Skip to content

How 4Analytics works, and why

Here are the most important technologies when it comes to websites analytics. And whether we use them, or not, and how.

Data storage

4Analytics is a Joomla extension, not an online service. Data is stored in your Joomla database, with your Joomla articles, categories, users and all other data your site uses.

4Analytics does not store your data. You do. On your server. In your country, or at least in the country where you chose to locate your server. Your data is yours.

Speed

Most if not all analytics solutions use large javascript files that are loaded into each of your website pages. Google Analytics total loaded scripts are about 175KB. Matomo script is about 23KB.

  • 4Analytics script is 1.90KB (as of 2024-12-26)
  • because 4Analytics is a Joomla extension, the script is embedded inside your page. There's no external file to load at all, which means better Core Web Vitals

Cookies

Cookies are used by common analytics solutions to:

  • identify returning visitors and new visitors
  • track what visitors are doing on your site, including for instance which pages they visit and in which order

The problem with cookies is that they identify visitors individually. With cookies, no privacy is possible.

Another issue with them is that browsers start to block some of them, and many users have privacy software, such as ads blockers that block many cookies.

Analytics system that rely on cookies simply will not see or measure any traffic from users with privacy software on their device. Estimates and tests have shown the "lost" traffic to be significant and something that should not be ignored.

  • Most analytics services such as Google Analytics use cookies.
  • Software such as Matomo can be configured to be private and GDPR-compliant, but they are not by default. If you configure them to be compliant, then you lose lots of their capabilities
  • Existing Analytics Joomla extensions such as JRealtime Analytics use cookies and therefore require a cookie-consent extension. They are not GDPR-compliant by design and out of the box, as they require another extension to collect, store and manage user consent

As said before, 4Analytics does not use any cookie.

Identifying new vs returning visitors, counting unique visitors and visits

As 4Analytics does not use cookies, it recognizes new and returning visitors, count individual visitors and how many visits they make to your site with other techniques. Here is how it works.

New vs returning visitors

4Analytics use caching instructions and the if-modified-since request header a browser sends to learn if a user has been visiting this site in the past. It cannot tell which visitor it was, simply it knows this visitor was there before.

Some analytics solution use a variation of this technique to actually track visitors individually. They set a per-user unique identifier in the cache configuration (E-tag for instance), which renders this method roughly equivalent to just setting cookies.

4analytics does not do that and does not send any identifier that could allow a visitor to be individually recognized when they come back to the site

Unique visitors, and grouping them by visit

A visit is a series of pages viewed by the same visitor in a given period of time, typically 30 minutes (you can change that). To decide if the current page is the first a visitors sees, or whether it's their second, third or more in a row, we must identify them.

The simple way of doing this is by using a cookie - or browser storage, but we don't want to do that. So instead 4Analytics computes a visitor id, as unique as possible without using and storing personal information.

This unique visitor id is computed as follows:

1 - Start with a `salt`, a unique random string of characters. 
  The salt is changed each day

2 - Add the visitor user agent string 
3 - Add the page request language header
4 - Add the **anonymized** visitor IP address (last number group is stripped)
5 - Add whether the visitor device has a touch-screen or not
6 - Add the generic type of visitor device operating system
  (Win / Mac / Linux / Android / iOS / Unknown)
7 - Add the device resolution
8 - Add whether the device can do javascript
9 - Add the device time zone

Then compute the sha1 hash of this string. A hash is a function that turns a series of characters into a repeatable - the same input produces the same hash, but undecipherable - if you have the hash, you cannot find back what was the original string.

This is what we store for a visit, because:

  • that hash is unique given the same input
  • it preserves privacy, as the original data (IP address for instance) cannot be infered from the hash

That's how we can count unique visitors and group them by visit: if they have the same hash, there's a good chance it's the same visitor.

We don't know which visitor, but it's likely the same.