

  Lawfulness, fairness and transparency

  This principle ensures you collect and use data in a legal and transparent way. It must be collected with consent, and you must tell your customers why you need their data. Data processing must be conducted fairly and transparently. 

  How to comply

  • Review your data practices and identify if and why you collect personal data from customers.
    • Learn what personally identifiable information (PII) is.
  • Update your website and forms to include a clear and easy-to-understand explanation of why you need their data and what you’ll use it for.
  • Obtain explicit consent from individuals when processing their sensitive data.
  • Add a cookie consent banner to your website, informing users about the cookies you use and why.
    • Website analytics tools like Google Analytics and Matomo offer the ability to create cookie consent banners and integrate with Consent Management Platforms (CMPs) to manage user consent and privacy settings.
    • Matomo also offers a setting without tracking cookies, in which case you would not need to add the cookie consent banner. 
  • Privacy notices must be accessible at all times. 
  • To ensure your cookies are GDPR compliant, you must :
    • Get consent before using any cookies (except strictly necessary cookies). 
    • Clearly explain what each cookie tracks and its purpose.
    • Document and store user consent.
    • Don’t refuse access to services if users do not consent to the use of certain cookies.
    • Make the consent withdrawal process simple. 

  Use tools like Matomo that can be configured to automatically anonymise data so you don’t process any personal data.

  Purpose limitation

  You can only use data for the specific, legitimate purposes you told your visitors, prospects or customers about at the time of collection. You can’t use it for anything else without asking again. 

  How to comply

  • Define the specific purposes for collecting personal data (e.g., processing orders, sending newsletters).
  • Ensure you don’t use the data for any other purposes without getting explicit consent from the individuals.

  Data minimisation

  Data minimisation means you should only collect the data you need, aligned with the stated purpose. You shouldn’t gather or store more data than necessary. Implementing data minimisation practices ensures compliance and protects against data breaches.

  How to comply

  • Identify the minimum data required for each purpose.
  • Conduct a data audit to identify and eliminate unnecessary data collection points.
  • Don’t ask for unnecessary information or store data that’s not essential for your business operations.
  • Implement data retention policies to delete data when it is no longer required.

  Accuracy

  You are responsible for keeping data accurate and up-to-date at all times. You should have processes to promptly erase or correct any data if you have incorrect information for your customers.

  How to comply

  • Implement a process to regularly review and update customer data.
  • Provide an easy way for customers to request corrections to their data if they find any errors.

  Storage limitation

  Data should not be kept longer than necessary. You should only hold onto it for as long as you have a valid reason, which should be the purpose stated and consented to. Securely dispose of data when it is no longer needed. There is no upper time limit on data storage. 

  How to comply

  • Set clear retention periods for the different types of data you collect.
  • Develop data retention policies and adhere to them consistently.
  • Delete data when it’s no longer needed for the purposes you specified.

  Integrity and confidentiality

  You must take measures to protect data from unauthorised or unlawful access, like keeping it locked away and secure.

  How to comply

  • Securely store personal data with encryption and access controls, and keep it either within the EU or somewhere with similar privacy protections. 
  • Train your staff on data protection and restrict access to data only to those who need it for their work.
  • Conduct regular security assessments and address vulnerabilities promptly.

  Accountability

  Accountability means that you are responsible for complying with the other principles. You must demonstrate that you are following the rules and taking data protection seriously.

  How to comply

  • Appoint a Data Protection Officer (DPO) or someone responsible for data privacy in your company.
  • Maintain detailed records of data processing activities and any data breaches.
  • Data breaches must be reported within 72 hours.

  Compliance with GDPR is an ongoing process, and it’s vital to review and update your practices regularly. 

  What are GDPR rights ?

  Individuals are granted various rights under the GDPR. These rights give them more control over their personal data.

  

  The right to be informed : People can ask why their data is required.

  What to do : Explain why personal data is required and how it will be used.

