Skip to content

On Centralised Commenting Systems — Why I Don’t Like Disqus

UPDATE, 2011-08-29: Ben Vinegar, a Front-end Engineer at Disqus, has responded to this post. It is apparently possible for users to export their comments to a local database, display them for users without JavaScript and it is mentioned that the “scary red error box isn’t sending the right message”. These are welcome steps forward to addressing my dislike of the service.

I don᾿t like centralised commenting systems like Disqus and IntenseDebate. I am disappointed whenever I see a site using them; I want to use this post to explain why.

The Attraction to Centralised Commenting

Services like Disqus and IntenseDebate are marketed as being ‘better’ platforms for enabling commenting on blogs and articles. You essentially outsource the comments on your blog or website and have them handled by the service.

It is an attractive idea because you can outsource the more difficult things like handling spam comments and so on, and because it allows users to have a single identity with the commenting service and then use that single identity on many sites.

Making Commenting on the Web Proprietary

The primary reason that I do not like such services is because they seek to make commenting on the web proprietary. The web should be open. The web is open, for the most part, and I think it should remain that way.

Centralising commenting on your site is taking the control over the discussion over your content and handing that control to a third-party.

I think comments on blogs and so on should be as open and as simple as possible — enter a name and email address and just write a comment. Yes, that way of doing things is more open to absue such as the misuse of identity and spam and it doesn’t have the advantages of being able to connect comments from a single person together.

I understand that some of these commenting services do have a ‘Guest’ mode, but I still am concerned that users feel pressurised into getting an account with the service for fear of their comments otherwise being seen as potentially less valuable or somehow not as legitimate.

I don’t think you should feel obliged to sign up for yet another service just to make a comment on someone’s website. I don’t even think that you should feel obliged to sign in with something such as your Short-Form “Bird” Social Media Site Before It Went Terrible or Facebook identity, just to comment on a website.

I would be more inclined to accept OpenID as an authentication means in this case, because that does seem an ideal use case for the technology, but I keep coming back to my fundamental point.

I think internet commenting should be as simple and as open a system as possible, encouraging as much discussion as possible by not making it at all difficult or at all burdensome, even despite the issues with accountability and abuse that this approach raises.

For better or for worse, the web is open. I seek to keep comments in that same spirit.

JavaScript and Cookies — Accessibility Challenges

This point is less general and more of a specific issue I have with Disqus. Other centralised commenting systems might handle this better.

Most users have JavaScript enabled in their web browser. I accept that and understand that it is pretty much a necessity for browsing the web, unless you are someone like me that is happy to use NoScript for Firefox, or manually enable and disable JavaScript in Safari.

I assert the right, however, to browse most websites with JavaScript and plugins off and I will only enable them if there is a need and I decide that I trust the site in question. Disqus, specifically, requires you to enable JavaScript just to read comments. That is to say — you must enable not just JavaScript coming directly from the target site, but a third-party site.

UPDATE 2012-03-09: since I wrote this post, some Disqus-enabled sites do support basic reading of comments without JavaScript.

I understand that it might be necessary to enable JavaScript to actually post a comment, but the requirement of enabling JavaScript to just read the stream of discussion should be unnecessary from a technical standpoint and is intensely frustrating for the (admittedly small) number of users such as myself who don’t run JavaScript everywhere and anywhere all the time.

But aside from my own interests, requiring JavaScript to read comments has a profoundly negative impact on accessibility and archival of that content.

I expect the basic functionality of website to work with JavaScript off. I expect to be able to read the text of an article and read the comments and so on without having to grant that website permission to execute code on my computer. I respect that interacting with that website might require JavaScript and I consider that reasonable. But I think ‘reading’ should always work, no JavaScript required. Remember — JavaScript off is how search engines see your site.

The other issue I take specifically with Disqus is that they require you to enable third-party cookies in order to log in to the service.

