I agree wholeheartedly with this, and also toss simpleanalytics into the ring. They explicitly advertise the ability to bypass blockers and set up custom subdomains on their frontpage, which IMO _the person that is blocking it does not wish to send telemetry_, forcing them to do it is both a forced opt-in and rude as hell.
If you are going to try to turn a profit by yelling about how you're so respectful and compliant, maybe not intentionally try to bypass end-users' explicit, human-set, consensual opt-out with your forced shady opt-in.
You are not being "privacy friendly", you are refusing the user's explicit "no consent, please don't do this" and forcing yourself on them anyway.
--
An unrelated note on technical infrastructure: many of these projects are EU based and proudly tell everyone that they are EU based.
Both Fathom [1] and Plausible [2] claim to be GDPR compliant, but they are not.
They use a technique called "device fingerprinting" by collecting online identifiers, such as IP addresses, and browser characteristics for identification. Thus user consent is needed.
Plausible's fingerprinting uses a rotating salt, which is rolled daily and the previous salt is discarded. That means the hash can't be tied to a given user and their IP/browser at a later date. How is that not GDPR compliant? How is Volument better?
If you are going to try to turn a profit by yelling about how you're so respectful and compliant, maybe not intentionally try to bypass end-users' explicit, human-set, consensual opt-out with your forced shady opt-in.
You are not being "privacy friendly", you are refusing the user's explicit "no consent, please don't do this" and forcing yourself on them anyway.
--
An unrelated note on technical infrastructure: many of these projects are EU based and proudly tell everyone that they are EU based.
Unfortunately, for example - see https://en.wikipedia.org/wiki/CLOUD_Act:
- Plausible hosts on DigitalOcean
- Plausible uses Cloudflare
- Simpleanalytics uses Cloudflare
- Fathom is on AWS