  The right to access : People can request and access the personal data you hold about them.
  What to do : Provide a copy of the data upon request, free of charge and within one month.

  The right to rectification : If data errors or inaccuracies are found, your customers can ask you to correct them.
  What to do : Promptly update any incorrect information to ensure it is accurate and up-to-date.

  The right to object to processing : Your customers have the right to object to processing their data for certain purposes, like direct marketing.
  What to do : Respect this objection unless you have legitimate reasons for processing the data.

  Rights in relation to automated decision-making and profiling : GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it significantly impacts them.
  What to do : Offer individuals the right to human intervention and express their point of view in such cases.

  The right to be forgotten : Individuals can request the deletion of their data under certain circumstances, such as when the data is no longer necessary or when they withdraw consent.
  What to do : Comply with such requests unless you have a legal obligation to keep the data.

  The right to data portability : People can request their personal data in a commonly used and machine-readable format.
  What to do : Provide the data to the individual if they want to transfer it to another service provider.

  The right to restrict processing : Customers can ask you to temporarily stop processing their data, for example, while they verify its accuracy or when they object to its usage.
  What to do : Store the data during this period but do not process it further.

  Are all website analytics tools GDPR compliant ?

  Unfortunately, not all web analytics tools are built the same. No matter where you are located in the world, if you are processing the personal data of European citizens or residents, you need to fulfil GDPR obligations.

  While your web analytics tool helps you gain valuable insights from your user base and web traffic, they don’t all comply with GDPR. No matter how hard you work to adhere to the seven principles and GDPR rights, using a non-compliant tool means that you’ll never be fully GDPR compliant.

  When using website analytics tools and handling data, you should consider the following :

  Collection of data

  Aligned with the lawfulness, fairness and transparency principle, you must collect consent from visitors for tracking if you are using website analytics tools to collect visitor behavioural data — unless you anonymise data entirely with Matomo.

  

  To provide transparency, you should also clarify the types of data you collect, such as IP addresses, device information and browsing behaviour. Note that data collection aims to improve your website’s performance and understand your audience better.

  Storage of data

  Assure your visitors that you securely store their data and only keep it for as long as necessary, following GDPR’s storage limitation principle. Clearly state the retention periods for different data types and specify when you’ll delete or anonymise it.

  Usage of data

  Make it clear that to comply with the purpose limitation principle, the data you collect will not be used for other purposes beyond website analytics. You should also promise not to share data with third parties for marketing or unrelated activities without their explicit consent. 

  Anonymisation and pseudonymisation

  Features like IP anonymisation to protect users’ privacy are available with GA4 (Google Analytics) and Matomo. Describe how you use these tools and mention that you may use pseudonyms or unique identifiers instead of real names to safeguard personal data further.

  Cookies and consent

  Inform visitors that your website uses cookies and other tracking technologies for analytics purposes. Matomo offers customisable cookie banners and opt-out options that allow users to choose their preferences regarding cookies and tracking, along with cookieless options that don’t require consent banners. 

  Right to access and correct data

  Inform visitors of their rights and provide instructions on requesting information. Describe how to correct inaccuracies in their data and update their preferences.

  Security measures

  Assure visitors that you take data security seriously and have implemented measures to protect their data from unauthorised access or breaches. You can also use this opportunity to highlight any encryption or access controls you use to safeguard data.

  Contact information

  Provide contact details for your company’s Data Protection Officer (DPO) and encourage users to reach out if they have any questions or concerns about their data and privacy.

  When selecting web analytics tools, consider how well they align with GDPR principles. Look for features like anonymisation, consent management options, data retention controls, security measures and data storage within the EU or a similarly privacy-protecting jurisdiction. 

  Matomo offers an advanced GDPR Manager. This is to make sure websites are fully GDPR compliant by giving users the ability to access, withdraw consent, object or erase their data, in addition to the anonymizing features. 

