Profile picture
, 18 tweets, 9 min read
My Authors
Read all threads
Uncovering the Disqus data machine: @disqus shared the personal data of tens of millions of users without them or the websites knowing about it. thread - 1/13
During reporting for @NRKbeta I found that several well-known sites appear to send user data through @disqus . Some of them are: @wirecutter, @9to5mac, @ZDNet, @pcgamer. Political sites were also affected: @thehill, @BreitbartNews, @realDailyWire, and @gatewaypundit 2/13
The company says that 2 billion unique users hit their platform each month, but the number could likely be far lower. Disqus would not disclose the % that have their data shared. 3/13
This is all a result of something called "Disqus data sharing", which I am told, is on by default. The sharing has been activated since at least September 2017, but it could also be longer. 4/13
Due to the #GDPR, Disqus only shares data from users in Europe that have explicitly consented. This is not the case in the US - a test showed that 20 domains likely received personal data. When data sharing is turned on in Europe - far fewer parties also receive data. 5/13
So even though a website has enabled data sharing, EU citizens need to opt in. This is based on the country origin of the IP-address. #GDPR consent form looks like this: 6/13
Finding the setting for websites is not that easy: Rory McCafferty of @thehill had a typical response: "We appreciate you bringing this to our attention. We were also unaware of this setting within Disqus as it is somewhat buried, and we have turned it off". 7/13
Of the top sites I found a conservative estimate of affected users are in the tens of millions, but over the years it would likely have been many more. According to @builtwith 16.000 of the 1million most visited sites uses Disqus. Not sure of the % that enables data sharing 8/13
A positive spin on the story: I reached out to 23 sites - of the 11 that responded - all told me they had removed the data sharing. 9/13
Disqus, through the owner @ZetaGlobal, also admitted that they had processed and shared personal data in violation of the #GDPR. They did not know that Norway, Iceland, and Liechtenstein adopted the privacy law in 2018. 10/13
For the record: That made the Norwegian DPA (@Datatilsynet) quite upset. They said: "you can't murder someone and then say you did not know it was unlawful". @ZetaGlobal fired back: "Comparing data sharing to murder is abhorrent and despicable." 11/13
The company is now deleting data collected without a "lawful basis of processing" in the three countries and have told us that they will from now on be treated as other GDPR countries. 12/13
For the record: "All publishers are provided with Disqus terms of service and always have the option to opt-out at any time. We will further inform publishers that due to the oversight we are clearing all EEA data and users will re-register for consent." 13/13
Article in Norwegian: nrkbeta.no/2019/12/18/dis…
Article in English (Google translate): translate.google.com/translate?sl=n…
Part 2 of the @disqus data sharing saga:
UPDATE: 4 of 6 Norwegian sites that shared data through @disqus have removed the service. They tell they don't trust the company, even though users are supposed to be in "privacy mode" by default.
Finally - shout out to @thezedwards who helped solve several parts of the puzzle. @evajarbekk, @sisomm helped with some of the legal confusion (who is it compliant?!), @conzentio for starting the reporting, and @CybotCorp for list of Norwegian Disqus sites.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Martin Gundersen

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#GDPR

More from @martingund see all

Profile picture
Martin Gundersen
@martingund
Uncovering the Disqus data machine pt.2: This figure shows the difference between the regular European experience of using a site with @disqus and the American one. (LONG THREAD)
My reporting on @disqus started with a tip - the consulting company @conzentio thought it was weird that the comment section widget from Disqus could share so much data. They had a fair point, and it turned out that it breached the #GDPR
The chart is actually lying - @LiveRamp refuses to receive data from Norwegians (451 status code) - so far fewer companies receive private information.

One might say that LiveRamp boosts the data sharing between companies. (They have not responded to my request for comment)
Read 15 tweets

Related threads

Profile picture
Manuela Tobías
@manuelatobiasm
#THREAD on how this @FresnoBee story came together.

