|
|
|
|
|
|
by alexh1
1952 days ago
|
|
|
Are you referring to the analytics tracking (a la Google Analytics) or enforcing limits on user activity? For a GA alternative there are many and what you should look for is an analytics provider (if you don't want to self host) that rotates salts. Basically user ip hashed with a random salt that changes every 24 hours is good enough to protect user privacy while allowing you to not count every page view as a unique session. Of course everyone is counted as a new visitor after 24 hours. On the rate limiting side, great question. I'm currently writing a series of blog posts around creating your own privacy friendly products (Part 1 is targeted at apps, part 2 will be SaaS) where I'll cover this in detail. Here's a few key takeaways, if you can provide something without collecting any user data, do it. However for anything involving payment you need to at least know the users email (leaving aside cryptocurrency, I'm a big fan but it's difficult to accept as a bootstrapped business). Additionally rate limiting based on usage (which you therefore need to track) is kind of a given. The best we can do here is make sure user data is encrypted. |
|
|