If you are not an expert web-developer and in-the-know of the technology landscape, there are tons of tools, websites and services to choose from that still allow you to spin up your website with ease. A good chance that this includes a blogging facility where people can leave comments on the stuff you write.
Now most often the technology that facilitates the commenting is Disqus. It comes conveniently integrated and packaged. Free to use…
However, as humanetech aware persons we are all aware that most often: If you’re not paying for it, its because you are the product!
Warning: Avoid Disqus like the plague!
The reasons why are well explained in the following article:
Well, well. An important read, I think. I never looked deeply into Disqus. What I was wondering is: could you force Disqus to forget about you using a GDPR-based request? And what I also was wondering was: what providers of blog services automatically add Disqus to your mix? Wordpress.com (where I host my site, paid), maybe?
Disqus already offers a strong Do Not Track (DNT) framework. This includes both honoring DNT settings from browsers and allowing users to opt-out of tracking within Disqus for targeted advertising and content recommendations. Currently, users with Disqus accounts can update their settings to opt-out of tracking across all devices and browsers where they are logged in. Logged-out users or readers without Disqus accounts can also opt-out of tracking for individual browsers.
A key piece of our planned updates is to expand on this framework and create a new feature called Privacy Mode that users can opt-in to from the Data Sharing Settings page. When a user is in Privacy Mode, Disqus will not collect or process any personal data, as defined by GDPR. In cases where we do not have a lawful basis for processing personal data we will apply Privacy Mode to requests from IP addresses associated with an EU country.
So, I was wondering, how would this impact actual data collection? Disqus also writes:
Data Recipients
We work with LiveRamp to help marketers connect browsers and devices with data from other sources that has been obfuscated to remove any directly identifying information. LiveRamp provides a privacy policy and opt-out options.
We share your web browsing activity with Viglink to allow advertisers to personalize ads based on the types of products and services in which you seem to be interested. You may read Viglink’s privacy policy and opt-out.
We share your web browsing activity with Disqus’ parent company, Zeta Global, to enable personalized marketing based on your perceived interests. Please see Zeta’s privacy policy.
What really struck me was the phrase “help marketers connect browsers and devices with data from other sources that has been obfuscated to remove any directly identifying information”. That translates for me to: we use big data analytics to circumvent your attempts at getting privacy.
Disqus always looked “friendly” to me from the outside, with a nice UX and important mission. But this amount of tracking (and generally polluting their customer’s websites) is really ugly.
If you are currently using Disqus on your website and value your user’s privacy, consider migrating from Disqus to a privacy-first commenting system. One such service is Hyvor Talk, which I founded as a hobby project and now has grown into a profitable SaaS business in less than one year (with 3 employees and growing).
Haha, excellent plug of the writer’s company. I really didn’t see it coming.
You can try and see what happens! Disqus is an US-based company. I did a GDPR data request to Goodreads once last year, also a US-based company, and got this answer:
As a business based in the United States, Goodreads complies with laws in the jurisdictions where it operates. We are always considering how to reach more readers and improve the experience for our users, and if Goodreads expands its operations to the EU we will comply with all relevant laws and policies, including GDPR.
So they didn’t grant my request for this reason. I did a quick analysis of the relevant GDPR laws, and my conclusion was that they should already comply with GDPR law. But I’m definitely not a legal expert so take that analysis with a grain of salt.
I believe Wordpress has their own commenting system which is hosted in your Wordpress installation itself, which shouldn’t be loaded with trackers. But probably there’s a Wordpress plugin available for Disqus! Good question otherwise!
The HN discussion may point to more alternatives, and some search will too. There are tons of commenting systems.