Saturday, June 13, 2015

Disqus May Harm Your Computer and Steal Personal and Financial Information

Privacy issues have been noted as inherent in the use of Disqus, which serve their content through third-party JavaScript widgets.[10][11][12]
As with other embedded web widgets, such as like buttons, the Disqus widget acts as a Web bug which tracks a user's activities, even when they are not logged in, across different sites that use the Disqus commenting system. Information tracked by Disqus, which may be disclosed to third parties, includes pseudonymous analytics data, such as a user's IP address, their web browser version and installed add-ons, and their referring pages and exit links.[13] Although these data are referred to by Disqus as "Non-Personally Identifiable Information", such data, when aggregated, has been shown to be usable for de-anonymizing users.[11]
Users wishing to avoid these issues may opt to install a privacy-enhancing web browser extension, such as GhosteryNoScript, or DoNotTrackMe, which identify widgets such as Disqus as Web bugs,[14][15] and allows them to be blocked; this renders Disqus-powered commenting sections unviewable.
Disqus has also been criticized for publishing its registered users' entire commenting histories, along with a list of connected blogs and services, on the publicly viewable user profile pages
Disqus also was criticized for not giving users control over who follows them. Prior to 2014, any user could follow any other user, but a user being followed could not control or block who was following them, which led to harassment among some users.[17]
If Disqus shuts down, hundreds of millions of comments would be wiped away from a wide range of sites, since by the very nature of the service, comment content is not being managed locally by sites implementing the service. However, it is possible for site administrators to export all of their comments as an XML document which can then be ported into other commenting systems.[18]
In September 2014, it announced an update to its privacy policy: "Disqus will be using anonymous interest data for content personalization and ad targeting."[19] BULLSHIT!
In October 2014, It was revealed that Disqus was utilizing Blackhat SEO Techniques to publicize their site off the backs of the websites which have Disqus installed. I other words Disqus steals bandwidth![20]



2013 security breach

In 2013 a Swedish group called Researchgruppen obtained and exposed a large number of anonymous Disqus identities through the application programming interface (API).[21]The group cooperated with the Bonnier tabloid Expressen, who subsequently visited some of the commentators in their homes, confronting them with allegedly racistmisogynicand derogatory sentiments. Researchgruppen, which includes people from the far left, said their database contained millions of comments from Disqus users around the world who are at risk of de-anonymization.[22][23][24] In March 2014, Expressen and Researchgruppen won the investigative reporting award Guldspaden.[25]

No comments:

Post a Comment

After you leave a comment EAT!