  And finally, when you use Matomo, you have 100% data ownership — stored with us in the EU if you’re using Matomo Cloud or on your own servers with Matomo On-Premise — so you can be data-driven and still be compliant with worldwide privacy laws. We are also trusted across industries as we provide accurate data (no trying to fill in the gaps with AI), a robust API that lets you connect your data to your other tools and cookieless tracking options so you don’t need a cookie consent banner. What’s more, our open-source nature allows you to explore the inner workings, offering the assurance of security firsthand. 

  Ready to become GDPR compliant ?

  Whether you’re an established business or just starting out, if you work with data from EU citizens or residents, then achieving GDPR compliance is essential. It doesn’t need to cost you a fortune or five years to get to compliant status. With the right tools and processes, you can be on top of the privacy requirements in no time at all, avoiding any of those hefty penalties or the resulting damage to your reputation. 

  You don’t need to sacrifice powerful data insights to be GDPR compliant. While Google Analytics uses data for its ‘own purposes’, Matomo is an ethical alternative. Using our all-in-one web analytics platform means you own 100% of your data 100% of the time. 

  Start a 21-day free trial of Matomo — no credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• Choosing the best self-hosted open-source analytics platform

  16 juillet, par Joe

  Google Analytics (GA) is the most widely used analytics platform, with 50.3% of the top 1 million active websites using it today. You’re probably using it right now. 

  But despite being a free tool, Google Analytics is proprietary software, which means you’re handing over your browsing data, metadata and search history to a third party.

  Do you trust them ? We sure don’t.

  This lack of control can lead to potential privacy risks and compliance issues. These issues have so far resulted in fines under the EU’s General Data Protection Regulation (GDPR) of an average of €2.5 million each, for a total of almost €6.6 billion since 2018.

  Open-source analytics platforms offer a solution. They’re a safer and more transparent alternative that lets you retain full control over how you collect and store your customers’ data. But what are these tools ? Where do you find them ? And, most importantly, how do you choose the best one for your needs ?

  This guide explores the benefits and features of open-source analytics platforms and compares popular options, including Matomo, a leading self-hosted, open-source Google Analytics alternative.

  What is an open-source analytics platform ?

  An analytics platform is software that collects, processes and analyses data to gain insights, identify trends, and make informed decisions. It helps users understand past performance, monitor current activities and predict future outcomes.

  An open-source analytics platform is a type of analytics suite in which anyone can view, modify and distribute the underlying source code.

  In contrast to proprietary analytics platforms, where a single entity owns and controls the code, open-source analytics platforms adhere to the principles of free and open-source software (FOSS). This allows everyone to use, study, share, and customise the software to meet their needs, fostering collaboration and transparency.

  Open-source analytics and the Free Software Foundation

  The concept of FOSS is rooted in the idea of software freedom. According to the Free Software Foundation (FSF), this idea is defined by four fundamental freedoms granted to the user the freedom to :

  • Use or run the program as they wish, for any purpose.
  • Study how the program works and change it as they wish.
  • Redistribute copies to help others.
  • Improve the code and distribute copies of their improved versions to others.

  Open access to the source code is a precondition for guaranteeing these freedoms.

  The importance of FOSS licensing

  The FSF has been instrumental in the free software movement, which serves as the foundation for open-source analytics platforms. Among other things, it created the GNU General Public Licence (GPL), which guarantees that all software distributions include the source code and are distributed under the same licence.

  However, other licences, including several copyleft and permissive licences, have been developed to address certain legal issues and loopholes in the GPL. Analytics platforms distributed under any of these licences are considered open-source since they are FSF-compliant.

  Benefits and drawbacks of open-source analytics platforms

  Open-source analytics platforms offer a compelling alternative to their proprietary counterparts, but they also have a few challenges.

