Analytics Without Surveillance: Measuring What Matters Privately

You need to understand your audience. You need to know which pages draw readers, where your traffic originates, and which content resonates enough to bring people back. What you do not need — and what you should deliberately refuse — is a surveillance apparatus that tracks your visitors across the internet, builds behavioral profiles for an advertising machine, and turns your readers into data commodities. Privacy-respecting analytics give you every meaningful insight without feeding the extraction economy. Using them is not a compromise; it is a practice of sovereignty that extends to the people who visit your site.

The Problem with Google Analytics

Google Analytics is free in the way that social media is free: you pay with data. When you install GA4 on your site, every visitor’s behavior is collected — pages viewed, time spent, scrolling patterns, clicks, device information, geographic location — and fed into Google’s advertising ecosystem. Your visitors become data points in the behavioral profiles that power Google’s ad targeting across the entire internet. You get a dashboard. Google gets the behavioral surplus.

Shoshana Zuboff documented this arrangement in The Age of Surveillance Capitalism: the raw material of human experience is translated into behavioral data, and the surplus — the data beyond what is needed to improve the service — is fabricated into prediction products and sold to advertisers. Google Analytics is the collection mechanism installed on millions of websites, gathering behavioral data from billions of users who never consented to participate in a surveillance economy. When you install GA4, you are not just tracking your visitors for your benefit; you are enrolling them in Google’s data harvest for Google’s benefit.

There is also a practical problem. GA4 is complex. Google redesigned the platform from Universal Analytics into a new event-based model that even experienced marketers find confusing. The interface is cluttered with features designed for enterprise advertising campaigns, not for a solo publisher who wants to know how many people read last Tuesday’s article. The tool is overbuilt for your needs and underbuilt for your privacy obligations.

For a site built on sovereignty principles, the contradiction is hard to ignore. We write about owning your platform, controlling your data, and building outside the extraction economy — and then we install a tracking pixel that does exactly what we counsel readers to resist. The alternative is available, affordable, and better suited to what we actually need.

What Privacy-Respecting Analytics Look Like

Plausible, Fathom, and Umami are the three leading privacy-respecting analytics tools. They share a common philosophy: collect only the data that helps you understand your audience, collect none of the data that helps advertisers target them, and do it without cookies, without cross-site tracking, and without selling anything to anyone.

Plausible is a lightweight, open-source analytics tool hosted in the EU and fully compliant with GDPR, CCPA, and PECR . Its dashboard is a single page — page views, traffic sources, top content, geographic distribution, device types, and referral sources. Nothing more. The script it adds to your site is less than 1 KB, compared to the 45+ KB that GA4 loads. Your site runs faster. Your visitors are not tracked. You see everything you need.

Fathom offers a similar approach, hosted in Canada with infrastructure designed around privacy by default . It provides the same core metrics — page views, sources, top pages, geography — with a clean interface that loads quickly and tells you what matters without burying it in a maze of menus. Both Plausible and Fathom are paid services, typically running $9-14/month for sites with moderate traffic .

Umami is the self-hosted option. It is open-source, free to run, and can be deployed on any VPS you already have. If you are running a DigitalOcean droplet for your Ghost site, Umami can live on the same server or a separate small instance. The trade-off is that you handle the setup and maintenance yourself. The benefit is zero data sharing — your analytics data lives on your server, governed by your policies, visible only to you. For the sovereign builder who already manages their own hosting, Umami is the most aligned choice.

What You Actually Need to Know

The analytics needs of a solo publisher are not complex. You need to know five things: how many people visit your site, where they come from, which content they read, what devices they use, and how these numbers change over time. That is it. Every meaningful editorial and strategic decision you will make can be informed by these five data points.

Page views tell you the scale of your reach. Unique visitors tell you how many distinct people that reach represents. Traffic sources tell you which channels work — is your audience finding you through search engines, social media referrals, direct visits, or links from other sites? Top content tells you what resonates, which informs what you write next. Device breakdown tells you how to optimize your design — if 70% of your readers are on mobile, your site needs to work beautifully on a phone.

All of these metrics are available from every privacy-respecting analytics tool on the market. None of them require tracking individual users across sessions, building behavioral profiles, or setting cookies. The data is aggregate, anonymous, and sufficient. The vast data infrastructure of GA4 exists not because publishers need it, but because Google’s advertising business needs it. Your analytics should serve your decisions, not someone else’s revenue model.

