Wanted to know if anyone reads this. The Google Analytics route exists, and comes with a cookie popup, a consent banner, and the vague feeling of having betrayed someone. Went with Umami instead.
Why Umami
The main contenders for privacy-friendly analytics: Plausible, Umami, PostHog, Matomo. Spent longer evaluating them than actually setting up the winner. Went with Umami. It's lightweight (single script tag), fully GDPR-compliant out of the box, and the cloud version is free for personal sites. Self-hostable too, if that becomes relevant.
The setup
One next/script tag in the root layout. That's it.
// src/app/layout.tsx
import Script from "next/script";
<Script
defer
src="https://cloud.umami.is/script.js"
data-website-id="your-website-id"
strategy="afterInteractive"
/>
No npm packages. No wrapper components. No provider context. Five lines. Honestly a little anticlimactic given how long I spent on the evaluation.
What it tracks
Page views, referrers, browser, OS, and screen size, all aggregated, never tied to individual users. No cookies means no cross-site tracking, no fingerprinting, no consent requirements. The dashboard shows which posts get read and which pages get visited.
The D&D post is the most read one. Unclear how to feel about that.