TL;DR : because their spam detection strategy is horrible.
Disqus is a comment service provider that gives free services to website owners to setup comment systems. I have started using Disqus a few years ago when I first setting up websites and blogs, because of its effortless way to add a comment box to seemingly any website, and the social log in feature. All seemed so good and peaceful until a day last year.
In an afternoon on the day, I got an email from Disqus suggesting my account is compromised and I need to reset my password.
Your Disqus account appears to have been used by an unauthorized 3rd party to post spam comments. We removed any newly posted spam comments and restored any previous posts that may have been edited.
To prevent further unauthorized access, we have disabled the password for your account. To set a new password, please follow the link below:
[link goes here]
We recommend that you change your password on other services that share the same password and use strong unique passwords for each. Having a shared password across multiple services is likely how the third party was able to access your account. A password manager like LastPass or 1Password can help prevent this type of access.
The Disqus Team
The email from Disqus
At the moment when I saw the email, just a few minutes after it arrived, I logged in and changed my password. By the time there are already tons of spams sent with my account.
At that time things have already started to become weird. I tried to delete all the spam messages that the hacker sent, but all I got was the fake visual effect clicking on the delete button. Everything was back after refreshing the page. Back then I didn’t care much about that, since I thought I have recovered my account back, and they know that these spams were unauthorized, I should be safe.
But not soon after, when I started to comment on some of the websites using Disqus, I saw the problem. All comments, I mean all comments , no matter how harmless they are (or they may look like), all got the “detected as spam” label next to them. I had to manually contact the site admin through other methods to get an approval. I still didn’t care much about that at the time, as I don’t really comment on blogs that much anyway.
Then after a few months I started to feel like this should be a problem to be solved. I tried to look for channels to contact their support, but all I got is their community forum, which uncoincidentally happened to be yet another Disqus Channel. (Their customer support is only dedicated to enterprise users, which makes sense in someway. Surely nobody wants to waste manpower on users never gonna pay.) I tried to post my question there, and this time there are no marks about spam on the post (that mark usually appears next to the comment I send in blogs). I had my post there and hopefully looking forward to a reply from them.
Months later until recently I encountered another blog using Disqus, which reminded me about its spam disaster. I went back to my profile page, and saw that forum post itself is also “marked as spam”.
Well, that’s really a bummer.
I then tried to comment on a few other posts trying to get the attention of the moderator, unsurprisingly all of them are barred for spam.
By looking at the Spam tag in the forum, there are a lot of other users facing similar situations (obviously not the same, otherwise they can’t post there either).
- Admin: Why are my posts with pictures being labeled as “spam?”
- Embed: Detected as spam
- Bug Reports & Feedback: Spam filter is a plague on discussion
- Bug Reports & Feedback: Submit button disapears (and many comments being marked as spam)
- Embed: My comments keep getting detected as spam
There should be more, but I couldn’t find the search box of the forum.
With that, I have switched back to the built-in comment system as I move back from Hexo to WordPress, and it makes me to think twice when commenting on other sites running Disqus, as I had to contact the site admin through other methods to get my comment approved. Sometimes I might just tell the admin what I thought.
Not to mention other aspects that repel site owners from Disqus, like annoying UI/UX, ads mixed in comments, extra network request burden, reducing number of comments, bad moderation experience, user tracking, so on and so forth.
If you are using a static site, there are plenty of alternatives that you can try:
- Utterances on GitHub Issues
- Gitalk on GitHub Issues
- Isso (self-hosted)
- Schnack (self-hosted)
- Commento (self-hosted, or pay-what-you-want cloud hosting)
- Hyvor Talk (freemium cloud hosting)
- CommentBox.io (freemium cloud hosting)
- Valine (hosted on LeanCloud in China)
- LiveRe (freemium cloud hosting in Korea)
Disclaimer: I’m just listing a few that I find interesting online. I haven’t used most of them, and I do not endorse any of them either.
Lastly, despite the fact that I’m leaving Disqus in most possible ways, I’m not deleting my account. Not that I want to give it a second chance (they didn’t give one either), but I hate to see the “comment is removed” label appear on top of my comment. I left them in hope that someone might find them useful, and I don’t want to disappoint people this way.
Tell me what you think about Disquz and its alternatives in the WordPress comment box below! If you have difficulty using this one, feel free to let me know via email, Twitter, Telegram, etc., and I’ll consider switching to yet another platform.