The free libre open source analytics software Matomo (formerly known as Piwik) is now on the fediverse:


They also have a website:

The software costs nothing if you self-host, and they also offer a paid hosted option for people who prefer it.

Unlike Google Analytics, Matomo's data stays entirely on the site that uses it. No one else has access to it, so there's no way for it to be aggregated across many sites.

@switchingsocial this is going to make my hosts file massive and cause a problem for blocklist authors.
@switchingsocial if it respects it then it's fine, I browse with javasript off other than for sites that I trust so it's fine

@switchingsocial Exactly, by default all requests by users with "Do Not Track" are droppeimmediatelytly and not stored in any way.

@switchingsocial @Matomo

I use this on all my websites, including Libreture. Do Not Track by default and the code is only included on logged-out pages.

Also records downloads without any additional work or javascript.

Very happy with it for what I need and my desire to respect visitors' privacy.

@switchingsocial I really love the idea of creating more software that is self hosted, and then offering a paid hosting option by the creators. It's a great way to fund open source projects as well as keep it accessible to those w/out the tech skills to host their own, which will no doubt improve adoption rates which is good for all open source in the long run!

@garrett @switchingsocial

I think that the new concept by Tim Berners Lee is the true future of decentralized data. Where we can host our own data and connect it to whatever applications we want whether they be self-hosted or not.

That being said, I think that once we get to a point where we have more options to go out and buy an instance of a decentralized social media platform for a monthly fee is where the growth will really happen.

@jeff @garrett

You can already start and run a Mastodon instance without technical knowledge at

Like you say, it would be brilliant if there were more sites like this, and offering instances on other kinds of networks.

@switchingsocial @garrett

I do remember seeing this awhile back. Great idea and definitely opens it up to less technically savvy people.

Once we get to a point where we can do this for all social network replacements though it will be amazing.

Being able to say that all of your digital life is truly owned and managed by you is the dream.

@jeff @switchingsocial I'm admittedly not tech savvy enough to run my own instances of everything, yet, but I'm working on it.

@garrett @switchingsocial To build what though? Sometimes it's the other way, the paid version is hosted and the self-hosted version (for security) costs more. Also I think you can combine these strategies... host the core secret sauce, but allow people to self-host the design, or maybe some/all of the data.

@pj @switchingsocial Yeah I like that idea too. My main thing is just that I want to have control over my data. I’m open to any and all suggestions and possibilities of how we get there! I’m not romantic about any one specific idea, just the ones that work!

@pj @garrett

Isn't there a danger that the "secret sauce" contains something malevolent?

By self-hosting open source you know what you're getting.

@switchingsocial @garrett Absolutely, just depends what's at stake and how much you're willing to trust the developer(s) in exchange for the value offered. Personally, if I have a really cool algorithm that I'm proud of, I'm not sharing it, and I think that's my background as an artist and growing up with Shareware, it's about a unique creative vision for me. I can appreciate businesses wanting to protect intellectual property, I can appreciate the open source model too.

@garrett @switchingsocial that's also what @yunohost is about to do (in case you don't know the project already).

@garrett 👌
Happy exploring !
The team's also on #IRC and #Matrix if you have questions 😉

@garrett @switchingsocial

That's precisely it. One of the reasons why it's necessary to have a paid version is because we need that money to sustain our open source project for the community. Being in a stable financial position gives us the ability to keep Matomo freely accessible and open. This ensures our Matomo community will always be looked after 💪

@switchingsocial @Matomo Funny, before Google started offering Urchin (aka Analytics) for free, every blog and website had self-hosted analytics usually generated from log analysis... we called it "stats" back then LOL. And lots of 3rd parties offered realtime "counters" to track (with JS) the realtime browser info like referrers. For like 10 years had no outstats tracking, the SERPS were just lists of unadulterated URLs, kinda embarrassing for Google!

@switchingsocial @Matomo
> Unlike Google Analytics, Matomo's data stays entirely on the site that uses it.

So the hosted version has access to the analytics data of all the visitors of all the sites using the hosted version, and can track people exactly like Google? (but on a much more limited subset of websites, obviously)

@mathieu @switchingsocial @Matomo
Thanks for the notice. Every customer has a completely separate Matomo instance and no data is connected between them.

@lukas @switchingsocial @Matomo that's very good to hear. 🙂

I take it you work at Matomo?

Can you share some more details about the measures taken to ensure the company doesn't link these data, now or in the future? (e.g about being bought by a bigger company which would be less ethical than Matomo seems to be)

@mathieu @switchingsocial @Matomo If you can wait until Monday for a proper response I'll forward this to the rest of the team.

@lukas @switchingsocial @Matomo I can absolutely wait.

Thank you for engaging like this, too few companies do, and it makes it much easier to trust Matomo. 🙂

@mathieu @lukas @switchingsocial

Hey Mathieu we love hearing from new community members so we're glad you're posing these important questions. We believe in 100% data ownership for each user. So the main protection our users get is the data processing agreement ( and terms of services ( Both give users assurance that data belongs to them and that we can't do anything with it 😉

@Matomo @lukas @switchingsocial hi! Thanks for answering.

I read both those documents and didn't see anything that guarantees you won't sell the data or otherwise profit from it.

