Pirsch is a great success so far. At least that is what I would call it from looking at the traffic on my website and the stars on GitHub. A few people on Hacker News pointed out some details you should know in case you're using it.
You can find a detailed article about server side tracking in Go here.
Another point that came up is how Pirsch generates fingerprints. The method is fine, it's just that it had one issue: the algorithm is open source and there is no randomness. Let me explain: if someone gets access to the fingerprints you generated, he could theoretically generate identical fingerprints for visitors to other websites, and therefore tell which websites a user visited by comparing them. I fixed this issue in release v1.1.0 by adding a salt you define. It should be set to something no one can guess and be treated like a password.
Additionally to the change above I extended the bot keyword list. It now includes everything that should not occur inside the User-Agent header. It now contains 365 entries, which should be enough to filter the most unwanted traffic.
Thank you, everyone, for all the helpful feedback! I would love to hear if you're using it and how well it works for you. Just send me a mail using the button (Contact me) at the top.
Would you like to see more? Read my blog articles on Emvi, my project page on GitHub or send me a mail.
This page uses concrete for styling. Check it out!