Home Blog Privacy update: Cookie-free tracking is the new default

Privacy update: Cookie-free tracking is the new default

Plus new site preferences, Windows 11 detection, mobile hardware - and more!

March 21, 2022

953

We’re happy to announce that our tracking is now 100% cookie-free by default, which means Clicky is now privacy-friendly out of the box. We mostly were before, e.g. we’ve been anonymizing IP addresses since GDPR became law, but tracking cookies were the one exception. You could disable them manually before, but now it’s the default. (You don’t need to update anything to get this new functionality, but you may want to double check your current privacy settings (see link above)).

There are some downsides to not using cookies of course. Unique visitors, new visitors, and returning visitors won’t be nearly as accurate. UID tags and filters will now be mostly useless. Also heatmaps – this is the one piece of data we log that’s sampled, since it takes up a lot of extra storage and bandwidth. With cookies, we were able to sample per visitor, but without cookies, that randomness can only be per pageview. These are just some of the differences. Check out our privacy policy (scroll down about half way) to see all tracking cookies and their purposes.

As for existing tracking cookies out in the wild now, we’ll only use them if a site has enabled cookie tracking. Otherwise they’ll still be sent to us, but they’ll be ignored, and they’ll eventually expire naturally. We also had a single third-party cookie (“cluid”) we used for cross-domain tracking, for those of you with multiple sites. We’re killing third party cookies entirely now, so we’ll just ignore this one 100% of the time.

Did you know that Clicky is older than the first iPhone? Can you even remember what life was like before smartphones? It was basically the stone age, but that’s the era that Clicky started from. Although we think today’s obsession with “privacy” is a bit overblown, we must change with the times, or we’ll end up like Grandpa Simpson.

Grandpa Simpson

New site preferences!

We had to change the way tracking works in order to allow cookies be controlled by the database rather than manual Javascript code on your site. While we were at it, we moved every single clicky_custom option that made sense (e.g. ones that should apply to all visitors and pages) to be settable via the UI. It’s really nice!

You can still set these options with Javascript if you want, and we let the manual Javascript one take precedence if an option is set in both places to allow for overrides – but most people will be excited to see these options, which are under the new “advanced” area of site preferences:

New site preferences

Windows 11 & mobile hardware

Microsoft decided to hide Windows 11 identification from user agent strings by default, so we’ve reported them as Windows 10 this entire time, as have all other services as far as I can tell. There is an API to request more data from a user agent though, called getHighEntropyValues(). This API is only supported by Chromium browsers, but that’s most of them. Anyways, it uses an asynchronous Javascript promise so that it could pop up a permissions dialogue to a visitor when this data is requested. No browser is doing this now, but it’s designed to allow for this.

We don’t ever want to do something by default that would pop up a permissions dialogue, but at the same time we know some of you really want Windows 11 data. So we added a new clicky_custom option, also called getHighEntropyValues (we’re using the same name to highlight the relationship), to do just that.

Unfortunately we couldn’t make this work with the new site preferences UI method, so it has to be done manually. But the good news is, if you set this up, we also request the hardware model if a visitor is on a mobile device. With this, we’ve brought back the hardware report we removed a while ago because it had basically devolved into just a mirror of the mobile OS report.

But now look how much great data there is now, if you use this new option!

Hardware report

Now, there are a lot of mobile device IDs, and some of them are kinda cryptic as you can see. But the OS icon will at least give you a clue, e.g. most of these are Android devices. And if you copy/paste any of them into Google, you will find out what the actual model is. E.g. the “SM-G781U” is a Samsung Galaxy S20. We may add a link for you to do this more easily, like we do with organizations.

And there’s another “while we were at it” task that’s been long overdue – renaming “iPhone OS” to just “iOS” now. I know, you are shocked to your very core. But seriously it’s so long overdue that it feels surprisingly good to have finally done it. We updated the existing database entries at the same time so historical data should be preserved, e.g. going back to last month you should see iOS as well – although we confirmed at least one of our databases didn’t do this properly, which means new and old data will be in two separate entries. Not the end of the world. A for effort at least.

Anyways, check it out below, along with Windows 11!