I also didn't see anything about not aggregating data from a visitor across multiple websites using your hosted solution.

Did I miss it?

Hi Mathieu!

Re: selling/profiting from the data. You own all the rights to your own data, we obtain no rights to yours or your user's data so we have no right to sell it or profit from it.

@mathieu @lukas @switchingsocial

Re: aggregating data. If you use our hosting solutions you get to aggregate the data on your own account. However, since you have 100% control over what you choose to do with that data. We don't have rights to do anything with it so we can't aggregate data across accounts. You can track multiple websites in one account and choose to aggregate the data yourself, but it's not something we will do for you. Hope that addresses your concerns :)

@mathieu @lukas @switchingsocial

As for whether Matomo will ever be bought by a larger company. Our founder @matthieu has made it his mission to ensure Matomo remains a freely accessible open source platform for the future. So there are no plans to sell Matomo now or ever 😎

@Matomo @lukas @switchingsocial with a name like that, he's clearly evil! 😂

More seriously, Red Hat published a legally binding document a while ago, that if they ever get bought, the new owner will not be allowed to use their patents against FOSS, following their current pledge never to do so.

You have no intention to sell, but it could happen one day. You can take measures right now to make sure the new owner pursues your mission. ☺

@shortwings @aral it’s still surveillance of your sites visitors. I ran it for a short while as an experiment, and I was frankly shocked at what it showed me. Wrote a little more about it here:


Fair enough, but a couple more points to consider:

-It respects Do Not Track, so it won't gather info about people with that switched on

-The data gathered is only visible to the site it's on, there's no multisite mass aggregation like you get on Google Analytics

As someone noted on this thread, the idea seems to be to roll back analytics to the early days, before it all flowed through large corporations like Google.

@switchingsocial So people with the necessary skills and awareness to know how to activate DNT get privacy, and everyone without that get bupkes. That’s all that DNT provides in that case, it’s exploitative and it’s still surveillance.

Knowing how most people run their own servers (reddit threads, stackoverflow questions) I would have less than zero confidence that the data is only visible site it’s on. More likely, it’s available to the hosting company, the data centre owner, anyone who can gain access to the server.

This isn’t better, it’s just a different type of awful. Those promoting these tools fail to address this reality.


Analytics is what happens to data after it has already reached a site.

If you think all analytics is just as bad, then you have to forget analytics reform and focus on preventing the data even reaching the site.

By definition, that's not something a website owner can do. Preventing data disclosure is down to the user and their choice of software, connection, device etc.

@switchingsocial I completely disagree that its not something a site owner can do. Taking analytics data from people is a positive act, be that by logging or otherwise. Just because the Surveillance Industry provides leaky tools doesn't require owners to feed on the leaks like parasites.

And yes - ALL analytics is just as bad. There is simply no level at which it is morally justifiable.


It would be better if sites using surveillance tools like Piwik were forced by societal pressure to provide a full page interstitial confirming that you as a user can have no expectation of privacy when you access the site, with that interstitial not having any such surveillance operative.

Anything other than that is just pretence at giving a shit about people’s privacy, and merely grants those operating them the privileges they’ve come to expect from their own status.


If you have zero confidence that the data is only visible on the site visited, then your only option is to prevent the user's data ever being sent to that site.

If no site owner is trustworthy, then people have to stop using software and hardware that leaks unnecessary data.


I know that's easier said than done, which is why I run a site trying to suggest options for non-technical people:

@switchingsocial and a fine site it is too. 😃

Be nice if there were some sort of similar resource for site operators showing how to minimise data collection.


Yeah... I'm trying to stick to consumer stuff, it would be great if there was something similar for site owners.


Oh, come now! There's no obligation on site owners to not take the data? If I walk past a home with an unlocked front door, am I somehow compelled to enter the house and take the owner's TV?

What you're espousing is merely cementing the position of the surveillance regimes, and stating that only those who are permitted to lock their doors have any expectation of security.

That's a complete misconception of the entire concept of privacy, better to call it Privilege if that's all you're offering.


That's not what I'm saying.

You said you had "zero confidence" that a site's data would only be visible to that site.

If what you say is true, then even a site with no analytics whatsoever would still be leaking data to unknown third parties at the data centre, who could be running all kinds of unethical analytics apps.

@switchingsocial heh, we appear to be slightly talking past each other.

If a site is collecting analytics data, then I have zero confidence that analytics is secured in that one location. I also note that Matomo’s installation notes refer to running the analytics collection in a secondary location; i would have a less than zero confidence that that transfer can be secured in any way.

The only morally justifiable stance is not to collect analytics information at all. Anything else is, self evidently, immoral.

@switchingsocial In relation to the question of nefarious third parties collecting analytics data at the data centre end, I accept that as a profoundly difficult nut to crack. The possibility of that happening still does not offer a justification in me collecting that data.


Thanks so much for the support! You're spot on, we believe in respecting user privacy and 100% data ownership. Encouraging people to have full control over their own data is essential and it means power rests in the hands of the users, not large corporations 💪

Sign in to participate in the conversation
Mastodon is open to all users and federates with most instances.

🇩🇪 🇦🇹 🇨🇭 ist offen für alle User und ist mit vielen anderen Instanzen verbunden.