Shynet will never be a SaaS


Jul 9, 2020

Ever since I released Shynet, my open source web analytics tool, several people have asked me if I plan to offer some kind of managed version of the service (presumably as some kind of SaaS). While these requests are super exciting and I sympathize with them—not everyone wants to manage their own servers, after all!—it’s not something that I’m considering. Here’s why.

Self-hosting is the point of Shynet

When you use a third-party analytics tool—even one with a strict privacy policy—you’re handing your visitors’ data over to another company. Even if you trust that company to handle the data properly, the data isn’t strictly in your control: the company can change ownership, adopt a different business model, or simply go out of business.

In general, if you care about privacy and control, self-hosting your analytics is better for both your visitors and yourself (or your company).

But not all self-hosted analytics tools are equal. Often, they’re watered-down versions of paid services (e.g., Fathom), or weren’t designed for self-hosting (e.g., Plausible). Others, like Matomo, are mature and featureful, but also overly complex (and, if you ask me, a bit of a chore to work with).

The point of Shynet is to build an analytics tool that is self hosted, privacy friendly, and sleek — in that order. These priorities are reflected in Shynet’s architecture: there’s no Stripe billing integration, no account tiers, and certainly no concept of third-party access. Turning it into a SaaS would conflict with the core purpose of the project.

I don’t want your data

On a more practical level, offering Shynet as a SaaS would put me in control of troves of personal data. And data is a liability from both an ethical and legal perspective. I wouldn’t touch it with a ten-foot pole.

If I misconfigure my database and someone breaks in (or something leaks out), I want that to be my problem—and only my problem. If Shynet were a SaaS, it’d be all my customers’ problem, too.

And while I built Shynet with security as a top priority, it’s a complex piece of software and almost certainly has holes. If everyone self-hosts Shynet, vulnerabilities take more effort to exploit (after all, an attacker would need to target each instance individually).

There are better tools elsewhere

I built Shynet to fill a gap I perceived among self-hosted analytics tools—not among analytics tools generally. There’s little that Shynet offers that Fathom, Simple Analytics, or Plausible don’t (though I do hope to change that over time). After all, Shynet’s advantage is that it’s designed to be self-hosted; without that, there’s little to differentiate it from other analytics offerings.

Analytics is a crowded market. It’s ruthlessly competitive. If you’re willing to tolerate handing your visitors’ data over to a third party, there are dozens of companies all fighting for your business. I don’t want Shynet to be one of them.

I’ve made up my mind

The fact that some people would be willing to pay for a hosted Shynet offering is endlessly exciting, and it’s hard for me to turn those people down. But Shynet is an open source project, not a company, and I’d like to keep it that way.

Hi! If you made it this far, maybe you want to stay in touch. You can follow me on Twitter, subscribe via Atom/RSS, or sign up for my infrequent email letter.

© R. Miles McCain 2024. Content is licensed CC BY-SA 4.0, a Free Culture License. The source code is available under GPLv3. This site collects (minimal) visitor analytics.