The free libre open source analytics software Matomo (formerly known as Piwik) is now on the fediverse:


They also have a website:

The software costs nothing if you self-host, and they also offer a paid hosted option for people who prefer it.

Unlike Google Analytics, Matomo's data stays entirely on the site that uses it. No one else has access to it, so there's no way for it to be aggregated across many sites.

@switchingsocial this is going to make my hosts file massive and cause a problem for blocklist authors.
@switchingsocial if it respects it then it's fine, I browse with javasript off other than for sites that I trust so it's fine

@switchingsocial Exactly, by default all requests by users with "Do Not Track" are droppeimmediatelytly and not stored in any way.

@switchingsocial @Matomo

I use this on all my websites, including Libreture. Do Not Track by default and the code is only included on logged-out pages.

Also records downloads without any additional work or javascript.

Very happy with it for what I need and my desire to respect visitors' privacy.

@switchingsocial @Matomo Funny, before Google started offering Urchin (aka Analytics) for free, every blog and website had self-hosted analytics usually generated from log analysis... we called it "stats" back then LOL. And lots of 3rd parties offered realtime "counters" to track (with JS) the realtime browser info like referrers. For like 10 years had no outstats tracking, the SERPS were just lists of unadulterated URLs, kinda embarrassing for Google!

@switchingsocial @Matomo
> Unlike Google Analytics, Matomo's data stays entirely on the site that uses it.

So the hosted version has access to the analytics data of all the visitors of all the sites using the hosted version, and can track people exactly like Google? (but on a much more limited subset of websites, obviously)

@mathieu @switchingsocial @Matomo
Thanks for the notice. Every customer has a completely separate Matomo instance and no data is connected between them.

@lukas @switchingsocial @Matomo that's very good to hear. 🙂

I take it you work at Matomo?

Can you share some more details about the measures taken to ensure the company doesn't link these data, now or in the future? (e.g about being bought by a bigger company which would be less ethical than Matomo seems to be)

@mathieu @switchingsocial @Matomo If you can wait until Monday for a proper response I'll forward this to the rest of the team.

@lukas @switchingsocial @Matomo I can absolutely wait.

Thank you for engaging like this, too few companies do, and it makes it much easier to trust Matomo. 🙂

@mathieu @lukas @switchingsocial

Hey Mathieu we love hearing from new community members so we're glad you're posing these important questions. We believe in 100% data ownership for each user. So the main protection our users get is the data processing agreement ( and terms of services ( Both give users assurance that data belongs to them and that we can't do anything with it 😉

@Matomo @lukas @switchingsocial hi! Thanks for answering.

I read both those documents and didn't see anything that guarantees you won't sell the data or otherwise profit from it.

I also didn't see anything about not aggregating data from a visitor across multiple websites using your hosted solution.

Did I miss it?

Hi Mathieu!

Re: selling/profiting from the data. You own all the rights to your own data, we obtain no rights to yours or your user's data so we have no right to sell it or profit from it.

@mathieu @lukas @switchingsocial

Re: aggregating data. If you use our hosting solutions you get to aggregate the data on your own account. However, since you have 100% control over what you choose to do with that data. We don't have rights to do anything with it so we can't aggregate data across accounts. You can track multiple websites in one account and choose to aggregate the data yourself, but it's not something we will do for you. Hope that addresses your concerns :)

@mathieu @lukas @switchingsocial

As for whether Matomo will ever be bought by a larger company. Our founder @matthieu has made it his mission to ensure Matomo remains a freely accessible open source platform for the future. So there are no plans to sell Matomo now or ever 😎

@Matomo @lukas @switchingsocial with a name like that, he's clearly evil! 😂

More seriously, Red Hat published a legally binding document a while ago, that if they ever get bought, the new owner will not be allowed to use their patents against FOSS, following their current pledge never to do so.

You have no intention to sell, but it could happen one day. You can take measures right now to make sure the new owner pursues your mission. ☺

@shortwings @aral it’s still surveillance of your sites visitors. I ran it for a short while as an experiment, and I was frankly shocked at what it showed me. Wrote a little more about it here:


Fair enough, but a couple more points to consider:

-It respects Do Not Track, so it won't gather info about people with that switched on

-The data gathered is only visible to the site it's on, there's no multisite mass aggregation like you get on Google Analytics

As someone noted on this thread, the idea seems to be to roll back analytics to the early days, before it all flowed through large corporations like Google.

@switchingsocial So people with the necessary skills and awareness to know how to activate DNT get privacy, and everyone without that get bupkes. That’s all that DNT provides in that case, it’s exploitative and it’s still surveillance.

Knowing how most people run their own servers (reddit threads, stackoverflow questions) I would have less than zero confidence that the data is only visible site it’s on. More likely, it’s available to the hosting company, the data centre owner, anyone who can gain access to the server.

This isn’t better, it’s just a different type of awful. Those promoting these tools fail to address this reality.


Analytics is what happens to data after it has already reached a site.

If you think all analytics is just as bad, then you have to forget analytics reform and focus on preventing the data even reaching the site.

By definition, that's not something a website owner can do. Preventing data disclosure is down to the user and their choice of software, connection, device etc.

@switchingsocial I completely disagree that its not something a site owner can do. Taking analytics data from people is a positive act, be that by logging or otherwise. Just because the Surveillance Industry provides leaky tools doesn't require owners to feed on the leaks like parasites.

And yes - ALL analytics is just as bad. There is simply no level at which it is morally justifiable.


It would be better if sites using surveillance tools like Piwik were forced by societal pressure to provide a full page interstitial confirming that you as a user can have no expectation of privacy when you access the site, with that interstitial not having any such surveillance operative.

Anything other than that is just pretence at giving a shit about people’s privacy, and merely grants those operating them the privileges they’ve come to expect from their own status.


If you have zero confidence that the data is only visible on the site visited, then your only option is to prevent the user's data ever being sent to that site.

If no site owner is trustworthy, then people have to stop using software and hardware that leaks unnecessary data.


I know that's easier said than done, which is why I run a site trying to suggest options for non-technical people:

@switchingsocial and a fine site it is too. 😃

Be nice if there were some sort of similar resource for site operators showing how to minimise data collection.


Yeah... I'm trying to stick to consumer stuff, it would be great if there was something similar for site owners.


Oh, come now! There's no obligation on site owners to not take the data? If I walk past a home with an unlocked front door, am I somehow compelled to enter the house and take the owner's TV?

What you're espousing is merely cementing the position of the surveillance regimes, and stating that only those who are permitted to lock their doors have any expectation of security.

That's a complete misconception of the entire concept of privacy, better to call it Privilege if that's all you're offering.


That's not what I'm saying.

You said you had "zero confidence" that a site's data would only be visible to that site.

If what you say is true, then even a site with no analytics whatsoever would still be leaking data to unknown third parties at the data centre, who could be running all kinds of unethical analytics apps.

@switchingsocial heh, we appear to be slightly talking past each other.

If a site is collecting analytics data, then I have zero confidence that analytics is secured in that one location. I also note that Matomo’s installation notes refer to running the analytics collection in a secondary location; i would have a less than zero confidence that that transfer can be secured in any way.

The only morally justifiable stance is not to collect analytics information at all. Anything else is, self evidently, immoral.

@switchingsocial In relation to the question of nefarious third parties collecting analytics data at the data centre end, I accept that as a profoundly difficult nut to crack. The possibility of that happening still does not offer a justification in me collecting that data.


Thanks so much for the support! You're spot on, we believe in respecting user privacy and 100% data ownership. Encouraging people to have full control over their own data is essential and it means power rests in the hands of the users, not large corporations 💪

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.