  

  Benefits of open-source analytics

  • Full data ownership : Many open-source solutions let you host the analytics platform yourself. This gives you complete control over your customers’ data, ensuring privacy and security.
  • Customisable solution : With access to the source code, you can tailor the platform to your specific needs.
  • Full transparency : You can inspect the code to see exactly how data is collected, processed and stored, helping you ensure compliance with privacy regulations.
  • Community-driven development : Open-source projects benefit from the contributions of a global community of developers. This leads to faster innovation, quicker bug fixes and, in some cases, a wider range of features.
  • No predefined limits : Self-hosted open-source analytics platforms don’t impose arbitrary limits on data storage or processing. You’re only limited by your own server resources.

  Cons of open-source analytics

  • Technical expertise required : Setting up and maintaining a self-hosted open-source platform often requires technical knowledge.
  • No live/dedicated support team : While many projects have active communities, dedicated support might be limited compared to commercial offerings.
  • Integration challenges : Integrating with other tools in your stack might require custom development, especially if pre-built integrations aren’t available.
  • Feature gaps : Depending on the specific platform, there might be gaps in functionality compared to mature proprietary solutions.

  Why open-source is better than proprietary analytics

  Proprietary analytics platforms, like Google Analytics, have long been the go-to choice for many businesses. However, growing concerns around data privacy, vendor lock-in and limited customisation are driving a shift towards open-source alternatives.

  No vendor lock-in

  Proprietary platforms lock you into their ecosystem, controlling terms, pricing and future development. Migrating data can be costly, and you’re dependent on the vendor for updates. 

  Open-source platforms allow users to switch providers, modify software and contribute to development. Contributors can also create dedicated migration tools to import data from GA and other proprietary platforms.

  Data privacy concerns

  Proprietary analytics platforms can heighten the risk of data privacy violations and subsequent fines under regulations like the GDPR and the California Consumer Privacy Act (CCPA). This is because their opaque ‘black box’ design often obscures how they collect, process and use data. 

  Businesses often have limited visibility and even less control over a vendor’s data handling. They don’t know whether these vendors are using it for their own benefit or sharing it more widely, which can lead to privacy breaches and other data protection violations.

  These fines can reach into the millions and even billions. For example, Zoom was fined $85 million in 2021 for CCPA violations, while the largest fine in history has been the €1.2 billion fine imposed on Meta by the Irish Data Protection Act (DPA) under the EU GDPR.

  Customisation

  Proprietary platforms often offer a one-size-fits-all approach. While they might have some customisation options, you’re ultimately limited by what the vendor provides. Open-source platforms, on the other hand, offer unparalleled flexibility.

  Unlimited data processing

  Proprietary analytics platforms often restrict the amount of data you can collect and process, especially on free plans. Going over these limits usually requires upgrading to a paid plan, which can be a problem for high-traffic websites or businesses with large datasets. 

  Self-hosted tools only limit data processing based on your server resources, allowing you to collect and analyse as much data as you need at no extra cost.

  No black box effect

  Since proprietary tools are closed-source, they often lack transparency in their data processing methods. It’s difficult to understand and validate how their algorithms work or how they calculate specific metrics. This “black box” effect can lead to trust issues and make it challenging to validate your data’s accuracy.

  11 Key features to look for in an open-source analytics platform

  Choosing the right open-source analytics platform is crucial for unlocking actionable insights from your customers’ data. Here are 11 key features to consider :

  

  #1. Extensive support documentation and resource libraries

  Even with technical expertise, you might encounter challenges or have questions about the platform. A strong support system is essential. Look for platforms with comprehensive documentation, active community forums and the option for professional support for mission-critical deployments.

  #2. Live analytics

  Having access to live data and reports is crucial for making timely and informed decisions. A live analytics feature allows you to :

  • Monitor website traffic as it happens.
  • Optimise campaign performance tracking.
  • Identify and respond to issues like traffic spikes, drops or errors quickly, allowing for rapid troubleshooting.

  For example, Matomo updates tracking data every 10 seconds, which is more than enough to give you a live view of your website performance.

