# Shynet — Privacy-Friendly Web Analytics Without Cookies or JavaScript

> A self-hosted web analytics tool that tracks visitors using server-side techniques, requiring no cookies, no JavaScript, and no personally identifiable information while still providing detailed traffic insights.

## Install

Save as a script file and run:

# Shynet — Privacy-Friendly Web Analytics Without Cookies or JS

## Quick Use
```bash
# Deploy with Docker Compose
git clone https://github.com/milesmcc/shynet.git
cd shynet
cp TEMPLATE.env .env
# Edit .env with your domain and admin credentials
docker compose up -d
# Create admin: docker exec -it shynet_main ./manage.py registeradmin admin@example.com
```

## Introduction
Shynet is a self-hosted analytics platform that gathers meaningful visitor data without using cookies, JavaScript tracking scripts, or collecting personal information. It works via a transparent tracking pixel, making it compliant with privacy regulations by design while still providing useful traffic insights.

## What Shynet Does
- Tracks page views, sessions, and referrers without client-side JavaScript
- Uses a 1x1 pixel image for tracking that works even with JS disabled
- Provides geographic, browser, and device breakdowns from request headers
- Calculates session duration and bounce rates using server-side heuristics
- Supports multiple sites with separate dashboards and access controls

## Architecture Overview
Shynet is a Django application backed by PostgreSQL. Tracking works via an ingress endpoint that logs HTTP request metadata (IP hash, user-agent, referrer) when browsers fetch a transparent pixel image. Session stitching happens server-side using time-windowed IP+UA fingerprints without storing raw IPs. The dashboard renders real-time and historical analytics from aggregated data.

## Self-Hosting & Configuration
- Deploy via Docker Compose with PostgreSQL included in the stack
- Configure environment variables in .env for domain, SMTP, and secret key
- Supports running behind a reverse proxy; set ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS
- Create services (tracked sites) via the admin panel; embed the pixel in your site's HTML
- Optional JavaScript snippet available for enhanced session tracking when preferred

## Key Features
- No cookies required; fully GDPR-compliant without consent banners
- Works with ad blockers since it uses first-party image requests instead of JS
- Primary and collaborative access levels for team-based analytics sharing
- API access for programmatic data retrieval and custom reporting
- Lightweight tracking pixel adds zero page load overhead

## Comparison with Similar Tools
- **Plausible** — JavaScript-based lightweight analytics; Shynet works without any client-side scripting at all
- **Umami** — Cookie-free but still requires JavaScript; Shynet's pixel approach works even with JS disabled
- **Matomo** — Feature-rich but heavy; Shynet is minimal and focused on privacy-first design
- **GoAccess** — Log-based analytics from existing server logs; Shynet provides a real-time dashboard with session tracking beyond raw log parsing

## FAQ
**Q: How accurate is tracking without JavaScript?**
A: Page views are highly accurate since the pixel fires on every page load. Session duration is estimated using heuristics and may be less precise than JS-based timing.

**Q: Does Shynet store IP addresses?**
A: No, IPs are hashed for session grouping and never stored in raw form. The hash is rotated daily to prevent long-term tracking.

**Q: Can I use both the pixel and JavaScript tracking?**
A: Yes, Shynet offers an optional lightweight JS script for enhanced metrics like session duration, while the pixel serves as the fallback.

**Q: How do I add tracking to my site?**
A: Embed an img tag pointing to your Shynet ingress URL on each page. The pixel is a transparent 1x1 GIF that loads instantly.

## Sources
- https://github.com/milesmcc/shynet

---
Source: https://tokrepo.com/en/workflows/asset-95eae89b
Author: Script Depot