[wp-trac] [WordPress Trac] #14682: Privacy leakage: gravatars leak identity information

WordPress Trac noreply at wordpress.org
Sat Sep 21 22:05:06 UTC 2019

#14682: Privacy leakage: gravatars leak identity information
 Reporter:  jmdh             |       Owner:  (none)
     Type:  defect (bug)     |      Status:  reopened
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Privacy          |     Version:  3.0
 Severity:  normal           |  Resolution:
 Keywords:  privacy-roadmap  |     Focuses:

Comment (by Denis-de-Bernardy):

 Replying to [comment:54 Denis-de-Bernardy]:

 > The actual issue, and the only sensible fix, is that the Gravatar ID
 generation code should be changed on the Gravatar website. Anything short
 of that and you'll still end up with opportunities to track users online.
 You can obfuscate things with some salting or some algorithm change but
 you cannot prevent it. And as already noted, even with perfectly adequate
 hashing on Gravatar's end, Google image search can potentially spoil the

 Or then, change nothing (?) on Gravatar's end (it's a dumb cache at the
 end of the day) and advertise a new ID generation method for others to use
 on client websites. But keep in mind that WP is only dominant in the
 blog/CMS space.

Ticket URL: <https://core.trac.wordpress.org/ticket/14682#comment:55>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list