A message stating 'A browser setting is preventing you from logging in. Fix this setting to log in'

I think it is disingenious and misleading to imply that your browser is broken and needs to be ‘fixed’ if third-party cookies are disabled.

I understand there might be technical reasons why this setting is a requirement to log in to Disqus, but I assert the right to browse with that cookie setting disabled and I, again, resent the notion that my browser is ‘broken’ if I have done that.


  • I think commenting on websites, blogs and articles should be open and as simple as possible.
  • Services such as Disqus and IntenseDebate seek to make internet commenting proprietary and threaten both the openness and simplicity that I believe in.
  • Complicated, JavaScript heavy solutions like Disqus add massive complexity and reduce accessibility and do not work while respecting the browser setting choices of more technical users like myself.

I would encourage anyone with a website or a blog to make sure that their comments are under their control and that they remain as accessible as possible, readable to all visitors without having to jump through hoops.

Like this post?

If you would like to support the time and effort I have put into my tutorials and writing, please consider making a donation.


  1. Gary Kennedy wrote:

    I am a novice to this whole area and was not aware of outsourcing comments to your blog. But I agree with your point of view. the web should remain open, and discussion should be liberated.

    On the java script issue, individuals like me would most likely have to bypass those sites because we do not possess the technical skills on how to accomodate their wishes. That is an additional reason for not allowing this type of behaviour.

    Wednesday, February 2, 2011 at 18:12 | Permalink |
  2. Phil Trope wrote:

    I just stumbled over this article trying to figure out what exactly Disqus was wishing me to do, for how I understood it they basically wanted me to give up any and all security, opening my system up for all the nastiness, all the script- and cookie-based threats there are.

    Well, I just made up a solution that works for me: If they want me to be an idiot, so be it. For Disqus commenting, I now use a browser I never use for anything else. It’s called Internet Explorer. I only use it for Disqus commenting, and I only use it on an 8-year-old notebook computer that gets restored every week or so. They want to set up crappy an non-sensical rules, they’ll get crappy data. Suits me. I only wished their services wouldn’t be used by, say, It makes them look stupid.

    Wednesday, May 11, 2011 at 23:53 | Permalink |
  3. Will wrote:

    I am seeing more and more sites using Disqus and it sucks!

    Half my RSS feed sites now use Disqus, which means I wont be commenting any longer. 🙁

    So lame that I have to enable its third party cookies. No thanks!!

    Thursday, May 12, 2011 at 04:57 | Permalink |
  4. David Wilkinson wrote:

    I got this message unexpectedly today and Google sent me here (so it’s not all bad…). Glancing back, I notice the site concerned is another Disqus user. I couldn’t agree more about the inappropriate ‘warm and fuzzy’ language of ‘fixing’ your browser – one of my pet hates is error messages that don’t say exactly what the problem is. The words ‘primrose’ and ‘path’ spring to mind!

    Monday, July 18, 2011 at 11:41 | Permalink |
  5. Ben Vinegar wrote:

    Hey guys, Ben from Disqus here.

    For starters – we encourage users to export their Disqus comments to a local database and render them server-side. This makes them viewable for users without JavaScript and improves search engine discovery. Our WordPress plugin does this automatically.

    Secondly, we only require third-party cookies if you want to leave a comment as a Disqus user. You can always leave a comment as a guest without enabling cookies. The experience needs to be improved though – a scary red error box isn’t sending the right message.

    – Ben

    Monday, August 29, 2011 at 07:10 | Permalink |
  6. Peter wrote:

    @Ben Vinegar

    Thanks for your comment and for clarifying the features available for local database storage of comments and having comments viewable for users without JavaScript. I don’t know whether these features were added before or after my post, but it is reassuring to know they are there. It’s still disappointing that many individual websites aren’t choosing to take advantage of them. 🙁

    I would urge Disqus to address the ‘scary red box’ issue. Clearly, it causes a proportion of users some distress, and I’m still of the opinion that it isn’t at all acceptable to imply, with that message, that something is wrong with the user’s browser if it is configured in a certain way. As I’m sure you are aware, the landscape for cookies and similar technology on the web is fast changing, with Do Not Track, changes to privacy laws in the EU regarding cookies and so on. Addressing this ‘scary red box’ issue so that it does not imply misconfiguration, or ‘brokenness’, if the user is being more selective about their acceptance of these technologies, would be a welcome step forward.

