← All posts

How are unique users counted without using cookies?

Loglesk provides useful unique visitor data without uniquely identifying anyone. Here's how it works.

·
Tom Antok

You may be wondering:

How does Loglesk Analytics count unique visitors without cookies or tracking visitors?

It’s a good question, because many web analytics tools count unique visitors relying on tracking people. But as privacy-first tool Loglesk is designed to work differently. Instead of following people across websites, it uses a more ethical method that gives useful traffic insights without collecting any personal data.

Privacy-invasive approach: cookies and persistent IDs

Most analytics tools, like Google Analytics, assign each visitor a persistent unique ID, often stored in a cookie or local storage. This ID is sent with every pageview, so GA knows whether it’s the same user returning, or visiting multiple times over days or weeks.

This approach has some advantages as detecting users returning to the website after a longer period of time, session reconstruction, and cross-site tracking. But it also causes several problems:

  • It collects personal data (IP, User-Agent, persistent ID)
  • It requires GDPR and cookie consent banners
  • It compromises users’ privacy
  • Tools using it are often blocked by adblockers

Privacy-friendly approach: temporary, anonymized hashing

Loglesk doesn’t use cookies or collect personal data. All the site measurement is carried out absolutely anonymously. There are no persistent identifiers and no cross-site tracking.

Instead of storing personal ID of visitor in cookie, Loglesk generates a temporary, anonymous, daily changing cryptographic hash using the visitor’s IP address, User-Agent, and salt.

hash(daily_salt + website_domain + ip_address + user_agent)

This generates a random number of unique visitor that is only valid for one day. To put it simply, if someone refreshes or clicks around during the same day, they’re counted once. If they come back tomorrow, they’re counted again – as a new unique user. This method is enough to deduplicate visitors within that day. All the data is isolated to a single day, single website and single device only. The raw data such as IP addresses and User-Agents are never stored in cookies, logs, our database or anywhere at all.

Salts are rotated every 24 hours to anonymize data. It prevents the possibility of linking visitor information from one day to the next. Also it makes impossible to extract the original IP addresses from the data stored in our database.

In various tests this method has proven to be remarkably accurate when compared to using a cookie. In some cases, it might even be more accurate than using a cookie because some visitors block cookies altogether. That is why it is widely used by privacy-friendly analytics tools.

Of course, there is also a limitation. Loglesk cannot show advanced reports such as ‘New vs Returning visitors’ because they rely on having a persistent user identifier. But that’s a small cost of being fully GDPR, CCPA, and PECR compliant, and no need for cookie consent banners. This limitation isn’t a flaw – it’s the intentional result of a privacy-first design.

There’s always a tradeoff between perfect accuracy and user privacy. No analytics tool is perfectly accurate. In many cases, those that seem more accurate because they use cookies are actually less accurate because they are therefore blocked by adblockers and omit quite a lot of traffic.

For users who just need clear traffic insights, Loglesk Analytics is a great fit. But if you need deep behavioral analytics or individual user tracking, you’ll need to look for another tool that covers those use cases.

— by Tom Antok

Subscribe to Loglesk's blog

Hey!, I’m Tom. I'm building a simple alternative to Google Analytics. Here I share my learnings, tips, and tactics to help you do marketing for your projects more effectively.

Newsletter issue every 2 weeks.