Counting unique visitors without UIDs or fingerprinting
There are plenty of privacy-focused (and not so focused) analytics solutions out there that will sacrifice your privacy for the sake of data. Most generate some unique identifier (UID) on the server and then store it in the browser or in a database. This UID is usually based on a hash of your User Agent, your IP, your location, the date you accessed the page, etc. The hash is one-way (it can't be de-hashed) so you are pretty well protected. Others aren't that careful and will collect a bus load of information about you, most over the course of months, building up a pretty comprehensive profile of who you are based on your browsing habits.
However, the more data points any solution has about you, the easier it is to link your activity on a specific site to you as a person. I want to avoid that altogether. So if I store nothing about you, then I know nothing, and you are safe.
So how then can I count unique visits to my website without identifying you or storing any of your personally identifiable information in a database?
Solution
I started to think from the goal I wanted to achieve. It would help me immensely if I knew which pages clicked with my website's readers. Not which readers, which pages. My solution doesn't require that I store any UID on my server or on your computer. At the same time, I know all I need to and nothing that I don't: how many unique visitors the pages I am interested in have had over time.
Here's how:
- When you visit a page on my website for the first time, I send back a cookie that marks that page as visited. It does this by basically adding it to a list of pages you've already visited. If this is the first page you visited on my website, the list will contain just the ID of that page.
- For each visit, I check whether the list already contains the page you're visiting. If it does, I do nothing.
- If it doesn't, I add it to the list of visited pages and store the updated list as a cookie in your browser.
If the process results in adding a page to the list of pages you visited, I increase the number of visits for that page in my database.
No information such as your browser, your location, your IP, hashed or not, or anything else except the ID of the page you just visited is stored.
For all intents and purposes, you are one of many. Anonymous. Safe.
What do you store in your database?
I keep the minimal amount of information that tells me how many unique visitors a page has had over time. This is how the data looks like in my database:
created_atdate the entry was created | typewhat sort of page it is | guidpage unique ID |
---|---|---|
2022-12-21 10:01:27.254293+00 | h7ad1crxg5ynk40d | |
2022-12-21 11:34:03.533269+00 | wy5bwsvlpp5ny9tb | |
2022-12-22 11:04:14.505776+00 | h7ad1crxg5ynk40d |
As you can see, there is absolutely nothing in there to identify you or anyone else either personally or a particular browsing session. All I know is that the email with the ID h7ad1crxg5ynk40d
has had two unique visitors and the email with the ID wy5bwsvlpp5ny9tb
just one.
Can I opt out?
Of course, you can still opt out of this by going to your cookie settings. By default, all non-essential cookies are opt-in.