Updated Issue 170 - Make gravatar optional for privacy reasons (indefero)

2 views
Skip to first unread message

no-r...@ceondo.com

unread,
Dec 18, 2009, 4:07:56 PM12/18/09
to indefero...@googlegroups.com
Hello,

The following issue has been updated:

170 - Make gravatar optional for privacy reasons
Project: InDefero
Status: New
Reported by: Loïc d'Anterroches
URL: http://projects.ceondo.com/p/indefero/issues/170/
Labels:
Priority:Medium
Type:Enhancement

Comments (last first):

# By Baptiste Durand-Bret, Dec 18, 2009:

Just a tiny related note : md5 hashs used by gravatar were recently hacked. See
http://www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea

# By Loïc d'Anterroches, Oct 8, 2009:

Labels: Type:Enhancement, -Type:Defect

# By Loïc d'Anterroches, Mar 27, 2009:

<oxygene> reminds me that I wanted to remove gravatar support (or maybe make it optional on a per-host and per-user basis) but not now..
<CiaranG> Yeah, I thought about that too
Then I decided I just needed to get a less irritating avatar
<oxygene> it's still a privacy violation
unless you use a different email address on any gravatar-enabled site you use
<CiaranG> See what you mean. Never thought about it like that before
<oxygene> you don't have to register for them to create a profile, and once you registered, all you can do is "delete your images" (according to the FAQ). so they won't let go of your email address once they have it
<CiaranG> So they can gather a lot of info about you then, even if you've never been near their web site
<oxygene> yes.. hmm. a firefox plugin to detect gravatar use on pages that emits a warning might be due. crap, my TODO is long enough as is :)
<CiaranG> I don't care personally. But actually, you might say that a site that is going to give your email address to a third party (i.e. gravatar) has a duty to warn you first
Do you actually give the address, or a hash of it?
<oxygene> md5(email)
good enough for profiling
<CiaranG> Oh yeah, I see
<oxygene> and once you register (to add a less silly picture), they can map it to a valid address, too ;)

--
Issue: http://projects.ceondo.com/p/indefero/issues/170/


Reply all
Reply to author
Forward
0 new messages