Make Gravatar optional, add local avatar support

Topics: General
Aug 18, 2012 at 8:37 AM

Is there any amount of begging or pleading I could do to get local avatar support added as an option in BugNET?  I wish I had the time and know-how to add it myself ...

I've been a long-time opponent of Gravatar because of the privacy and security issues associated with it.  By using gravatar, you are:

  • Exposing the domain that BugNET sits on (bad if yours is a private, work domain you don't want on the internet)
  • Exposing information about the page(s) viewed
  • Exposing personal information about where I work, sites I visit, how long I visit sites, etc.
  • Potentially exposing my email address to spammers (using bruteforce techniques to reverse the MD5 email hashes)
  • Giving Automattic a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable right to use my avatar image for whatever purpose they want (from their Terms of Service)

I put in a BugNET issue to make Gravatar support optional years ago.  It's been closed since then, but not sure if it ever truly got resolved as I don't see any way to do so.  That said, I wish that I still could have avatars in BugNET because it would make conversations easier to follow.

Aug 18, 2012 at 8:38 AM
Edited Aug 18, 2012 at 8:40 AM

See these great discussions that point out some of the risks associated with 3rd-party avatar hosting sites like Gravatar:

http://meta.stackoverflow.com/questions/44717/is-gravatar-a-privacy-risk

http://meta.stackoverflow.com/questions/21117/is-using-gravatar-a-security-risk

http://meta.stackoverflow.com/questions/4553/can-we-use-non-gravatar-avatars/5658#5658

http://www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea

 

A notable comment from the first link above:

"The entire reason Gravatar offers their service is to collect internet usage data across multiple sites. It is not offered free out of the goodness of their heart. The entire purpose of the service is to analyse the way YOU navigate the internet."

Aug 18, 2012 at 1:33 PM
kiddailey wrote:

Is there any amount of begging or pleading I could do to get local avatar support added as an option in BugNET?  I wish I had the time and know-how to add it myself ...

I've been a long-time opponent of Gravatar because of the privacy and security issues associated with it.  By using gravatar, you are:

  • Exposing the domain that BugNET sits on (bad if yours is a private, work domain you don't want on the internet)
  • Exposing information about the page(s) viewed
  • Exposing personal information about where I work, sites I visit, how long I visit sites, etc.
  • Potentially exposing my email address to spammers (using bruteforce techniques to reverse the MD5 email hashes)
  • Giving Automattic a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable right to use my avatar image for whatever purpose they want (from their Terms of Service)

I put in a BugNET issue to make Gravatar support optional years ago.  It's been closed since then, but not sure if it ever truly got resolved as I don't see any way to do so.  That said, I wish that I still could have avatars in BugNET because it would make conversations easier to follow.

Gravatars are optional, you can disable it from the application configuration page on the basic page at the bottom via a checkbox.   We can certainly look at adding local avatar support in the future as that would better meet the circumstances you have outlined but gravatar was the easiest way to add avatar support in BugNET for the time being.

Aug 19, 2012 at 7:25 AM

Thanks for the reply dubeaud.  And yes, I missed the checkbox somehow.  Thanks also for pointing that out.

 

Not that I'd expect the team to switch from Gravatar to something else, but I recently ran across https://www.libravatar.org/, which is an open source alternative that also lets you host the avatar server yourself if desired.  Also has the ability to redirect to Gravatar.  Haven't looked into it in depth, but it seems interesting.