Hi everyone!<p>Author of Umami here. I totally did not expect this response so it looks like you all hugged my little server to death. The demo should be back up now.<p>A little background. This is a side project I started 30 days ago because I was tired of how slow and complicated Google Analytics was. I just wanted something really simple and fast that I could browse quickly without diving through layers of menus. So I created Umami to track my own websites and then open sourced it. The stack is React, Redux, and Next.js with a Postgresql backend.<p>Would be happy to answer any questions you have.
One of the claims of Umami is that it's GDPR compliant:<p>> Umami does not collect any personally identifiable information so it is GDPR and CCPA compliant. No cookie notices are needed because Umami does not use cookies.<p>From auditing the source code, this doesn't seem to be the case. First, it claims it doesn't use cookies, but it clearly uses localStorage to store a "sessionKey"[0].<p>The other claim, that Umami is GDPR and CCPA compliant because it does not collect any personally identifiable information is only half true. While the data collected isn't PII (because you can't use it on it's own to identify a user), it's still "personal data". This is because the "sessionKey" stored alongside all events is actually a pseudonymous user identifier. It's really just a hash of the user's IP along with a few other properties[1]. Because the data Umami collects, when combined with some other data, can be attributed back to the user, the data is still considered "personal data". That means you're still subject to most of GDPR such as GDPR deletion requests[2].<p>[0] <a href="https://github.com/mikecao/umami/blob/f4ca353b5c68750bf391e5874f19c609b9c421ef/tracker/index.js#L44" rel="nofollow">https://github.com/mikecao/umami/blob/f4ca353b5c68750bf391e5...</a><p>[1] <a href="https://github.com/mikecao/umami/blob/master/lib/session.js#L29" rel="nofollow">https://github.com/mikecao/umami/blob/master/lib/session.js#...</a><p>[2] <a href="https://gdpr-info.eu/art-17-gdpr/" rel="nofollow">https://gdpr-info.eu/art-17-gdpr/</a>
Lots of home-grown analytics are very privacy focussed these days and do not use cookies. That's a good thing.<p>For simple sites like blogs, simple low volume ecommerce, etc.<p>But for more "serious" eCommerce, SAAS based applications and sites that are concerned with marketing on email, social and web then then optimizing what you show then and finally generating leads for salespeople to call or actual sales...<p>Cookies or local storage, or some way of tracking the customer across all the channels and their actions are essential.<p>If one can avoid using Google Analytics, then that's a good thing also.<p>But let's get real -- the idea of a cookie-less future is not gonna happen because people actually do business in the web.
I have been using goatcounter [0] and love the simplicity. I used to use Matomo, but they want a lot of money to see the referrals from google search/etc. And it's a heavier dependency. Goatcounter is a drop-in golang binary.<p>[0]: <a href="https://github.com/zgoat/goatcounter" rel="nofollow">https://github.com/zgoat/goatcounter</a>
I've seen a bunch of these simple self-hosted log dashboards here on HN, but I don't think they directly compare with google analytics, which is just a much more powerful and much much more complicated product. Not to say this isn't a great product, but it really isn't an alternative to GA.
This looks really nice! If... you’re only looking for high level numbers for something like a personal blog or a simple landing page for a mobile app.<p>I wouldn’t call this a replacement to Google Analytics.<p>The reason to have something like Google Analytics is to track traffic at a more granular level, and with very specific intent.<p>Some of the things I _rely_ on include:<p>- custom parameters
- segments
- goals
- A/B testing
- specific views<p>And that’s just the short list.<p>Now, I use Analytics heavily because we spend a lot of effort on growth, both organic (content, seo) and paid (ads), so knowing what’s going on at that level is essential.<p>If you don’t, there’s not much reason to use something like GA.
