[wp-trac] [WordPress Trac] #43799: Add a UI and functionality to deactivate gravatar completely (for single site as well as network-wide)
WordPress Trac
noreply at wordpress.org
Wed Apr 18 12:34:12 UTC 2018
#43799: Add a UI and functionality to deactivate gravatar completely (for single
site as well as network-wide)
-------------------------+-----------------------------
Reporter: TZ Media | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: gdpr
Focuses: |
-------------------------+-----------------------------
In the standard behaviour, WordPress automatically includes gravatar links
with every comment, as well as for every logged-in user (as far as I'm
aware of). This bears the same problem as with embeds (see #43713).
When the user opens the website in his browser, a third party
(gravatar.com) gets access not only to the user's IP address, but also to
his md5-hashed email address. If the user has an account with gravatar, he
will have accepted the terms of use of gravatar, but I see here the same
problem as with social media widgets that transfer data without the user
taking an explicit action other than open a web page without knowing that
it will transfer data.
Also it is problematic to transfer hashed email addresses of non-
registered users. gravatar can't map these to existing user data, but they
could still build profiles on the hashed email address (though they
probably won't...).
So as an admin I should be able to deactivate gravatar completely in
settings.
Also, as a superadmin, I should be able to deactivate gravatar network-
wide.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43799>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list