Hacker News new | ask | show | jobs
by CHsurfer 2524 days ago
I think the GDPR was enacted into law not to prevent cookies, but to prevent collecting data on regular people. This seems to circumvent the technicalities of the law but not the spirit. The risk is that they enact a new law that puts even further restrictions on website operators.

I'm not sure this is a good idea.
2 comments
pauljarvis 2524 days ago
Appreciate the note and thought here. I do disagree though, as it feels like the spirit of GDPR is to make into law the protection and privacy for regular people. Fathom does this to the best of our ability, and our code reflects our agreement with the spirit of the law.

Analytics is required for business and isn't going anywhere. The laws don't feel like they are trying to shut down analytics completely, they are just asking this type of software to do better. That's what I think we are doing with this—and there are no other analytics companies who come close to our level of obfuscation and non-tracking of personal data.

If the intent of the law is do better with privacy and data, we are doing it to the best of our abilities. It's not a skirting around the issue, we are agreeing with it in our code and logic for how our tracker works.

link
JackWritesCode 2524 days ago
Thanks for the concern here. We are GDPR compliant (and may be exempt from it). See here: https://usefathom.com/data/
link
noxToken 2524 days ago
Tell me if I get this correct:

Alice visit a site and gets the hash 1234. The analytics data is stored and associated with hash 1234, but soon after, hash 1234 is removed. However the aggregate visitor analytic that was associated with hash 1234 data persists. Then another user (say Alice again) returns and gets hash 5678. Analytic data is tracked, stored with hash 5678 for the 30 minutes (or less), and then hash 5678 is again removed. However the analytic data that was associated with 5678 is aggregated with the rest?

link
JackWritesCode 2523 days ago
That's exactly how it works. The purpose being to make it completely impossible to ever single out a user and see which pages they viewed on a website.
link
jfk13 2524 days ago
You might like to edit the line on that policy page that refers to "the most privacy-focused manor"... while a privacy-focused manor is an interesting idea, I suspect you meant "manner". :)
link
i_anon 2523 days ago
Equally, I'm not sure what it means to be GDPR "complaint" but I'm thinking it's probably supposed to be "compliant" ;)
link
pauljarvis 2524 days ago
lolololol
link