Exactly 25 days ago today I posted here, proud of my new web analytics. The response was mixed and my post even got flagged (understandable). It was my first real launch and I actually made a sale just a day later of 49$(!). Back then my project was pay once, keep forever. Since then I have sadly went over to the dark side (subscription based).
Anyways, I never went back to look at the post after the first two hours, turns out I got a lot of answers. Most answers was something like: "Yea yea, this is great... but why not self-host?". And to be honest, I don't really have a good answer to that, I myself used to self-host.
Since swithcing over to subscription based I have gotten two customers, altough one cancelled. So at the moment I have one subscription based customer. And while I'm not planning to shut it down anytime soon (not very expensive to run) I am looking forward to new projects.
As a way to create a little "boilerplate" for myself I created my latest project Indielytics. It's a stupid simple, public only, free to use web analytics. By adding a small js snippet to your html you will automatically start displaying daily unique visitors and views on www.indielytics.link/your-domain.
It's GDPR compliant and cookieless too. One of the big cons: data is kept for only 10 days to make sure I can afford this.
How it works: the script in your websites HTML sends the domain, user-agent and ip-adress over to my servers. To then be able to count unique visitors without storing any personallly identifiable information (PII's) the IP-adress is first trunctuated (last segments is discarded). After that the domain + user-agent + IP-adress is hashed with a daily rotating salt. Then it's stored in a EU hosted DB. The raw IP-adress is never stored anywhere other that in memory (altough it can probably be found in your server logs). The hashed strings are deleted withing 24 hours.
Vulnerabilities: Right now there are some big cons to the way I have done this. The biggest problem being the fact that a lot of fake requests could easily be sent to my endpoint and thus increase the number displayed for a websites analytics. With simplytics.dev this wasn't really a problem, since theres no reason for people to fake their own data.
But the purpose of Indielytics is to display your analytics to others, which I fear will draw a lot more users with malicious intent.
I'd love feedback on the project, and I'd also love to hear solutions to my above mentioned problem.