This is an issue that is rarely talked about but gets in the way of advancing out of poverty. bit.ly/32kWPI5
@FresnoBee During reporting, I learned that some people pull out their own teeth; dentures are stolen; and some dentures are so painful people ditch them and chew with their gums. After a house fire, a man lost his ID and his chance to get dentures.
bit.ly/32kWPI5
@FresnoBee I dug up Gina’s story on @gofundme. Her teeth are yellow, crooked and browning. Some crumbled off like chalk, and others are decaying. She considers herself an extrovert and dreams of opening her own business, but shame pushed her into the shadows. bit.ly/32kWPI5
Read 7 tweets
Profile picture
GreatGameIndia
@GreatGameIndia
#Thread
#populationcontrollaw is actually #Agenda21 which is British policy to reduce population of former colonies like India through various sterilization & other policies peddled through United Nations and popularised by Hollywood to effectively keep nations under their orbit.
In 1974 US National Security Council under Henry Kissinger completed classified 200-page study “National Security Study Memorandum 200: Implications of Worldwide Population Growth for US Security & Overseas Interests” advocating #populationcontrollaw for nations like India.
NSSM200 claimed that population growth in so-called Lesser Developed Countries (LDCs) like India was grave threat to US National Security & outlined covert plan to reduce population growth in nations like India through birth control & implicitly war & famine #populationcontrollaw
Read 23 tweets
Profile picture
The Columbia Bugle 🇺🇸
@ColumbiaBugle
#Thread Senator @HawleyMO With Perhaps the Greatest America First Speech Ever Given:

"I for one am hopeful, because in the heart of this nation American strength has not failed, it is only waiting to be recognized, waiting to be called upon, waiting to be given voice." 1/
@HawleyMO "The great divide of our time is not between Trump supporters and Trump opponents...the great divide of our time is between the political agenda of the leadership elite and the great and broad American Middle, the middle of our society." 2/
@HawleyMO "For years the politics of both Left & Right have been informed by a political consensus that reflects the interests not of the American Middle, but of a powerful upper class & their cosmopolitan priorities. This class lives in U.S. but they identify as citizens of the world." 3/
Read 16 tweets
Profile picture
blmohr
@blmohr
“...suggest that Facebook brokered special data deals with companies like the Royal Bank of Canada and Amazon.” wired.com/story/facebook…
“The Pikinis app let people access strangers' bikini photos, using the same feature that enabled a political firm called Cambridge Analytica to misappropriate the data of tens of millions of Americans without their knowledge.”
“...the filing mentions—but doesn't quote from—an email from April 30, 2015, in which a Facebook employee confirms that a Chrysler/Fiat app was white-listed for extended access.”
Read 5 tweets
Profile picture
Jikku Varghese Jacob
@Jikkuvarghese
#Thread During #KeralaFloods many of the people lost their crucial documents. It was a big mess to recover these documents since they don't even remember the document no. Hence, Kerala IT department came up with an API architecture to retrieve the documents. (1/n)
The idea was generated jointly by IT secretary M.Sivasankar and KSUM CEO Saji Gopinath. The target was to retrieve the documents by taking the basic inpit values known to the public. It startes working last day (2/n)
Incase of Aadhaar, govt will take your biometrics as the input value to generate E-Aadhaar if one doesn't remember the ID number. This will be pushed into Digilocker account created. Also will get a print out for free of cost. (3/n)
Read 10 tweets

Trending hashtags

#NoMoreDeaths #IndianArmy #GOTV #immigration #StopLeavingNeverlandNOW #DictaduraEnChile #Aleppo #cambridgeanalyticaUSA #Salvadoran #VictorJara #ToqueDeQueda #AmericaWasNEVERGreat #ElPaso #ManuelAntonioMatta #Russia #Tel_Osman #borderwall #Homoiconicity #MRE #JammuAndKashmir #Kurukshetra #LosPrisoneros #85th_Brigade #chileprotest #data
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!