[franky47]

I agree that giving someone else your data is the issue. But as an alternative to self-hosting, I'm working on an end-to-end encrypted approach [1]. I can offer a service (much easier to setup and maintain than self-hosting), but I don't have the data (not in a useable/leakable way).

https://chiffre.io

[XCSme]

One problem with hosted analytics that keeps getting more obvious recently is that adblockers automatically block the domain names of those trackers. I think hosted might still work, but you would have to offer custom domain names or find a way to avoid adblockers.

Also, what does end-to-end encryption mean? HTTPS already does that, right? If there's some extra encryption on top, does it mean that the client will encrypt the analytics data before sending it?

That sounds interesting, but it feels like the whole purpose is to hide the data from your company. How can you make sure that you don't have access in any way to the data, if you also store the user accounts that have access to this data? If you wanted, what would stop you from logging in as that user and viewing his data?

[franky47]

E2EE means the analytics data is encrypted by the visitor, using public key cryptography. The secret key to decrypt that data is only known of the website owner. Anything I store is encrypted, including that secret key, and the source key is derived from the user's password, which never hits the server (using the SRP protocol for authentication).

The only thing I can see is how much data a website generated, but not what this data means.

And yes, the whole purpose is to hide the data from me. I don't want to know who visits your website, how long they stayed or what pages they visited. The website owner may want to know, but I can tell them without having to know myself.

[XCSme]

That sounds pretty cool.

I still think the company could somehow get access to the user data. The server enryption sounds pretty solid, and I beleive you saying that it would be really hard or impossible to get the encrypted data from the servers, but the information shown in the browser is unecrypted and accessible. Let's say your company grows and gets acquired by someone like Google and suddenly they want to get the stats of the tracked websites. Isn't there a way they could modify the UI source code, so that for example, they send back the unecrypted stats from the browser to a different server? I assume the dashboard's UI is hosted and served by your platform, so they could just add some JavaScript to it to send all data visible on screen, right?

I think your product could be really useful and I'm not trying to attack it in any way, I am just making sure I understand what the encryption means and if it does indeed provide extra value.

[franky47]

In theory, yes. But I consider Google an enemy of privacy, and I would rather burn my servers to the ground than sell them my product.

The encryption provides some protection for me: the data I acquire does not accumulate value over time (unlike clear-text data), which does not paint a giant target on my back.