Your web logs would have the following information for each download:
Date, Time, File Downloaded, IP Address of the download, total bytes downloaded. I use this information to figure out who is downloading our own binaries. What I don’t get is the “Why” are they downloading it. Are they building it as part of a larger system, SDK or framework? What do they intend to do with it. But having the numbers was enough for our particular funding agency to show that our project is being downloaded.
For HDFView, you could implement a “Is there an update available” as an opt-in feature. Again, have it ping a web page to get the current version. Then have a script to grep through the log files (our us something like Splunk) to look for the downloads. You start to get information on what versions are being used and by who (Reverse DNS lookup). For HDF5 binaries, see above.
From one small business to another I understand the statistics that you are trying to gather but putting up walls to the easy integration really does not help and in the long term hurts. You will lose statistics quickly which then means it is harder to get funding because it looks like less people are using HDF5 when in fact that may NOT be what is happening. For our project I mirror the sources on our own web server and every developer of our project then downloads HDF5 from our server in order to run the automated build script.
You could place the links to download on your site but for those that come in through a web browser it will start the download then the page refreshes with an option short survey to fill out which asks how they intend to use it. For those smart enough to use CI services and automated build scripts we can find the direct download link. I think I would rather have the total number of downloads to show my funding agency that those numbers are staying level or increasing rather than know some information about who but have a seemingly decreasing number of downloads.
To back that up I just did a quick grep through our apache log file for a 5 day period in September and counted 46 downloads to 8 unique IP addresses. This was for the 1.8.19 and 1.8.20 source codes. Doing some reverse DNS lookups of the IP addresses showed me that a few large universities in the US and a few institutions from Europe downloaded the source codes.
Hosting the codes on GitHub would allow you to track downloads. Same for hosting the binaries up on GitHub. I am pretty sure you can get the download statistics for each binary.