Disqus, the dark commenting system

Disqus is a free commenting system and a great example of "if you're not paying for it, you become the product". Unfortunately, in Disqus' case, your website visitors become the product too.

Today, I'm going to analyze what happens when you embed Disqus on your website.

Disqus makes 76 HTTP Requests per load

I signed up at Disqus and added the installation code to a blank page (So, I'm sure every HTTP request that the browser makes is from Disqus).

Disqus makes 76 HTTP requests and fetches 2MB of data! (even with 0 comments). And, it took 7 seconds to load.

Disqus HTTP Requests

Disqus Injects 11 Third-party Trackers To Your Website

Disqus was acquired by an advertising company called Zeta Global in 2017. Obviously, advertising companies do everything to increase their revenue (Ex: the Big G).

I analyzed the network requests log. Disqus makes HTTP requests to 11 different third-party domains through the browser. All of these websites are trackers/pixels (Even some were detected as malware by my security guard).

Here are the external domains:

If you are not familiar with Pixels/Trackers, take Facebook as an example. You can place a pixel on your website to share your website traffic data with Facebook. Facebook uses this data for better personalized targeting. According to GDPR, you cannot place the code without your users' consent in the EU region. But, Disqus places all of these pixels on your website (inside their iframe) without any consent.

*In 2014, Disqus inserted Viglink affiliate links to their client sites intrusively (Source)

Nothing Changes in the Disqus Paid Plans

When you provide a free product, money should come from somewhere. Disqus uses advertising for that. Now, I subscribed to a paid plan trial of Disqus to see if things change or not. No! Even in the paid plans, the same pixels are loaded on the client-side. Looks like there's no way to opt-out from tracking.

Disqus, the Data Machine

Even I title the article "the dark commenting system", I'm not sure if Disqus is a commenting system. Journalist Martin Gundersen once called Disqus a "data machine".

As I stated earlier, Disqus is owned by data/ad company ("Data-driven marketing powered by AI"). This is a large company with more than $400 million in annual revenue. They own the "The Web's Largest First-Party Data Set". While Disqus allows third parties like Viglink to directly access your website, they also collect information by themselves and shares them with more third-parties. Twitter has also been one of their old customers. (see data.disqus.com)

How does Disqus sell your visitors' data with thirdparties without your consent?

Actually, you give them the consent when you agree to their privacy policy.

"Advertising is the predominant way Disqus makes money. Advertising revenue allows Disqus to support and improve the Service. Disqus uses, and also engages third party ad partners and affiliates who use cookie IDs, device IDs (including mobile), hashed email addresses, IP address, ISP and browser information, demographic or interest data, content viewed and actions taken on the Service or Partner Sites, including information about the websites you’ve viewed and advertisements you’ve interacted within order to provide you with more relevant advertising targeted to your preferences and interests derived from your interaction with the Service, Partner Sites or other third party websites."

"We partner with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you or your business. Our partners use this information to recognize you across different channels and platforms, including but not limited to, computers, mobile devices, over time for advertising (including addressable TV), analytics, attribution, and reporting purposes." - Disqus Privacy Policy

Consider Privacy-First Alternatives

If you are currently using Disqus on your website and value your user's privacy, consider migrating from Disqus to a privacy-first commenting system. One such service is Hyvor Talk, which I founded as a hobby project and now has grown into a profitable SaaS business in less than one year (with 3 employees and growing). At the time of writing this article, we serve 30 million page views per month and provide our privacy-first service for 2000 customers. You can also import your old Disqus comments to Hyvor Talk.

Feel free to leave a comment below if you have any questions.

Tagged: Privacy
You can connect with me on Twitter or Linkedin.
Latest on My Blog
PHP Beginner's Tutorial
Beginner's PHP Tutorial
Image for Laravel High CPU Usage Because of File-based Session Storage
Laravel High CPU Usage Because of File-based Session Storage
Image for Resizing Droplets: A Personal Experience
Resizing Droplets: A Personal Experience
Image for Moving our CDN (10+ GB images) to a new server
Moving our CDN (10+ GB images) to a new server
Image for Creating a Real-Time Chat App with PHP and Node.js
Creating a Real-Time Chat App with PHP and Node.js
Image for All About MYSQLI Prepared Statements in PHP
All About MYSQLI Prepared Statements in PHP