OS report

Other tidbits:

- Brazil was added to “auto privacy” country list – Since GDPR, there have been other countries releasing similar laws. Brazil is the one we hear about the most, so we’ve added it to the default “medium” privacy option – where we only apply privacy to visitors in countries that have these laws. (So now it’s all of EU/EEA, and Brazil).
- We’ve added cookie banner instructions for the “visitor_consent” option.
- If you’re self-hosting the code, which we don’t officially support, you’ll need to update it to get the new functionality.

Let us know what you think!

14 COMMENTS

jp March 21, 2022 at 11:53 am

This is great. Still love Clicky after 15 years or so 😅

My biggest gripe with Clicky these days is the Goal summary page: since keyword tracking was killed by Google this has been mostly redundant, an extra click to get to the reports.

What would be amazing is if you killed the [secure search] keyword list on the page, and instead gave us a breakdown of conversion by landing page. As this would be a summary view rather than a full visitor list this would hopefully allow more than 28 days history, too.
- Sean March 21, 2022 at 7:26 pm
  
  You’re right, the search item in that report is of no use anymore. I’ll add the landing page option to our feature request list!
Mandy Jones March 21, 2022 at 2:25 pm

Hi I see my campaign utm parameter doesn’t seem to be working. Is that due to this update? Do I need to set something? Also new Recent Visitors on the home page – is it possible to turn that off?
Thanks so much for keeping up with the privacy laws. Much appreciated.
- Sean March 21, 2022 at 7:28 pm
  
  Hi Mandy, the new update shouldn’t affect UTM parameters. They just won’t be saved in cookies by default anymore, but if someone goes to your site with utm_campaign=… in the URL, it should always show up.
  - Mandy March 22, 2022 at 6:19 am
    
    Ok I will send you more details on email. The campaign I started on Saturday does not seem to be recording in Clicky. Regards, Mandy
Michele March 21, 2022 at 10:15 pm

Is it safe to assume since you didn’t mention it (or at least I didn’t see that you did), that, we don’t need to update/change the code already on our sites?
- Sean March 21, 2022 at 10:50 pm
  
  Correct, you don’t need to do anything. You may want to double check your current privacy settings though to make sure you know where you’re at. I’ll update the article.
  - Michele March 22, 2022 at 3:31 pm
    
    Yay and thank you!
Will March 22, 2022 at 4:19 pm

Sorry if I sound like someone who has not been keeping up to date with privacy etc but this is basically about dealing with Chrome, Safari and Edge etc moving towards a cookieless future?

Also I have the Clicky’s javascript code in my main javascript file. I realise that this makes it less maintainable but many years ago I was told to combine my javascript files for performance. Which is what I did. Is this no longer so important?
- Sean March 22, 2022 at 6:15 pm
  
  Right now it’s just about the legal landscape. Privacy laws everywhere are changing fast. So we want the default setup to be 100% compliant with these laws so you don’t need to worry about keeping up! So that’s the new default – no cookies, and no personal data.
  
  We don’t support self-hosting the code but if that’s what you’re doing, you’ll want to update it to get the new functionality.
  - Will March 23, 2022 at 10:47 am
    
    Many thanks, yes makes sense trying to stay slightly ahead of the curve.
    
    I have updated the self hosted clicky code.
    
    Do you alert users to javascript code changes?
    
    Question?
    ======
    When the tech media talks about moving to a cookieless future, are they just refering to 3rd party cookies?
    
    I am hoping the bog standard website cookie that gets created when you visit a website by that website will remain? Otherwise how will a website remember that this is a returning visitor and provide a relevant user experience?
    - Sean March 27, 2022 at 11:42 pm
      
      Yes if there’s a major change to the tracking code like this one, we will always post about it.
      
      I’m pretty sure the ultimate goal is to get rid of cookies entirely. It’s very misguided, cookies are not inherently evil. Thankfully (?), the maker of the biggest browser in the world (Google Chrome) has incentive to keep cookies being a thing for as long as possible.
Alwin March 26, 2022 at 9:41 am

How about the option “Disable “sticky data” tracking cookies”? Are these cookies also disabled now by default, or do I have to disable this manualy?
- Sean March 27, 2022 at 11:43 pm
  
  Yes, *all* cookies are off by default.
  
  Sticky data is explained here:
  
  https://clicky.com/help/custom#sticky_data_disable