Facebook Comments

Overview

Facebook Comments is a Meta social plugin that replaces or supplements a website's native comment system with Facebook-powered discussions. Visitors can post comments using their Facebook identity, and the comment thread is visible to other visitors on the page. Like all Meta social plugins, the Comments widget loads the full Facebook JavaScript SDK on every page where it appears, initiating cross-site data collection regardless of whether visitors engage with the comments.

What This Script Does

The Facebook Comments plugin is implemented by loading Meta's JavaScript SDK from connect.facebook.net/en_US/sdk.js and rendering the comment interface through an iframe or the FB.XFBML.parse() method with a <div class="fb-comments"> element.

Script Loading and Network Requests

On every page load where the Comments plugin is embedded:

• The sdk.js script loads from connect.facebook.net, initiating a connection to Meta's infrastructure
• The SDK requests the comment thread for the page URL from www.facebook.com/plugins/comments.php
• Existing comments are rendered in an iframe hosted on www.facebook.com, which has full access to the visitor's Facebook cookies
• Additional assets (profile photos, styling) are loaded from Meta's CDN

Cookies

The Facebook Comments plugin triggers the same cookie infrastructure as other Meta social plugins:

• _fbp — a first-party tracking cookie set on the host domain (when Meta Pixel is co-deployed) with a unique browser identifier. Lifespan: 90 days. Used for advertising attribution.
• datr — a .facebook.com browser identification cookie. Lifespan: 2 years.
• fr — a .facebook.com advertising delivery and measurement cookie. Lifespan: 90 days.
• sb — a .facebook.com browser identification cookie. Lifespan: 2 years.

For logged-in Facebook users, the iframe reads their session cookies and associates the page visit with their Facebook profile. This data contributes to Meta's interest graph for ad targeting.

Data Transmitted to Meta

Every page load transmits to Meta:

• The page URL and referrer
• The visitor's IP address, user agent, and screen dimensions
• Existing Facebook cookies (enabling cross-site profile association)
• Timestamp and engagement signals

When a visitor posts a comment, Meta additionally receives the comment content and associates it with the visitor's Facebook account. Comment moderation, reply notifications, and thread management are all handled through Meta's infrastructure.

Consent & Compliance

Facebook Comments is classified under both functional and marketing categories. The commenting functionality serves a legitimate interactive purpose, but the underlying data collection serves Meta's advertising business.

Under GDPR and ePrivacy, the same principles established by the CJEU's Fashion ID ruling (C-40/17) apply to the Comments plugin as to the Like Button: the website operator is a joint data controller with Meta for the data collection triggered by loading the plugin. Consent is required before the SDK script loads. The functional value of the comment system does not override the consent requirement, because the cross-site tracking that occurs is not strictly necessary for the commenting service.

Under CCPA/CPRA, the data transmitted to Meta constitutes "sharing" of personal information for cross-context behavioral advertising. Standard opt-out requirements apply.

Should You Block This Without Consent?

Yes. Despite providing functional commenting capabilities, the Facebook Comments plugin loads Meta's full tracking infrastructure on every page view, transmitting visitor data to Meta for advertising purposes. The cross-site tracking occurs regardless of whether visitors read or post comments. Block the connect.facebook.net script until consent is granted, and consider using a native commenting system or privacy-respecting alternative that does not transmit data to third-party advertising networks.