Lightweight alternatives to Google Analytics

I'm not super familiar with the details, but there's a similar problem with SSH, I believe. When you authenticate to a server with public key authentication, either the server or the client at some point need to disclose which public keys are authorized or to try to authorize. When we do server authentication (ie. regular HTTPS) this doesn't matter: the site is public and it's not trying to hide its identity, it's trying to *prove* it to the world!

But when you're a client, you have different tradeoffs. You don't want to send that certificate everywhere all the time, because it acts as a unique token that can be used to track you across websites. Firefox has rudimentary protection against this: when I go on a site that wants access to my TLS client cert, it first prompts whether I want to actually authenticate with my cert. But that UI is terrible: it pops open all the time, at random moments, and doesn't remember the "yes I trust this site" checkbox, which seems to do nothing.

It's also not clear to me whether the server actually knows about my client cert at this point or whether the dialog is actually effective in not disclosing my identity. And that's just on firefox, which has some support for TLS client certs. I suspect the situation could be catastrophically worse on other servers.

I will also note that SSH does not have those protections *at all*. It will happily send *all* the public keys it knows about when trying to login to a random server, which is kind of disturbing when you think about it:

$ ssh -v lwn.net
[...]
debug1: Next authentication method: publickey
debug1: Offering public key: cardno:N RSA SHA256:XXXX agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Offering public key: rsa w/o comment RSA SHA256:XXXX agent
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
[...]

No confirmation prompt whatsoever here. And they would be annoying too... i guess SSH expects you to divulge your public key identity when you connect to a server... but in the wild wild web, it seems like a delicate thing to do, so I wonder if a good usability trade-off is possible at all here.