Disqus is a free commenting system and a great example of "if you're not paying for it, you become the product". Unfortunately, in Disqus' case, your website visitors become the product too.
Today, I'm going to analyze what happens when you embed Disqus on your website.
Disqus makes 76 HTTP Requests per load
I signed up at Disqus and added the installation code to a blank page (So, I'm sure every HTTP request that the browser makes is from Disqus).
Disqus makes 76 HTTP requests and fetches 2MB of data! (even with 0 comments). And, it took 7 seconds to load.
Disqus Injects 11 Third-party Trackers To Your Website
Disqus was acquired by an advertising company called Zeta Global in 2017. Obviously, advertising companies do everything to increase their revenue (Ex: the Big G).
I analyzed the network requests log. Disqus makes HTTP requests to 11 different third-party domains through the browser. All of these websites are trackers/pixels (Even some were detected as malware by my security guard).
Here are the external domains:
viglink.com* - One of Disqus's major partners. Disqus use Viglink to personalize ads.
io.narrative.io - "The data streaming platform that makes it easy to buy, sell, and win."
live.rezync.com - a pixel website
idsync.rlcdn.com - another pixel (website returns 404)
netc.sfr.fr - another pixel (website returns 404)
p.rfihub.com - another pixel, malware reports on Google (website returns 404)
pixel.tapad.com - pixel, main site titled "WE PROVIDE THE WORLD’S LEADING DIGITAL CROSS-DEVICE GRAPH"
pippio.com - redirects to liveramp.com, titled "Build better data-driven customer experiences."
ib.adnxs.com - Malware site, "Adnxs appeared as the eighth-biggest name in our Tracking the Trackers data."
If you are not familiar with Pixels/Trackers, take Facebook as an example. You can place a pixel on your website to share your website traffic data with Facebook. Facebook uses this data for better personalized targeting. According to GDPR, you cannot place the code without your users' consent in the EU region. But, Disqus places all of these pixels on your website (inside their iframe) without any consent.
*In 2014, Disqus inserted Viglink affiliate links to their client sites intrusively (Source)
Nothing Changes in the Disqus Paid Plans
When you provide a free product, money should come from somewhere. Disqus uses advertising for that. Now, I subscribed to a paid plan trial of Disqus to see if things change or not. No! Even in the paid plans, the same pixels are loaded on the client-side. Looks like there's no way to opt-out of tracking.
Disqus, the Data Machine
Journalist Martin Gundersen once called Disqus a "data machine". Disqus is owned by a data/ad company ("Data-driven marketing powered by AI"). This is a large company with more than $400 million in annual revenue. They own the "The Web's Largest First-Party Data Set". While Disqus allows third parties like Viglink to directly access your website, they also collect information by themselves and share them with more third parties. Twitter has also been one of its old customers. (see data.disqus.com)
How does Disqus sell your visitors' data to third parties without your consent?
Advertising is the predominant way Disqus makes money. Advertising revenue allows Disqus to support and improve the Service. Disqus uses, and also engages third party ad partners and affiliates who use cookie IDs, device IDs (including mobile), hashed email addresses, IP address, ISP and browser information, demographic or interest data, content viewed and actions taken on the Service or Partner Sites, including information about the websites you’ve viewed and advertisements you’ve interacted within order to provide you with more relevant advertising targeted to your preferences and interests derived from your interaction with the Service, Partner Sites or other third party websites.
We partner with third parties that collect information across various channels, including offline and online, for purposes of delivering more relevant advertising to you or your business. Our partners use this information to recognize you across different channels and platforms, including but not limited to, computers, mobile devices, over time for advertising (including addressable TV), analytics, attribution, and reporting purposes."
Consider Privacy-First Alternatives
If you are currently using Disqus on your website and value your user's privacy, consider migrating from Disqus to a privacy-first commenting system. One such service is Hyvor Talk, which I founded as a hobby project and now has grown into a profitable SaaS business in less than one year. At the time of writing this article, we serve 30 million page views per month and provide our privacy-first service for 2000 customers. You can also import your old Disqus comments to Hyvor Talk.
Feel free to leave a comment below.