Both Fathom [1] and Plausible [2] claim to be GDPR compliant, but they are not.
They use a technique called "device fingerprinting" by collecting online identifiers, such as IP addresses, and browser characteristics for identification. Thus user consent is needed.
Plausible's fingerprinting uses a rotating salt, which is rolled daily and the previous salt is discarded. That means the hash can't be tied to a given user and their IP/browser at a later date. How is that not GDPR compliant? How is Volument better?