Why?
Privacy and analytics are fundamentally at odds. The standard approach for tools in the “privacy-first” space still involves an unacceptable level of compromise. These alternatives often rely on IP addresses and hashing schemes to track unique visitors. While better than cookies, these hashes can often be deanonymized with enough effort.
Recent academic papers highlights that even hashed IP addresses used for pseudonymization fall into a privacy grey area. Which is why I built Medama to find a solution that is even more anonymous in nature and give site owners an option to collect analytics without compromising your end-user privacy as much.
The Idea
Rather than relying on IP-based tracking that have the potential to distinguish users on an individual level, I wanted to see if we could differentiate between new and returning visitors using only the browser’s own request behavior.
As extensively explained in the official documentation, Medama uses a browser cache-based approach to track unique visitors. By observing whether a browser has already cached the tracking script’s request, we can distinguish between new and returning sessions without without knowing where the request came from.
It’s a zero-knowledge approach that respects user anonymity by design and ensures that privacy is a technical guarantee rather than just a policy promise.
Status
Medama is currently in a “maintenance” state. While I’m not actively shipping features due to other commitments, I still use it for all my own projects and keep it patched. If more time falls into my hands, I would like to return to this project in a more active capacity.