  #3. Personal data tracking

  Understanding user behaviour is at the heart of effective analytics. Look for a platform that allows you to track personal data while respecting privacy. This might include features like :

  • Creating detailed profiles of individual users and tracking their interactions across multiple sessions.
  • Track user-specific attributes like demographics, interests or purchase history.
  • Track user ID across different devices and platforms to understand user experience.

  #4. Conversion tracking

  Ultimately, you want to measure how effective your website is in achieving your business goals. Conversion tracking allows you to :

  • Define and track key performance indicators (KPIs) like purchases, sign-ups or downloads.
  • Identify bottlenecks in the user journey that prevent conversions.
  • Measure the ROI of your marketing campaigns.

  #5. Session recordings

  Session recordings give your development team a qualitative understanding of user behaviour by letting you watch replays of individual user sessions. This can help you :

  • Identify usability issues.
  • Understand how users navigate your site and interact with different elements.
  • Uncover bugs or errors.

  #6. A/B testing

  Experimentation is key to optimising your website and improving conversion rates. Look for an integrated A/B testing feature that allows you to :

  • Test different variations of your website in terms of headlines, images, calls to action or page layouts.
  • Measure the impact on key metrics.
  • Implement changes based on statistically significant differences in user behaviour patterns, rather than guesswork.

  #7. Custom reporting and dashboards

  Every business has unique reporting needs. Look for a flexible platform that allows you to :

  • Build custom reports that focus on the metrics that matter most to you.
  • Create personalised dashboards that provide a quick overview of those KPIs.
  • Automate report generation to save your team valuable time.

  #8. No data sampling

  Data sampling can save time and processing power, but it can also lead to inaccurate insights if the sample isn’t representative of the entire dataset. The solution is to avoid data sampling entirely.

  Processing 100% of your customers’ data ensures that your reports are accurate and unbiased, providing a true picture of customer behaviour.

  #9. Google Analytics migration tools

  If you’re migrating from Google Analytics, a data export/import tool can save you time and effort. Some open-source analytics projects offer dedicated data importers to transfer historical data from GA into the new platform, preserving valuable insights. These tools help maintain data continuity and simplify the transition, reducing the manual effort involved in setting up a new analytics platform.

  #10 A broad customer base

  The breadth and diversity of an analytics platform’s customer base can be a strong indicator of its trustworthiness and capabilities. Consider the following :

  • Verticals served
  • The size of the companies that use it
  • Whether it’s trusted in highly-regulated industries

  If a platform is trusted by a large entity with stringent security and privacy requirements, such as governments or military branches, it speaks volumes about its security and data protection capabilities.

  #11 Self-hosting

  Self-hosting offers unparalleled control over your customers’ data and infrastructure.

  Unlike cloud-based solutions, where your customers’ data resides on third-party servers, self-hosting means you manage your own servers and databases. This approach ensures that your customers’ data remains within your own infrastructure, enhancing privacy and security.

  There are other features, like analytics for mobile apps, but these 11 will help shortlist your options to find the ideal tool.

  Choosing your self-hosted open-source analytics platform : A step-by-step guide

  The right self-hosted open-source analytics platform can significantly impact your data strategy. Follow these steps to make the best choice :

  

  Step #1. Define your needs and objectives

  Begin by clearly outlining what you want to achieve with your analytics platform :

  • Identify relevant KPIs.
  • Determine what type of reports to generate, their frequency and distribution.
  • Consider your privacy and compliance needs, like GDPR and CCPA.

  Step #2. Define your budget

  While self-hosted open-source platforms are usually free to use, there are still costs associated with self-hosting, including :

  • Server hardware and infrastructure.
  • Ongoing maintenance, updates and potential support fees.
  • Development resources if you plan to customise the platform.

  Step #3. Consider scalability and performance

  Scaling your analytics can be an issue with self-hosted platforms since it means scaling your server infrastructure as well. Before choosing a platform, you must think about :

  • Current traffic volume and projected growth.
  • Your current capacity to handle traffic.
  • The platform’s scalability options.

