Privacy update: Cookie-free tracking is the new default

We’re happy to announce that our tracking is now 100% cookie-free by default, which means Clicky is now privacy-friendly out of the box. We mostly were before, e.g. we’ve been anonymizing IP addresses since GDPR became law, but tracking cookies were the one exception. You could disable them manually before, but now it’s the default. (You don’t need to update anything to get this new functionality, but you may want to double check your current privacy settings (see link above)).

There are some downsides to not using cookies of course. Unique visitors, new visitors, and returning visitors won’t be nearly as accurate. UID tags and filters will now be mostly useless. Also heatmaps – this is the one piece of data we log that’s sampled, since it takes up a lot of extra storage and bandwidth. With cookies, we were able to sample per visitor, but without cookies, that randomness can only be per pageview. These are just some of the differences. Check out our privacy policy (scroll down about half way) to see all tracking cookies and their purposes.

As for existing tracking cookies out in the wild now, we’ll only use them if a site has enabled cookie tracking. Otherwise they’ll still be sent to us, but they’ll be ignored, and they’ll eventually expire naturally. We also had a single third-party cookie (“cluid”) we used for cross-domain tracking, for those of you with multiple sites. We’re killing third party cookies entirely now, so we’ll just ignore this one 100% of the time.

Did you know that Clicky is older than the first iPhone? Can you even remember what life was like before smartphones? It was basically the stone age, but that’s the era that Clicky started from. Although we think today’s obsession with “privacy” is a bit overblown, we must change with the times, or we’ll end up like Grandpa Simpson.

Grandpa Simpson

New site preferences!

We had to change the way tracking works in order to allow cookies be controlled by the database rather than manual Javascript code on your site. While we were at it, we moved every single clicky_custom option that made sense (e.g. ones that should apply to all visitors and pages) to be settable via the UI. It’s really nice!

You can still set these options with Javascript if you want, and we let the manual Javascript one take precedence if an option is set in both places to allow for overrides – but most people will be excited to see these options, which are under the new “advanced” area of site preferences:

New site preferences

Windows 11 & mobile hardware

Microsoft decided to hide Windows 11 identification from user agent strings by default, so we’ve reported them as Windows 10 this entire time, as have all other services as far as I can tell. There is an API to request more data from a user agent though, called getHighEntropyValues. This API is only supported by Chromium browsers, but that’s most of them. Anyways, it uses an asynchronous Javascript promise so that it could pop up a permissions dialogue to a visitor when this data is requested. No browser is doing this now, but it’s designed to allow for this.

We don’t ever want to do something by default that would pop up a permissions dialogue, but at the same time we know some of you really want Windows 11 data. So we added a new clicky_custom option, also called getHighEntropyValues (we’re using the same name to highlight the relationship), to do just that.

Unfortunately we couldn’t make this work with the new site preferences UI method, so it has to be done manually. But the good news is, if you set this up, we also request the hardware model if a visitor is on a mobile device. With this, we’ve brought back the hardware report we removed a while ago because it had basically devolved into just a mirror of the mobile OS report.

But now look how much great data there is now, if you use this new option!

Hardware report

Now, there are a lot of mobile device IDs, and some of them are kinda cryptic as you can see. But the OS icon will at least give you a clue, e.g. most of these are Android devices. And if you copy/paste any of them into Google, you will find out what the actual model is. E.g. the “SM-G781U” is a Samsung Galaxy S20. We may add a link for you to do this more easily, like we do with organizations.

And there’s another “while we were at it” task that’s been long overdue – renaming “iPhone OS” to just “iOS” now. I know, you are shocked to your very core. But seriously it’s so long overdue that it feels surprisingly good to have finally done it. We updated the existing database entries at the same time so historical data should be preserved, e.g. going back to last month you should see iOS as well – although we confirmed at least one of our databases didn’t do this properly, which means new and old data will be in two separate entries. Not the end of the world. A for effort at least.

Anyways, check it out below, along with Windows 11!

OS report

Other tidbits:

    • Brazil was added to “auto privacy” country list – Since GDPR, there have been other countries releasing similar laws. Brazil is the one we hear about the most, so we’ve added it to the default “medium” privacy option – where we only apply privacy to visitors in countries that have these laws. (So now it’s all of EU/EEA, and Brazil).
    • We’ve added cookie banner instructions for the “visitor_consent” option.
    • If you’re self-hosting the code, which we don’t officially support, you’ll need to update it to get the new functionality.


Let us know what you think!