What You Do Not Need

Individual user tracking — knowing that visitor #4,827 read three articles, spent twelve minutes on the membership page, and returned twice from a bookmark — is surveillance, not analytics. Session recordings that replay a visitor’s mouse movements are surveillance. Cross-site tracking that follows your reader from your site to an online store to a news site is surveillance. Detailed demographics that infer age, income, and interests from behavioral patterns are surveillance. None of these capabilities help a publisher decide what to write next or where to focus their efforts. They exist to power advertising targeting, and they have no place on a sovereignty-focused site.

The instinct to collect more data comes from the same place as the instinct to accumulate more possessions: the feeling that having it might be useful someday, even if you have no specific use for it now. It is digital hoarding. The sovereign approach is to collect what you need, nothing more, and to treat your visitors’ attention and data with the same respect you ask platforms to show you. Proportional response applies here too — measure what matters, and leave the rest alone.

The Cookie-Free Advantage

Privacy-respecting analytics tools do not use cookies. This is not just a philosophical distinction; it has a practical consequence that simplifies your life considerably. Under GDPR, PECR, and similar privacy regulations, websites that set non-essential cookies must display a consent banner — the ubiquitous pop-up that asks visitors to accept or reject cookies before they can read your content. These banners are ugly, annoying, and they create friction at the worst possible moment: the instant a new reader arrives.

When your analytics tool does not use cookies, no consent banner is required for analytics purposes. Your site loads clean. The reader sees your content immediately. The legal compliance burden drops because you have eliminated the mechanism that triggers the requirement. This is a rare case where the ethical choice and the practical choice align perfectly — respecting your visitors’ privacy also creates a better reading experience and reduces your regulatory overhead.

If you use other tools that set cookies — chat widgets, embedded third-party content, advertising pixels — the banner may still be necessary. But for a sovereign publisher using privacy-respecting analytics and minimal third-party dependencies, a cookie-free site is achievable and worth pursuing.

Google Search Console: The Exception

Google Search Console occupies a different category than Google Analytics, and the distinction matters. Search Console does not track your visitors. It tells you how your site appears in Google search results — which queries bring up your pages, what your click-through rates are, which pages are indexed, and whether Google has detected any technical issues with your site. The data flows from Google to you, not from your visitors to Google.

Search Console is a valuable tool for understanding your search visibility, and it operates independently of Google Analytics. You can use Search Console without installing GA4 on your site. The data it provides — keyword performance, indexing status, crawl errors, mobile usability issues — informs your SEO strategy in ways that on-site analytics cannot. A page might get strong traffic from social media but rank poorly in search, or rank well in search but for queries you did not intend. Search Console surfaces these patterns.

We recommend maintaining a Google Search Console account for your site even as you remove Google Analytics. The two serve different purposes, and Search Console does not compromise your visitors’ privacy in the way GA4 does. This is the kind of measured distinction the sovereign builder makes — not reflexive rejection of every Google product, but deliberate evaluation of what each tool takes and what it gives.

Setting Up Privacy-Respecting Analytics

The setup process for any of these tools is straightforward. For Plausible or Fathom, you create an account, add your site domain, and paste a small script tag into your site’s header. In Ghost, this goes in the Code Injection section of your settings — a single line of HTML. In WordPress, it goes in your theme’s header or through a simple plugin. The process takes less than ten minutes.

For Umami self-hosted, the setup requires deploying the application on a server. If you are comfortable with Docker or can follow a deployment guide, the process takes under an hour. Umami provides a web-based dashboard identical in function to the hosted alternatives — you just access it on your own infrastructure instead of theirs.

Once installed, the dashboard populates in real time. Within a day, you will have enough data to see your traffic patterns. Within a week, you will have a clear picture of your top content, your primary traffic sources, and your audience’s geographic and device distribution. Within a month, you will have trend data that informs editorial decisions. The insight ramp is fast because the tools are focused — they show you what matters without burying it in the noise of behavioral micro-data you never asked for.

The Sovereignty Alignment

Using surveillance-based analytics on a site that advocates for digital sovereignty is a contradiction, and contradictions erode trust. Your readers are paying attention — to your arguments, to your recommendations, and to whether your practices match your principles. A privacy-respecting analytics setup is a small technical choice with a large signal value: it says that sovereignty is not just something we write about, but something we practice, including in how we treat the people who read what we publish.

The cost is modest. The setup is simple. The data you receive is sufficient for every decision a solo publisher needs to make. The data you decline to collect is data that serves an advertising machine, not your editorial mission. This is the proportional response applied to measurement: know what you need to know, refuse to participate in what you do not, and extend to your visitors the same respect for autonomy that you claim for yourself.

This article is part of the Build Your Own Platform series at SovereignCML.

Related reading: The Platform Stack: What You Need to Own, Hosting: Where Your Digital Property Physically Lives, The Sovereign Creator Stack: A Complete Setup Guide