[wp-trac] [WordPress Trac] #14682: Privacy leakage: gravatars leak identity information
WordPress Trac
noreply at wordpress.org
Sat Sep 21 22:05:06 UTC 2019
#14682: Privacy leakage: gravatars leak identity information
-----------------------------+------------------------------
Reporter: jmdh | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 3.0
Severity: normal | Resolution:
Keywords: privacy-roadmap | Focuses:
-----------------------------+------------------------------
Comment (by Denis-de-Bernardy):
Replying to [comment:54 Denis-de-Bernardy]:
> The actual issue, and the only sensible fix, is that the Gravatar ID
generation code should be changed on the Gravatar website. Anything short
of that and you'll still end up with opportunities to track users online.
You can obfuscate things with some salting or some algorithm change but
you cannot prevent it. And as already noted, even with perfectly adequate
hashing on Gravatar's end, Google image search can potentially spoil the
party.
Or then, change nothing (?) on Gravatar's end (it's a dumb cache at the
end of the day) and advertise a new ID generation method for others to use
on client websites. But keep in mind that WP is only dominant in the
blog/CMS space.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/14682#comment:55>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list