Looks neat! will explore.<p>Also, I did research on alternatives to GA few days back, might be helpful of someone:<p><a href="https://github.com/Open-Web-Analytics/Open-Web-Analytics" rel="nofollow">https://github.com/Open-Web-Analytics/Open-Web-Analytics</a><p><a href="https://matomo.org/" rel="nofollow">https://matomo.org/</a><p><a href="https://github.com/matomo-org/matomo" rel="nofollow">https://github.com/matomo-org/matomo</a><p><a href="https://github.com/usefathom/fathom" rel="nofollow">https://github.com/usefathom/fathom</a><p><a href="https://www.goatcounter.com/" rel="nofollow">https://www.goatcounter.com/</a><p><a href="https://plausible.io/" rel="nofollow">https://plausible.io/</a><p><a href="https://github.com/PostHog/posthog" rel="nofollow">https://github.com/PostHog/posthog</a><p><a href="https://www.usertrack.net/" rel="nofollow">https://www.usertrack.net/</a>
A comparison of Umami and Matomo (formerly Piwik) would be helpful since they seem very similar. I looked at both websites and didn't see any mention of the other project.
to be honest, if you are using nginx, just use / run <a href="https://goaccess.io/" rel="nofollow">https://goaccess.io/</a> It collects the same information as umami and is even more lightweight, since it just runs whenever you tell it to.<p>just add the command as a cron job, and you get an auto generated static dashboard. very neat.
I'm very excited to see this space heating up. It seems for years we defaulted to using Google Analytics and no one wanted in the market. Now there are plenty alternatives, with many of them open source.
It needs more granularity of OS versions and browser versions. Knowing which iOS version your users have is important to decide on what base level version you need for an iOS app, for example.
When I've seen GA used or recommended to people, it's because their use case is tracking the marketing performance of their website.<p>Tackling the privacy focus for GA is great, but they're a good deal of products out there that already fill that niche, not to mention the requirements of the privacy crowd usually being a venture into itself.<p>If you wanted to make it relatively competitive for marketing, the simplest addition would be adding labelling via regex for referrers.<p>i.e. - Some users want to be able to group Baidu, Google, DuckDuckGo, into a single bucket for comparison. Some users want to break them down into common market segments by country.
"<a href="https://www.baidu.com/link?url=FyYbCZqj65Vc7A4XeSNrOcQCS2qFXD_8SBAcDWSlJnm&wd=&eqid=d43dbd6c00005f90000000025f3c6d2a"" rel="nofollow">https://www.baidu.com/link?url=FyYbCZqj65Vc7A4XeSNrOcQCS2qFX...</a><p>is from your live demo referrers, and makes it difficult to actually assess the amount of traffic from Baidu. Using a regex label means that users can break down traffic from Paid/Organic marketing fairly quickly, and start to build up dashboards they can use.<p>If you ever extended it to allow multiple labels for each hit, could re-run the regex over past data, and could build reports off it, you'd easily have a benefit over GA that would start to wean the marketing crowd off it.
Congrats on launching -- really impressive. One important issue that these self hosted analytics solve is ad blocking. Ad blocking by users really undermines the ability of a site or app to figure out what is working and not working. When you host your own analytics, you can get usability information for all of your users, not just those that don't block. That allows you to make a better product.<p>I have been working on something similar at <a href="https://argyle.cc" rel="nofollow">https://argyle.cc</a> -- we combine cloud analytics with a self-hosted analytics collector js. That gives you the best of both worlds: privacy focused, user respecting analytics, but full featured reporting in the cloud and ad-blocker resistance. It also allows event tracking to be done over js/web or in-line/server side.