  Step #4. Research and evaluate potential solutions

  Shortlist a few different open-source analytics platforms that align with your requirements. In addition to the features outlined above, also consider factors like :

  • Ease of use.
  • Community and support.
  • Comprehensive documentation.
  • The platform’s security track record.

  Step #5. Sign up for a free trial and conduct thorough testing

  Many platforms offer free trials or demos. Take advantage of these opportunities to test the platform’s features, evaluate the user interface and more.

  You can embed multiple independent tracking codes on your website, which means you can test multiple analytics platforms simultaneously. Doing so helps you compare and validate results based on the same data, making comparisons more objective and reliable.

  Step #6. Plan for implementation and ongoing management

  After choosing a platform, follow the documentation to install and configure the software. Plan how you’ll migrate existing data if you’re switching from another platform.

  Ensure your team is trained on the platform, and establish a plan for updates, security patches and backups. Then, you’ll be ready to migrate to the new platform while minimising downtime.

  Top self-hosted open-source analytics tools

  Let’s examine three prominent self-hosted open-source analytics tools.

  Matomo

  Main Features	Analytics updated every 10 seconds, custom reports, dashboards, user segmentation, goal tracking, e-commerce tracking, funnels, heatmaps, session recordings, A/B testing, SEO tools and more advanced features.
  Best for	Businesses of all sizes and from all verticals. Advanced users
  Licencing	GPLv3 (core platform).Various commercial licences for plugins.
  Pricing	Self-hosted : Free (excluding paid plugins).Cloud version : Starts at $21.67/mo for 50K website hits when paid annually.

  

  Matomo Analytics dashboard

  Matomo is a powerful web analytics platform that prioritises data privacy and user control. It offers a comprehensive suite of features, including live analytics updated every 10 seconds, custom reporting, e-commerce tracking and more. You can choose between a full-featured open-source, self-hosted platform free of charge or a cloud-based, fully managed paid analytics service.

  Matomo also offers 100% data ownership and has a user base of over 1 million websites, including heavyweights like NASA, the European Commission, ahrefs and the United Nations.

  Plausible Analytics

  Main Features	Basic website analytics (page views, visitors, referrers, etc.), custom events, goal tracking and some campaign tracking features.
  Best for	Website owners, bloggers and small businesses.Non-technical users.
  Licencing	AGPLv3.
  Pricing	Self-hosted : FreeCloud version : Starts at $7.50/mo for 10K website hits when paid annually.

  

  Plausible Analytics 
  (Image source)

  Plausible Analytics is a lightweight, privacy-focused analytics tool designed to be simple and easy to use. It provides essential website traffic data without complex configurations or intrusive tracking.

  Fathom Lite & Fathom Analytics

  Main features	Basic website analytics (page views, visitors, referrers, etc.), custom events and goal tracking.
  Best for	Website owners and small businesses.Non-technical users.
  Licencing	Fathom Lite : MIT Licence (self-hosted).Fathom Analytics : Proprietary.
  Pricing	Fathom Lite : Free but currently unsupported.Cloud version : Starts at $12.50/month for up to 50 sites when paid annually.

  

  Fathom Analytics 
  (Image source)

  Fathom started as an open-source platform in 2018. But after the founders released V1.0.1, they switched to a closed-source, paid, proprietary model called Fathom Analytics. Since then, it has always been closed-source.

  However, the open-source version, Fathom Lite, is still available. It has very limited functionality, uses cookies and is currently unsupported by the company. No new features are under development and uptime isn’t guaranteed.

  Matomo vs. Plausible vs. Fathom

  Matomo, Plausible, and Fathom are all open-source, privacy-focused alternatives to Google Analytics. They offer features like no data sampling, data ownership, and EU-based cloud hosting.

