[wp-trac] [WordPress Trac] #14682: Privacy leakage: gravatars leak identity information

WordPress Trac noreply at wordpress.org
Sat Sep 21 19:45:09 UTC 2019 

#14682: Privacy leakage: gravatars leak identity information
-----------------------------+------------------------------
 Reporter:  jmdh             |       Owner:  (none)
     Type:  defect (bug)     |      Status:  reopened
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Privacy          |     Version:  3.0
 Severity:  normal           |  Resolution:
 Keywords:  privacy-roadmap  |     Focuses:
-----------------------------+------------------------------

Comment (by Denis-de-Bernardy):

 Replying to [comment:51 fawp]:
 > In the meantime, I checked gravatar.com privacy policy. By clicking on
 it I am redirected to https://automattic.com/privacy/ and I want to
 crystallize here what the policy summary says:
 >
 >
 >
 > >Your privacy is critically important to us. At Automattic, we have a
 few fundamental principles:
 > >
 > > *   We are thoughtful about the personal information we ask you to
 provide and the personal information that we collect about you through the
 operation of our services.
 > > *   We store personal information for only as long as we have a reason
 to keep it.
 > > *   We aim to make it as simple as possible for you to control what
 information on your website is shared publicly (or kept private), indexed
 by search engines, and permanently deleted.
 > > *   We help protect you from overreaching government demands for your
 personal information.
 > > *   We aim for full transparency on how we gather, use, and share your
 personal information.

 This would be a lot less funny if the API hadn't been used for political
 purposes already. :D

 https://politics.stackexchange.com/q/41160/15531

 On a more practical note, IMHO this ship has probably sailed for better or
 worse. If memory serves me well (this ticket is a decade old) there was
 chatter at one point that basically broke down to the notion that an email
 was no private so get over it, or something to that effect (which I
 disagreed and still disagree with, but that was the party line). Also,
 changing the API isn't trivial given the ecosystem that now depends on
 Gravatars in their current format. Which is to say, at this point this
 ticket is probably beating a dead horse.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/14682#comment:52>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list