Cookieless Tracking
Statalog tracks visitors without setting any cookies, storing any persistent identifier on the visitor's device, or using fingerprinting techniques. This page explains exactly how visitor identification works and what the privacy implications are.
How visitor identification works
When a pageview is recorded, Statalog generates a daily visitor hash on the server side using this formula:
hash = HMAC-SHA256(IP address + User-Agent + site ID + daily salt)
The daily salt is a secret string that rotates every 24 hours at midnight UTC. Each day, a fresh salt is generated. Yesterday's salt is discarded and never stored anywhere accessible.
The resulting hash is a 64-character hexadecimal string. It serves as a same-day visitor token — two pageviews from the same browser on the same day will produce the same hash, allowing Statalog to count them as one visitor rather than two. Two pageviews on different days, even from the exact same device and IP address, produce entirely different hashes because the salt has changed.
What is and is not stored
Not stored: IP addresses, User-Agent strings, or any component that went into the hash. Once the hash is computed, the raw inputs are discarded immediately. The hash itself is also ephemeral — it is used to deduplicate within the current processing window and is not written to long-term storage as a persistent identifier.
Stored in ClickHouse: anonymised, aggregated pageview records containing the URL, referrer, country (derived from IP via GeoIP lookup, then IP is discarded), device type, browser family, OS family, and timestamp. None of these fields uniquely identify an individual.
Why this is not fingerprinting
Browser fingerprinting typically involves collecting a large set of browser attributes (canvas rendering, WebGL data, installed fonts, screen resolution, etc.) to create a persistent identifier that follows the visitor across sessions and websites over time. Statalog does none of this:
- No JavaScript is used to collect browser attributes beyond what is needed for the pageview (URL, referrer, screen width for device type).
- The visitor hash is computed from only two signals (IP and User-Agent), rotates daily, and cannot track a visitor across days.
- No data is shared with third parties or correlated across sites.
Comparison with cookie-based tracking
A tool like Google Analytics 4 sets a _ga cookie with a randomly generated client ID. This cookie persists for two years by default and identifies the same browser across every visit within that window. Cross-site tracking is also possible via linked properties and Google's advertising infrastructure.
With Statalog, there is no persistent identifier on the visitor's device. If a visitor clears their cookies, blocks cookies, uses private browsing, or switches devices, the outcome for Statalog is the same as if they never visited before — which is the expected and correct behaviour.
What this means in practice
Visitor counts are conservative. A person who visits your site on Monday and again on Tuesday is counted as two unique visitors, not one returning visitor. This is a deliberate privacy trade-off. Long-term return visitor analysis is not possible, by design.
No cross-day tracking. You cannot see whether the same person who read your blog post last week came back and converted today. You can see that someone converted, but not that it was the same individual as the earlier reader.
No cross-site tracking. Statalog has no concept of a global user identity. Data from your site is entirely separate from data collected on any other site using Statalog.
FAQ
Is the IP address stored? No. The IP address is used only to compute the visitor hash and to perform a GeoIP country lookup. After those two operations are complete, the raw IP is discarded and never written to any database or log file.
Can I identify the same person across multiple days? No — and this is by design. The daily salt rotation ensures that the same visitor on different days produces different hashes. There is no mechanism within Statalog to link visits across calendar days.
Can I combine Statalog data with other data sources to re-identify visitors? Because Statalog stores only aggregate, anonymised data (no IP, no fingerprint, no persistent ID), there is no field that can be joined to an external dataset to re-identify an individual. The combination of data points stored does not constitute personal data under GDPR definitions.
Does Statalog track visitors across my subdomains? Within a single site (including subdomains if subdomain grouping is enabled), the same daily hash is used. No cross-site or cross-domain tracking occurs between separate Statalog sites.