  Here’s a head-to-head comparison of the three :

  	Matomo	Plausible	Fathom
  Focus	Comprehensive, feature-rich, customizable	Simple, lightweight, beginner-friendly	Simple, lightweight, privacy-focused
  Target User	Businesses, marketers and analysts seeking depth	Beginners, bloggers, and small businesses	Website owners and users prioritising simplicity
  Open Source	Fully open-source	Fully open-source	Limited open-source version
  Advanced analytics	Extensive	Very limited	Very limited
  Integrations	100+	Limited	Fewer than 15
  Customisation	High	Low	Low
  Data management	Granular control, raw data access, complex queries	Simplified, no raw data access	Simplified, no raw data access
  GDPR features	Compliant by design, plus GDPR Manager	Guides only	Compliant by design
  Pricing	Generally higher	Generally lower	Intermediate
  Learning curve	Steeper	Gentle	Gentle

  The open-core dilemma

  Open-source platforms are beneficial and trustworthy, leading some companies to falsely market themselves as such.

  Some were once open-source but later became commercial, criticised as “bait-and-switch.” Others offer a limited open-source “core” with proprietary features, called the “open core” model. While this dual licensing can be ethical and sustainable, some abuse it by offering a low-value open-source version and hiding valuable features behind a paywall.

  However, other companies have embraced the dual-licensing model in a more ethical way, providing a valuable solution with a wide range of tools under the open-source license and only leaving premium, non-essential add-ons as paid features.

  Matomo is a prime example of this practice, championing the principles of open-source analytics while developing a sustainable business model for its users’ benefit.

  Choose Matomo as your open-source data analytics tool

  Open-source analytics platforms offer compelling advantages over proprietary solutions like Google Analytics. They provide greater transparency, data ownership and customisation. Choosing an open-source analytics platform over a proprietary one gives you more control over your customers’ data and supports compliance with user privacy regulations.

  With its comprehensive features, powerful tools, commitment to privacy and active community, Matomo stands out as a leading choice. Make the switch to Matomo for ethical, user-focused analytics.

  Try Matomo for free.

• Small Time DevOps

  1er janvier 2021, par Multimedia Mike — General

  When you are a certain type of nerd who has been on the internet for long enough, you might run the risk of accumulating a lot of projects and websites. Website-wise, I have this multimedia.cx domain on which I host a bunch of ancient static multimedia documents as well as this PHP/MySQL-based blog. Further, there are 3 other PHP/MySQL-based blogs hosted on subdomains. Also, there is the wiki, another PHP/MySQL web app. A few other custom PHP- and Python-based apps are running around on the server as well.

  While things largely run on auto-pilot, I need to concern myself every now and then with their ongoing upkeep.

  If you ask N different people about the meaning of the term ‘DevOps’, you will surely get N different definitions. However, whenever I have to perform VM maintenance, I like to think I am at least dipping my toes into the DevOps domain. At the very least, the job seems to be concerned with making infrastructure setup and upgrades reliable and repeatable.

  Even if it’s not fully automated, at the very least, I have generated a lot of lists for how to make things work (I’m a big fan of Trello’s Kanban boards for this), so it gets easier every time (ideally, anyway).

  Infrastructure History

  For a solid decade, from 2004 to 2014, everything was hosted on shared, cPanel-based web hosting. In mid-2014, I moved from the shared hosting over to my own VPSs, hosted on DigitalOcean. I must have used Ubuntu 14.04 at the time, as I look down down the list of Ubuntu LTS releases. It was with much trepidation that I undertook this task (knowing that anything that might go wrong with the stack, from the OS up to the apps, would all be firmly my fault), but it turned out not to be that bad. The earliest lesson you learn for such a small-time setup is to have a frontend VPS (web server) and a backend VPS (database server). That way, a surge in HTTP requests has no chance of crashing the database server due to depleted memory.

  At the end of 2016, I decided to refresh the VMs. I brought them up to Ubuntu 16.04 at the time.

  Earlier this year, I decided it would be a good idea to refresh the VMs again since it had been more than 3 years. The VMs were getting long in the tooth. Plus, I had seen an article speculating that Azure, another notable cloud hosting environment, might be getting full. It made me feel like I should grab some resources while I still could (resource-hoarding was in this year).

