I coded OJStat myself, I know how it works, and I know it is safe.
One of the doubts that many people have in mind when they surf the internet is, is privacy data safe? This is a rational concern considering that there have been many victims of misuse of privacy data lately. Before I explain to you how OJStat works, I want to assure you that OJStat is safe to use. I believe that you will be more confident in the security of your privacy after knowing how OJStat works.
OJStat does use your Geolocation data
When you install OJStat and connect it to your OJS-based journal, OJStat will automatically record your geolocation data such as IP address, country, region, city, and coordinates (longitude and latitude). But you don't have to worry about your data leaking because of all the geolocation data, only IP addresses are sensitive. We recognize that you do not want your IP address to be exposed. Therefore, your IP address is automatically anonymized by OJStat before being recorded into the database.
OJStat stores your geolocation data in localStorage and not Cookies. This is so that the browser you are using does not send requests to geolocation information service providers repeatedly every time people switch from one page to another in your journal. By itself, the localStorage that stores your geolocation data will expire and be deleted.
OJStat records the system used by visitors
What is meant by system in this case is the browser brand, operating system, and device used by visitors. This information is collected together with geolocation data and sent to a PHP file in the OJStat folder for later recording into the database. The date and time of the visit is also recorded by OJStat but we know that this is not sensitive information.
Your data is not misused
Your visit data is only used to monitor journal statistics and nothing more. An anonymized IP address is required so that OJStat can display the number of unique visitors along with the average daily visits received by a journal.
OJStat is not designed to transmit data across domains
If you are worried that your data will be sent to other parties via OJStat, that is not the case. OJStat is not designed to transmit data outside the domain in which it is installed. OJStat can only accept data from other domains such as geolocation API and from OJStat blog only. That is why OJStat cannot be used in a different domain than the journal that uses it.
OJStat is GDPR compliant
As we mentioned earlier, OJStat does not use Cookies. In addition, OJStat only uses visitor information as necessary. Even if your journal gets hacked at some point, there is no vital data that hackers can take advantage of from OJStat. Basically, all data recorded by OJStat is general data that can be read through the browser console without any additional programs.
OJStat does not ask for email addresses, phone numbers, home addresses, and so on. Hence, there is nothing for visitors and OJStat users to worry about. In addition, the OJStat user has absolute control over the OJStat database, including maintaining its security.
What about journal IDs?
OJStat asks for several IDs such as Google Scholar ID, Copernicus Index, and other indexers to complete the URL of the indexer website that will display your journal. This ID is important if you want to display your journal metrics. To get your journal metrics, OJStat uses Simple HTML Dom to find relevant content from indexer web pages that display your journal metric information. The found content is then displayed on the OJStat metrics page as you can see. There is no other interest for OJStat with those ID numbers. Then, you can just not provide that ID if you don't want to display your journal metric data.
Check OJStat core files
OJStat contains JavaScript, PHP, and JSON files that are very easy to read even for novice programmers. Don't miss any of the files including frameworks like Bootstrap, Jquery, and ChartJs, if you have time to check them out. All the framework files are not modified by us.
Please open each file in the OJStat folder. Again, don't miss a single file! You may find many weaknesses in the OJStat code but one thing is for sure, you will not find any suspicious code.
Now, is OJStat safe? Yes, OJStat is safe for both users and journal visitors who use it.