[pgl]

I like Plausible, and ethical analytics services in general. I'd certainly use them over Google Analytics. But it does frustrate me that Plausible (and others) take the stance that because they are doing what they can to preserve privacy, they have an absolute right to collect telemetry about users.

This includes things like CNAME cloaking, and adding a local JS proxy script so that visits can be sent back to Plausible's servers to make it harder to block for the user. The user has expressed a clear preference for their visits not to be logged, and Plausible (to satisfy site owners who want every visit logged) have done whatever they can to circumvent that.

I get it - it's a business, and making sure the site owners are happy is a big part of making money. But it grates that the whole thing is supposed to be about privacy while ways to get around privacy preferences are baked in.

[jaywalk]

What aspect of your "privacy" do you believe Plausible is violating? None of the (very minimal) data they collect is even linked to you in any way. There are no cookies or any other persistent identifiers. Raw web server logs (which you cannot opt-out of, for obvious reasons) are more intrusive to your "privacy" than Plausible.

[pgl]

Is it a "strawman" argument where people try to get you to respond to a point you haven't made?

[jaywalk]

No, it's a legitimate question. There is literally nothing you can do to stop a website from logging your visit, so I don't understand your argument here. Visit logging (what Plausible does) and tracking (what Google Analytics does) are two very different things.

[pgl]

Plausible is a third party that logs visits for analytics purposes. An end user expresses their preference (eg, with some sort of blocking browser extension) that the site doesn't send details off to a third party. Then the analytics service provides an easy way to work around this preference, and if that's blocked again then they provide another way, etc. They explicitly work around the end user's choice.

Why does it matter what the reason is for the end user's preference? Or if the data is being stored in a way that's currently difficult to deobfuscate? It's ironic that the whole push is "end user privacy", ie something that benefits the end user, but multiple workarounds are offered when the end user (for whatever reason) doesn't want their visits logged on a third party.

[jaywalk]

Saying that using an ad blocker equals a user expressing their preference to not have their visit logged to a third party is a pretty weak connection.

As long as none of your personal data is involved, it's not your data. It belongs to the website operator, and they can do with it what they please.

[pgl]

(Why is it these kinds of discussions get snotty so quickly?)

I don't know how else an end user can express their preference.

IP addresses are PII under the GDPR with enough context - although honestly I don't want to go down that horrible rabbit hole.

But sure, sure, the site operators can do whatever they please. It's just Plausible banging on about being privacy friendly and ethical seems a bit ironic and is frustrating to see.

Edit: The DNT flag is explicitly ignored by Plausible as well: https://github.com/plausible/analytics/discussions/646