On Fri, Jun 05, 2009 at 10:26:07PM -0400, Matt Lee wrote: > Kuno Woudt wrote: > > > A gravatar url contains a hash of the users email address, IMO these > > urls should never be published and the image should just be cached > > locally. But even if the image is cached locally, you're still sending > > a hash of the users email address to gravatar.com once. So the people > > behind gravatar.com can collect some interesting data about the sites > > you visit. > > I would actually be in favour of dumping gravatar, but then again, you > have to sign up to Gravatar. If you don't want them to know this about > you, you wouldn't sign up, right?
But as website operator you send every hash to gravatar, regardless of wether the user signed up at gravatar or not. So gravatar.com can still match your e.g. stackoverflow account to your libre.fm account to your blog comments, etc... If you don't publish the gravatar url, only the gravatar.com operators can do that. If you do publish that url, everyone with a little patience can do it. I wrote a slightly more detailed blog posts on this topic, if you're interested: http://320x200.org/post.py/2009/gravatar.txt -- kuno / warp. _______________________________________________ Libre-fm mailing list [email protected] http://lists.autonomo.us/mailman/listinfo/libre-fm
