[wp-trac] [WordPress Trac] #14682: Privacy leakage: gravatars leak identity information
WordPress Trac
wp-trac at lists.automattic.com
Thu Aug 26 09:41:00 UTC 2010
#14682: Privacy leakage: gravatars leak identity information
-----------------------------+----------------------------------------------
Reporter: jmdh | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 3.0.1
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
Comment(by jmdh):
Replying to [comment:10 wpmuguru]:
> I'm in favor of wontfix this one. If someone is concerned about their
email address being discovered, they can get a free anonymous email from
any number email services.
The user is not in a position to know that their identity will be leaked
by the system. This is the fundamental point I am trying to make.
> From my perspective, the whole point of a globally recognized avatar
(gravatar) is global recognition and that the gravatar.com landing and
registration pages make clear that is what the service is for.
Firstly, registering on gravatar.com should not mean that you should
expect your identity to be disclosed even when the site you are talking to
says that it won't.
Secondly, the user doesn't even have to have heard about gravatar.com for
this problem to arise; the information disclosure occurs whether or not
they have registered, via the image URL which appears next to the comment,
containing the hash of their email address.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14682#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list