    I have updated the top of my post to reference your response. Again, thanks for leaving your comment.

    Monday, August 29, 2011 at 08:43 | Permalink |
  7. J Neal wrote:

    6 months later and those “scary red boxes” are still there. What are the odds that this issue has ever been addressed at any Disqus meetings? Apparently the very idea of creating a single- click script to hijack your browser and change settings of which most users not aware in your web browser is of no concern to them.

    My browser is not broken if I reject third-party cookies and I will not change that setting to satisfy the needs of a single entity only to open the floodgates to other third-party cookies.

    Monday, February 27, 2012 at 20:32 | Permalink |
  8. J Neal wrote:

    My comment was published and then later removed.

    Tuesday, February 28, 2012 at 17:16 | Permalink |
  9. Peter wrote:

    @J Neal

    Do you remember when this happened, or what your original comment was? I don’t have any recollection of intentionally deleting your comment.

    It is possible that you posted your comment at a time where the main server was down and the site was being served from an alternative location, and that I didn’t properly synchronise the comment database back when switching the servers back.

    Alternatively, it may have been erroneously labelled by Akismet as spam. Occasionally, when Akismet is down, a comment may be published, but later re-evaluated as spam.

    However it happened, I do apologise for losing your comment!

    Tuesday, February 28, 2012 at 21:30 | Permalink |
  10. J Neal wrote:

    No problem.
    Its back now. It appeared initially when I posted. Then was gone the next day, then reappeared after I posted my second comment. I doubt that it was held as spam as my second comment was posted immediately and never disappeared.
    If you synched the database from one server to another that could have been the cause.

    Thursday, March 1, 2012 at 17:13 | Permalink |
  11. Lyo Mi wrote:

    I wonder when they will change the “big red scary error box”. Because I still get it, and well, it’s been six months for something that can very very easily be changed by a highschool student within a day.

    That said, another likely reason why they want users to enable third party cookies so bad is for tracking purposes. All they have to do – just like Facebook’s +1 button – is set an unique cookie ID, and bamm! they can track what (disqus-enabled) websites every user visits. And that makes things more valuable for advertising.

    But like you said, the error message in its current form is disingenuous. They want you to “fix” your settings, but they don’t tell you why they really want you to fix them, and that it is mainly them benefiting from it. It is quite possible to include login forms that do not use any cookies, where you submit login and message at once (and get them filled back in again in case the login fails), but like I said, there’s more to third party cookies than merely enabling logins.

    Wednesday, March 7, 2012 at 10:37 | Permalink |
  12. fung0 wrote:

    I agree about the ‘scary red box.’ Encouraging users to enable third-party cookies puts Disqus firmly on the bad side of the privacy and security battle.

    Monday, May 14, 2012 at 15:31 | Permalink |
  13. Leonard Grey wrote:

    The ‘scary red box’ – which still exists – combined with no explanation of how your browser is broken and it will be fixed, is proof that Disqust is just another data miner looking to sell our information. They won’t get mine!

    Monday, June 4, 2012 at 19:59 | Permalink |
  14. Jim wrote:

    Even though I get that message I can still login – the message seems to be an idle threat so they can get you to accept their cookie even though you don’t really need it. FALSE ADVERTISING!

    Monday, October 15, 2012 at 02:29 | Permalink |

Post a Comment

On some sites, you must be logged in to post a comment. This is not the case on this site.
Your email address is not made public or shared. Required fields are marked with *.

Posting a comment signifies you accept the privacy policy.
Please note — your comment will not appear straight away, as all comments are held for approval.