My website is now completely cookie-free

created: 9 minute read

In the last few days, I invested some time to further improve the data protection on my website. For instance, I reduced the scripts used on this website to a minimum. Also, I replaced Google Analytics by the open source alternative plausible. All these changes together now enable me to run the website completely without cookies, which further improves the protection of your and my privacy as well as enhances your website experience due to faster page loads.

img Output of Firefox’ tracking protection for my website on September 12, 2021.

To provide full transparency, I describe in this post the changes I made and which data is maybe still collected on my website or by third-party providers.

Privacy protection

Privacy protection has always been an important topic for me – concerning both, protecting mine and respecting yours. Also on my website, I always try to ensure the highest possible level of data protection.

A minimum set of required scripts on this website

Therefore, I don’t use scripts that are not strictly required for operating this website. However, I need a minimum set of scripts, e.g., to display $\LaTeX$ markups1.

Before I use an external script, I always check them with regard to whether and which data they collect and if they further process the data in order make money out if it. In the latter case, I won’t use the script. Another very important criterion for me is that no third-party provider and even I are unable to derive the identity of the visitors just from the data that is collected – especially if the third-party providers practice cross-website tracking. For this reason you will find no web add scripts or advertising banners on this website. Also, the comment section, that you can find under every blog post, does not rely on any third-party cookie-based solution2.

Website analyitcs

In order to keep track of broken links and the reach of my website, I used analytics tools from squarespace on my former website host and Google Analytics on the current website host. However, with both solutions3 the data collected on my website were stored on third-party servers in the US and, hence, outside the scope of the German and European General Data Protection Regulation (GDPR) . And in case of Google Analytics, the data were further processed for whatever Google wanted to use them4. That bothered me from the very beginning and I wanted to change this as soon as possible.

Fortunately, competitive alternatives emerged in recent years, that guarantee a high level of data protection, data storage on European servers or hosted on own servers, and full transparency by releasing their code as open source. Such an alternative is Plausible Analytics that I have just recently discovered and now implemented on my website to substitute Google Analytics.

Plausible

Plausible Analytics claims to be a simple, open source, lightweight, independent and privacy-friendly alternative to Google Analytics, fully based in Europe. From my personal experience so far, I can confirm all these points.

Simple

I can fully confirm that plausible is much easier to use compared to Google Analytics. While for the latter one I had to read a bunch of tutorials and Google’s documentation websites, even today I still feel unsure about several settings and the interpretation of the dashboard data. On the other hand, there is plausible that I was able to use from the first day without any further instructions. The dashboard is sleek and clean, without any unnecessary information that I would never understand or make use of. Connecting plausible to my website was also no problem due to the user-friendly (i.e., human-readable) documentation .

img My plausible dashboard (on September 12, 2021).

Open Source

The source code of Plausible is open and can be accessed and validated on GitHub without any restrictions. There is even a public roadmap , where users can give feedback and suggest new features.

Lightweight

The script to execute plausible on a website is very small , which enables faster page loads (compared to Google Analytics).

Independent

Plausible claims to be independent, since it is completely self-funded .

Privacy-friendly

That’s the biggest plus for me: Plausible is privacy-friendly . It works completely without cookies and, therefore, doesn’t collect any personal data or personally identifiable information (PII). Plausible also claims to collect only the most essential data points and nothing more. All data is aggregated only, and the users are not tracked across websites and devices.

Also, plausible is maintained and hosted in the EU and hence all collected data is covered by the very strict European GDPR . All data is kept secured and encrypted on servers in Germany, that are powered by renewable energy, which is another big plus.

The value of a good service

Of course, all these pluses must be maintained and, therefore, financed somehow. Setting up such an ambitious project requires people to work on it and develop it continuously. Without a doubt, these people need to get paid for their work they put in.

Plausible doesn’t rely on business models like that from Google, where the provided service is offered for free…at first glance: The users, both the website maintainer and the visitors, actually pay with their data which they voluntarily or unknowingly share with the service provider, who further processes and maybe even sells all collected data.

Plausible’s business model is different from that and relys on a monthly or yearly fee, that the website hoster (e.g., me) has to pay in order to use their service. There are different subscription models and the fee depends on the reach, i.e., number of visitors and page views of your website. The entry-level subscription has a fair price5 and is sufficient for the most common personal websites.

Acknowledgments and summary

I’m to no extent affiliate to plausible or any other web-analytics provider. If it wouldn’t have been plausible but any other provider, who offers similar privacy features, I would have written the same post for such provider. I’m also running no personal or professional campaign against Google, just if this impression possibly might have arisen while reading this post6.

My main motivation – for this post, but also for my website as a whole – is the protection of your and my data and privacy, and providing the greatest possible transparency on this topic.

Acutally, I’m very proud that my website is now completely cookie-free due to the steps listed above. I even got rid of these annoying cookie banners. Nonetheless, you will still find a detailed privacy policy description for any processing of the data that might arise from your website visit. And I continue to further reduce such data collection when- and wherever possible.

If you have any question or concerns regarding the protection of your data on my website, please feel free to contact me.

Annotations and references

  1. For further details, please read my post on How to use LaTeX in Markdown

  2. However, the comments’ content is stored on the server of a third-party provider (Google), with or without the possibility of inferring your identity (this strictly depends on whether and which name you provide when you post a comment, and as well as on the content of your comments). Here you can learn more about how the comments are implemented on this website. 

  3. For a deeper insight and broader overview of website analytics tools with regard to privacy protection, there is an interesting recent article on Data analytics in a privacy-concerned world by Jaap Wieringa, P.K. Kannan, Xiao Ma, Thomas Reutterer, Hans Risselada, Bernd Skiera, Journal of Business Research, Volume 122, 2021, Pages 915-925, ISSN 0148-2963, DOI: 10.1016/j.jbusres.2019.05.005

  4. Read more about how Google officially further processes data on their servers, e.g., on their Data Processing and Security Terms website

  5. At the time of writing this article (September 12, 2021), the entry-level fee for a website with 10k monthly page views was 6,- EU per month. 

  6. On the contrary, Google offers excellent services that even I still use today. The only thing one has to keep in mind is the protection of our data – today even more than ever before. This includes to always check, which data is collected and what happens to it on third-party servers, do I lose control and even ownership when my data is uploaded to these servers, and so forth. This check should always be accompanied by the question, whether the service I subscribe to (mostly for free) is worth the data and privacy that I may have to sacrifice for it. Is this price too high, which alternatives do exist? Nowadays, there are more and more alternatives and the only thing one actually has to invest is a bit of time to search for them – for improving our data protection, which may be gained by such an alternative, this time investment is quite acceptable in my eyes. 

Comments

Add a comment: