The Disqus Dark Web: Key Insights and Safety Tips

Under the umbrella of a freely accessible digital world, web tools like Disqus have appeared as a beacon of convenience for the majority. The well-known adage, “if it’s free, then you’re the product,” often holds true in such cases, as it does with Disqus. In this context though, it’s not just the website owners adapting the system but the visitors too who unknowingly transform into the ‘product’.

In this article, we will delve deeper to illuminate the underlying mechanisms at play when you incorporate Disqus into your website.

The Backbone of Disqus: Understanding its Mechanism

A comprehensive analysis was conducted to comprehend Disqus’ operations. In the experiment, the Disqus installation code was integrated into a blank page. This approach ensured that all the HTTP requests recorded were purely from Disqus, eliminating any risk of misleading results due to other elements on the page.

On implementation, Disqus was found to initiate 76 separate HTTP requests every time a page was loaded. This means that Disqus retrieves information from 76 different sources every time someone opens your website page. It’s like opening 76 tabs on your browser simultaneously, which can cause substantial loading delays.

Key Findings:

  • Volume of Data Fetched: Irrespective of whether or not there are any comments on the page, Disqus downloads approximately 2MB of data. This vast volume of data can significantly slow down your website speed, leading to a less than optimal user experience;
  • Loading Time: The time taken to load all of this data was a whopping 7 seconds. While this might not seem like much in isolation, in the digital world where every second counts, this can potentially contribute to higher bounce rates.

These findings expose the underlying reality of Disqus’ operations. Its integration into your website comes at the cost of site speed and in turn, potentially compromises user experience.

Analyzing Disqus: Unveiling Embedded Third-Party Trackers

Generated by a service acquired by an advertising giant, Zeta Global, in 2017, Disqus rightfully forms a part of the vast, profit-driven ecosystem of online advertising. A detailed examination of its network requests log unravels interesting albeit concerning insights – one of which is that Disqus, essentially, introduces 11 third-party trackers onto your website.

Delving into the specifics, it’s important to note that these trackers, operating via numerous third-party domains, encompass both pixels and potential malware. As part of our mission to educate our readers, we’ve enumerated the details of these external domains below:

The Disqus Affiliated Third-Party Domains and Trackers:

  1. viglink.com: A significant partner of Disqus, this domain assists in personalizing ads;
  2. io.narrative.io: Brands itself as a data streaming platform catered to buying, selling, and winning;
  3. live.rezync.com: Functions as a pixel-tracking website;
  4. idsync.rlcdn.com & netc.sfr.fr: Both operate as pixels, though their websites currently return 404 errors;
  5. p.rfihub.com: Yet another pixel with 404 errors, but also has reported ties to malware;
  6. pixel.tapad.com: Known for hosting a pixel. Its main site illustrates its operation as a leading digital cross-device graph;
  7. pippio.com: Redirects to liveramp.com, promoting better data-driven customer experiences;
  8. ei.rlcdn.com & idsync.rlcdn.com: Both domains return 404 errors and seem to employ GIF pixels;
  9. tag.clrstm.com;
  10. ib.adnxs.com: Identified as a malware site. It ranked as the eighth-largest in a data-trackers analysis.

For those unfamiliar with pixel/trackers, consider Facebook as an example. By placing a pixel on your website, you can share your website traffic data with Facebook, which in turn uses this information to fine-tune their targeting. However, GDPR mandates user consent for such actions in the EU region. Raising eyebrows, Disqus injects these pixels into your website, within their iframe, without obtaining explicit consent.

Exploring Disqus: Investigating the Impact of Paid Plans

The digital world runs on a simple yet irrefutable axiom: when a product or service is offered for free, its monetization must come from elsewhere. Disqus stands as a testament to this rule, leveraging advertising to sustain its free commenting system. However, what truly astounds is the fact that this strategy persists even in the case of its paid plans.

To place this under scrutiny, a trial subscription of Disqus’ paid plan was acquired. The aim was to ascertain if opting for a paid service would bring about any variation in the tool’s behavior. The findings, however, were startling.

Findings:

  • Persistent Pixels: Surprisingly, engaging with a paid plan did not alter Disqus’ modus operandi. The same tracking pixels continued to load on the client-side, indicating a lack of any significant change in the tool’s functionality;
  • No Opt-Out: An even more concerning insight was that there appears to be no mechanism to opt-out from Disqus’ tracking. This suggests that even website owners opting for a paid Disqus plan cannot avoid tracking and its potential consequences.

Hence, it transpires that moving from a free to a paid Disqus plan does not affect the tracking practices in any discernible way.

Type Casting in PHP: Balancing Precision and Efficiency

In the realm of programming, specifically in PHP, type casting assumes paramount importance. It’s a technique that involves converting a variable from one data type to another. This process can be likened to the intricate mechanisms we’ve explored within Disqus – ensuring compatibility and efficient operation.

Type casting in PHP allows developers to achieve precision in data handling and computational efficiency. It permits the manipulation of variables, ensuring they align with the specific requirements of a given operation. Just as we’ve meticulously analyzed Disqus’ operations, developers scrutinize and fine-tune their code to ensure it performs optimally.

Colleagues working together in the office

Prioritizing Privacy: A Call to Switch to User-First Commenting Systems

For those website owners already incorporating Disqus but concerned about preserving user privacy, it might be time to reevaluate your choice of commenting system. A shift towards user-first commenting platforms, such as Hyvor Talk, can be a worthwhile consideration.

Originating from a hobby project, Hyvor Talk evolved into a profitable Software as a Service (SaaS) business within just a year. Today, it boasts a dedicated team of three and caters to over 2000 customers, serving 30 million page views on a monthly basis.

One of the many attractive features of Hyvor Talk is its priority on privacy. It ensures customer data is not shared with third-party agents, making it a secure alternative. Moreover, with Hyvor Talk, you don’t need to worry about losing past comments, as you have the option to import all existing Disqus comments conveniently.

Website owners discontented with Disqus’ intrusive ads and privacy breaches have started exploring alternatives. Many have transitioned to platforms like Hyvor Talk, electing a service that truly values privacy. Adopting such a switch is highly recommended for those who wish to maintain an engaging and interactive space while also respecting their users’ privacy needs.

Conclusion

As we navigate the digital landscape, the need for secure and privacy-centric tools continues to escalate. Disqus, while effective as a commenting system, raises several red flags with its undisclosed data tracking and sharing practices. Website owners must consider these factors and weigh the implications before deciding on embedding such tools on their platforms. The quest for user engagement should not compromise the privacy of those users. Exploring alternatives like Hyvor Talk, which prioritize user data privacy, can be a step towards fostering a safer, more trustworthy digital environment.