Disqus is a free commenting system and a great example of "if you're not paying for it, you become the product". Unfortunately, in Disqus' case, your website visitors become the product too.
Today, I'm going to analyze what happens when you embed Disqus on your website.
I signed up at Disqus and added the installation code to a blank page (So, I'm sure every HTTP request that the browser makes is from Disqus).
Disqus makes 76 HTTP requests and fetches 2MB of data! (even with 0 comments). And, it took 7 seconds to load.
Disqus was acquired by an advertising company called Zeta Global in 2017. Obviously, advertising companies do everything to increase their revenue (Ex: the Big G).
I analyzed the network requests log. Disqus makes HTTP requests to 11 different third-party domains through the browser. All of these websites are trackers/pixels (Even some were detected as malware by my security guard).
Here are the external domains:
If you are not familiar with Pixels/Trackers, take Facebook as an example. You can place a pixel on your website to share your website traffic data with Facebook. Facebook uses this data for better personalized targeting. According to GDPR, you cannot place the code without your users' consent in the EU region. But, Disqus places all of these pixels on your website (inside their iframe) without any consent.
*In 2014, Disqus inserted Viglink affiliate links to their client sites intrusively (Source)
When you provide a free product, money should come from somewhere. Disqus uses advertising for that. Now, I subscribed to a paid plan trial of Disqus to see if things change or not. No! Even in the paid plans, the same pixels are loaded on the client-side. Looks like there's no way to opt-out from tracking.
Even I title the article "the dark commenting system", I'm not sure if Disqus is a commenting system. Journalist Martin Gundersen once called Disqus a "data machine".
Uncovering the Disqus data machine: @disqus shared the personal data of tens of millions of users without them or the websites knowing about it. thread - 1/13 pic.twitter.com/bLW4Gl2Rhf— Martin Gundersen (@martingund) December 18, 2019
As I stated earlier, Disqus is owned by data/ad company ("Data-driven marketing powered by AI"). This is a large company with more than $400 million in annual revenue. They own the "The Web's Largest First-Party Data Set". While Disqus allows third parties like Viglink to directly access your website, they also collect information by themselves and shares them with more third-parties. Twitter has also been one of their old customers. (see data.disqus.com)
If you are currently using Disqus on your website and value your user's privacy, consider migrating from Disqus to a privacy-first commenting system. One such service is Hyvor Talk, which I founded as a hobby project and now has grown into a profitable SaaS business in less than one year (with 3 employees and growing). At the time of writing this article, we serve 30 million page views per month and provide our privacy-first service for 2000 customers. You can also import your old Disqus comments to Hyvor Talk.
I got so fed up with @disqus's obnoxious ads and disregard for privacy that I finally migrated the comments of my main blog (https://t.co/2gUgV3yVEM) to @HyvorTalk, a comment system that actual values your privacy. I highly recommend you to do the same!— Bozhidar Batsov (Bug) (@bbatsov) December 7, 2020
Feel free to leave a comment below if you have any questions.