I'd love to use this. But 34 dependencies?<p>I know ~10 of them are React, and there's some in there that make sense. But I haven't got the time to audit them all, and re-audit it every time any of those dependencies update .<p>And escape-string-regexp? Really? it's literally 2 lines of code [0]. Why have I got to give the maintainer of that project commit access to this program that will be seeing potentially sensitive data?<p>Why, if the developer couldn't come up with those 2 lines themselves, isn't this a Stack Overflow copy/paste?<p>[0]<a href="https://github.com/sindresorhus/escape-string-regexp/blob/master/index.js" rel="nofollow">https://github.com/sindresorhus/escape-string-regexp/blob/ma...</a>
Is there a way for me as a user to opt out of this tool other than relying on third party tools like uBlock? I'm starting to get annoyed by so many "privacy focused" tools with literally no consent options at all.
If you want to respect user privacy while collecting analytics data, I recommend using
Local Differential Privacy (via Randomized Responses) when collecting information from browsers.<p><a href="https://en.wikipedia.org/wiki/Local_differential_privacy" rel="nofollow">https://en.wikipedia.org/wiki/Local_differential_privacy</a> and
<a href="https://en.wikipedia.org/wiki/Randomized_response" rel="nofollow">https://en.wikipedia.org/wiki/Randomized_response</a>
Am I wrong for thinking that Google Analytics has bad UI?<p>As a noob at UI it was bizarre and unintuitive for me.<p>Just finding the region locations of the traffic was odd and didn't make immediate sense.
I'll throw a shoutout for a top tier project - <a href="https://github.com/zgoat/goatcounter" rel="nofollow">https://github.com/zgoat/goatcounter</a><p>Using it for some personal stuff, and does absolutely everything I need it to, and then some.<p>I love the ethos of the project, and whilst it's open source, there's a hosted option that looks super reasonable too.
This looks great! For what it’s worth, I also maintain an open source (and self hosted) website analytics tool called Shynet [0] (someone else mentioned it in this thread, but thought I’d share here as well). Really great to see more options in this area!<p>[0] <a href="https://github.com/milesmcc/shynet" rel="nofollow">https://github.com/milesmcc/shynet</a>
This would be amazing if, out of the box, it sent data to BiqQuery and/or Redshift. Postgres is fine, but for most companies this data is most useful in the warehouse. If this was a simple, drop-in solution to get well formatted data into BQ plus a bit of easy vis, that would be cool and VERY useful.
I've used <a href="https://count.ly/" rel="nofollow">https://count.ly/</a> instead of Google Analytics to gather exception data and business analytics from mobile and web apps. Relatively cheap for decent scale and they're very nice and helpful.
Slightly off-topic: Does anyone have recommendations for self-hosted open source analytics that can handle a large volume site (think 500.000.000 impressions per month)? I can't imagine systems with MySQL/PostgreSQL as database can handle this.
I wish to see a line about backend platform on installation documentation. Yes, it's simple, but IMO no one will find "Umami requires bla bla platform on bla bla operating system." sentence useless.
I always like seeing competitors to GA but the website could really use some more information on why you should use it and the features it gives you. It's hard to beat top competitors in a saturated space.
Are there any "Google Analytics" alternatives that aren't based on Python, Node, Go, etc but something with a PHP back-end that can be deployed to any commodity LAMP hosting provider?
Awesome project! Google is definitely fading out for sure. I know many businesses and developers are tired of it. Looking forward to seeing what other inventions will give Google some competition.
I've been happily paying for GoatCounter for several months. I don't imagine I'll ever need to self host but it's nice knowing I can if necessary.
If you have an AWS account, you can use <a href="https://ownstats.cloud" rel="nofollow">https://ownstats.cloud</a> to self-host website analytics
noticed you didn't write any tests: <a href="https://github.com/mikecao/umami" rel="nofollow">https://github.com/mikecao/umami</a><p>What was your reasoning? Personally, I write tests for all my projects, it forces me to really think hard about how to break down the different components and functionalities and it helps others feel more confident to contribute.
+1 to <a href="https://goatcounter.com/" rel="nofollow">https://goatcounter.com/</a> o use it for my personal blog <a href="https://dannysalzman.com" rel="nofollow">https://dannysalzman.com</a> . This is a good reminder to donate.