I'm confused. Open up Plausible, look for /event in your inspect element (devtools in chrome), look at the IP address that it connects to. Run that IP through ipinfo.io and see which country comes up. If it's the US, it's illegal (as per this entire thread).
What's childish about me not wanting people to potentially get fined?
Yes, I just checked it. It is a testing environment deployed on Cloudflare Workers. What's the problem here exactly? It is the same exact script using the same exact tech behind Plausible.
At what point exactly are they going to get fined? I don't understand so I would love to know, so as long as you actually manage to answer with somewhat of a technical depth.
Maybe you should do one of those "Fathom vs Plausible" pages on your website, then point out that Plausible is using a testing environment and because of that they will be fined.
Sure, happy to explain further. You have found the testing /event but there is another (make sure your ad-blockers are off).
I've put together the details here in an image, so it's easy to follow (https://imgur.com/a/9wEanqD). Hope that explains what I'm talking about.
Sending data from the EU to US-controlled cloud infrastructure is illegal. Please read the noyb article again, read the Schrems II ruling and read the EDPB's advice.
But Plausible doesn't send its data to US-controlled cloud infrastructure? By the looks of it, they're using a self-hosted testing environment through a CDN.
This is unique to Plausible itself and not the services they provide for their customers.
Why do you insinuate misbehavior from a competitive company when you don't have actual proof?
You have the URL of a CDN network that is hosted in the US. What you don't have is the proof of this data being stored in the US. Because it is not. Their FAQ pages clearly state that none of the data is ever stored outside of EU.
Last but not least, you entirely missed my point. Plausible is an extremely successful business, do you really believe they would risk their reputation / livelihood without understanding Schrems II or otherwise?
I honestly have nothing else to say mate. But good luck with Fathom. I am sure it will be a great success.
Yes they do. It's not just about data being stored, it's data processing as a whole. You cannot casually pass EU data subject Personal Data to US-controlled infrastructure.
Your website visitors Personal Data is processed on US-controlled cloud providers. I've provided evidence that folks reading this need to be careful when choosing analytics software, and I'll leave it at that. I hope to see Plausible move to an EU Isolation approach which doesn't involve US cloud providers.
You have not provided a single ounce of technical proof that Plausible processes their customer data in the US. Furthermore, you have somehow managed to overlook the fact that Plausible does Cookieless tracking without actually tracking any "Personal Data" signals.
I wonder what Paul thinks of your attempts to fear monger people into thinking your crappy product is superior to an open-source alternative.
But hey man, good luck with Fathom. It will be a great success.
I have no skin in this game, but Jack clearly demonstrated that data is passing through servers that our controlled by US-owned entities - namely Cloudflare and Digital Ocean ... what am I missing ?
Just posted this thread to a friend and they said I wasn't being 100% clear, so I apologize. I'll clear things up.
Using EU servers that are owned by a US company (e.g. AWS deployed in the EU, DigitalOcean deployed in the EU) is a violation of the Schrems II ruling. The way you check this is by looking at the IP addresses the analytics software are using, seeing where they're located and who they're owned by. You can then run that IP in ipinfo.io to get information about who controls that IP. If it's a US cloud provider, regardless of server location, it's a GDPR violation.
The English translation of the ruling can be found here. They go into detail within the rulings about the transfer of Personal Data (IP & User Agent) to servers that cannot be protected from US surveillance laws: https://noyb.eu/sites/default/files/2022-01/E-DSB%20-%20Goog...
"This is a very detailed and sound decision. The bottom line is: Companies can't use US cloud services in Europe anymore. It has now been 1.5 years since the Court of Justice confirmed this a second time, so it is more than time that the law is also enforced."
- Max Schrems
All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.
For our self-hosted version, you can install it with any cloud provider and in any country you wish. Even in the USA. That's the testing one we had on our site as we're testing the latest release of our self-hosted version on our own website. This has nothing to do with what our customers place on their sites.
What's childish about me not wanting people to potentially get fined?