  I decided to use 18.04 for these refreshed VMs, even though 20.04 was available. I think I was a little nervous about 20.04 because I heard weird things about something called snap packages being the new standard for distributing software for the platform and I wasn’t ready to take that plunge.

  Which brings me to this month’s VM refresh in which I opted to take the 20.04 plunge.

  Oh MediaWiki

  I’ve been the maintainer and caretaker of the MultimediaWiki for 15 years now (wow ! Where does the time go ?). It doesn’t see a lot of updating these days, but I know it still serves as a resource for lots of obscure technical multimedia information. I still get requests for new accounts because someone has uncovered some niche technical data and wants to make sure it gets properly documented.

  MediaWiki is quite an amazing bit of software and it undergoes constant development and improvement. According to the version history, I probably started the MultimediaWiki with the 1.5 series. As of this writing, 1.35 is the latest and therefore greatest lineage.

  This pace of development can make it a bit of a chore to keep up to date. This was particularly true in the old days of the shared hosting when you didn’t have direct shell access and so it’s something you put off for a long time.

  Honestly, to be fair, the upgrade process is pretty straightforward :

  1. Unpack a set of new files on top of the existing tree
  2. Run a PHP script to perform any database table upgrades

  Pretty straightforward, assuming that there are no hiccups along the way, right ? And the vast majority of the time, that’s the case. Until it’s not. I had an upgrade go south about a year and a half ago (I wasn’t the only MW installation to have the problem at the time, I learned). While I do have proper backups, it still threw me for a loop and I worked for about an hour to restore the previous version of the site. That experience understandably left me a bit gun-shy about upgrading the wiki.

  But upgrades must happen, especially when security notices come out. Eventually, I created a Trello template with a solid, 18-step checklist for upgrading MW as soon as a new version shows up. It’s still a chore, just not so nerve-wracking when the steps are all enumerated like that.

  As I compose the post, I think I recall my impetus for wanting to refresh from the 16.04 VM. 16.04 used PHP 7.0. I wanted to upgrade to the latest MW, but if I tried to do so, it warned me that it needed PHP 7.4. So I initialized the new 18.04 VM as described above… only to realize that PHP 7.2 is the default on 18.04. You need to go all the way to 20.04 for 7.4 standard. I’m sure it’s possible to install later versions of PHP on 16.04 or 18.04, but I appreciate going with the defaults provided by the distro.

  I figured I would just stay with MediaWiki 1.34 series and eschew 1.35 series (requiring PHP 7.4) for the time being… until I started getting emails that 1.34 would go end-of-life soon. Oh, and there are some critical security updates, but those are only for 1.35 (and also 1.31 series which is still stubbornly being maintained for some reason).

  So here I am with a fresh Ubuntu 20.04 VM running PHP 7.4 and MediaWiki 1.35 series.

  How Much Process ?

  Anyone who decides to host on VPSs vs, say, shared hosting is (or ought to be) versed on the matter that all your data is your own problem and that glitches sometimes happen and that your VM might just suddenly disappear. (Indeed, I’ve read rants about VMs disappearing and taking entire un-backed-up websites with them, and also watched as the ranters get no sympathy– “yeah, it’s a VM ; the data is your responsibility”) So I like to make sure I have enough notes so that I could bring up a new VM quickly if I ever needed to.

  But the process is a lot of manual steps. Sometimes I wonder if I need to use some automation software like Ansible in order to bring a new VM to life. Why do that if I only update the VM once every 1-3 years ? Well, perhaps I should update more frequently in order to ensure the process is solid ?

  Seems like a lot of effort for a few websites which really don’t see much traffic in the grand scheme of things. But it still might be an interesting exercise and might be good preparation for some other websites I have in mind.

  Besides, if I really wanted to go off the deep end, I would wrap everything up in containers and deploy using D-O’s managed Kubernetes solution.

  The post Small Time DevOps first appeared on Breaking Eggs And Making Omelettes.