How we do analytics without cookies

Conventional analytics invents a unique identifier for each visitor, so they can recognize that when you view different pages, you’re the same person.

They store this information in a cookie, which is just a piece of information stored on your computer.

There are many problems with cookies:

  • They can track your behavior between multiple websites (e.g. Google/Facebook knows almost everything their users do) and users have no idea
  • They can persist almost forever

Silktide Analytics is different. We don’t use cookies, and we don’t store any user data.

Here, we’ll outline the journey that your user data takes when visiting a website containing the Silktide Analytics script. We’ve split it into three parts, “Data Collection”, “Data Journey”, and “Privacy Preservation”.

Data collection

Step 1: Load the Silktide Analytics script

Silktide’s lightweight script is fast-loading at just 18 kB. It doesn’t set or require cookies.

Step 2: Establish if you are a new user

Privacy is the main priority for Silktide Analytics, so we do not store your IP address or User Agent alongside your browsing history. For your user data to be anonymized, we need to perform some math functions.

hash(ip + userAgent + propertyId + salt)
  • To identify a visitor, Silktide Analytics combines their IP address (ip) and User Agent (userAgent) using a cryptographic hash function with a rotating salt. That’s a mathematical way of encrypting some data in a way that cannot be reversed.
  • The resulting hash (hash) is a unique identifier for the visitor that cannot be reversed or used to track them across websites.
  • The hash is unique to each website (propertyId), which means it’s not possible to track the same visitor across multiple websites. We use SHA-256 (an industry-standard hashing algorithm) to generate our hashes.
  • The IP address and User Agent are immediately forgotten upon creating the unique identifier.
  • The salt changes every 24-48 hours, which means the identifier also changes every day. The addition of salt also means that Silktide Analytics doesn’t need to store any personally identifiable information (PII), nor is able to restore any.
  • The salt is never stored. After 24-48 hours, it is deleted forever. This means the hashes are not reversible, by Silktide or by anybody else.

When a user lands on a web page containing the Silktide Analytics script, a check is made against the unique identifier. If one is found, that user is classified as a returning visitor. If not, they are considered a new user.

All users are considered new if it’s been more than 24-48 hours since their last visit.

Data movement

Step 3: Send a page-view event

Once a user is identified as new or returning, a page-view event is sent to Silktide’s servers. The event looks similar to this:

{
"propertyKey": "5hej242d435g4k58l70f71043fwsr2733",
"url": "https://silktide.com/resources/",
"referrer": "https://silktide.com/",
"viewWidth": 885,
"events": [
{
"event": "page_load"
}
]
}
  • The propertyKey is the unique identifier for our customer’s web property (i.e. their website or collection of their websites). Because we’ve included the propertyId in the hash function, the same visitor across different customers has a different identity to us. So even if we wanted, we could never determine if a visitor to one customer was the same as a visitor to another.
  • The url is the current web page the user has viewed
  • The referrer is the previous website the user visited. For privacy purposes, the full path is not stored or transmitted, only the domain.
  • We store the viewWidth of the user’s browser as a way of reporting what kind of device the user is visiting from.
  • events are either built-in Silktide Analytics events ( like a page_load) or any custom event you set up yourself, like a specific button click or checkout submission.

All data is stored in the customer’s region of choice, either the EU or the US.

No data is transmitted between the two regions – they are entirely separate. This data segregation ensures your compliance with local privacy laws.

Step 4: Count bounce rate, time on page, and frustration events

Silktide measures common events that you’d expect in an analytics platform, but without you having to set up any complicated additional scripts.

By default, we include a measure of time spent on the page, and whether a user visits only that page before leaving. We also measure how far down a page a user reads, which helps you understand how engaging your content is. We show click events that have no outcome as a measure of user frustration.

All this information is presented in heat maps, which are unlimited and available on every page you have tested with Silktide.

An example of the types of events Silktide measures to report on this data is outlined below:

{
duration: 8,
event: "page_update",
maxScroll: 100,
readToSelector: "#blog-post-1",
readWords: 709,
totalWords: 4231,
usedKeyboard: false,
usedMouse: true,
usedTouch: false,
}

Privacy preservation

Step 5: Customer data is privacy-safe

Your customer data has now completed its journey. By using the methods above, it’s possible for you to comprehensively track user behavior without invading their privacy

  • Silktide Analytics preserves privacy by not using cookies
  • Visitors are given unique identifiers that cannot be tracked across websites
  • Silktide Analytics never stores any personally identifiable information (PII)
  • Silktide Analytics deliberately never stores text entered into a search box or a form, including query parameters
  • Referrer data is simplified to just the website and not the specific webpage

Why does Silktide need to use a consent banner for Analytics?

A recent change in the interpretation of EU law has stated that every analytics platform, whether it uses cookies or not, must now ask for consent to track user behavior.

Under PECR, website users must give prior consent before an analytics solution sets tracking technologies – regardless of whether the data is personal data or not.

Notably, platforms like Google or Facebook, which have their tracking pixels across many millions of websites, can track user behavior on whichever website they visit. They use this data to create a profile of a visitor and serve adverts. This is why you see adverts related to things you may have recently searched for or websites you’ve recently visited, regardless of which website you are currently visiting.

Our analytics solution is designed with privacy first. We can see a visitor as returning if they come back within 24-28 hours, but after that, they are completely forgotten and appear as a new user. However, during the time they visit, we can still give you all the statistics you’d expect from an analytics platform like the pages visited, the length of visit, and more. On top of this, we include an unlimited heatmap solution, so you can see user behavior on every page of your website.

I have more questions

Head over to our frequently asked questions page for more details about Silktide Analytics.

Analytics built for web managers. Get your demo today

Back to top