Gravatar & WordPress

My fresh WordPress upgrade now infected my blog with 3rd party content; how offensive.

One of the ‘features’ in WordPress now that folks who read my blog and leave comments get avatars.  Well the would, except I turned it off.  These avatars are injected into the page from a  Gravatars is a divisiton of  Automattic, i.e. the WordPress company.

These avatars have assorted problems.  First off they let Automattic track my users.  Argh.  Secondly the design for gravatars makes only a slight effort to maintain the privacy of the users.  The avatars are indexed by taking the user’s email address and jumbling it.  So becomes  3b3be63a4c2a439b013787725dfce802.  That’s bad.  It’s not particularly secure; with a good dictionary of email addresses you can recover the user’s email address.

That’s also a globally unique identifier for the user; enabling anybody with access to a good web crawl to find other places the same user has left comments.  Bleck.

The privacy policy at is joke.  Note how it doesn’t say anything about reselling the tracking information they are collecting to third parties.  WordPress hasn’t exactly been well behaved in the past.


3 thoughts on “Gravatar & WordPress

  1. Dave Brondsema

    Do you know of any alternatives to gravatar? Perhaps you could do a semweb sort of thing where you do FOAF autodiscovery on their website and see if they have a picture in their foaf. But that’s not nearly as user-friendly and wide supported as something like gravatar

  2. bhyde

    Dave – Alternatives 🙂 – ask about my grandchildren!

    If what you want is eye candy then ident icons or their variations will do that; and you can mix some salt into the hash so they can’t be mixed across sites.

    But, you have to be really careful with the email address that users are giving to the blog (right next to an assurance you won’t reveal it). Using it to find their foaf and then leveraging that effectively reveals the email address.

    The gravatar/wordpress folks could try harder. The local server should cache the avatar and serve it locally. Then retrieval of the avatar should be done secured, say with a shared key that only gravatar and you blog software have agreed to. That would leave only the problem that the avatar is identical across sites; a bit of image processing would reduce but not eliminate that problem. These improvements would generally preempt the resale of tracking data by gravatar/wordpress, so they might be uninterested. An intermediary could do it. A Google App. Engine instance; for example – cept they don’t support image processing primitives yet.

Leave a Reply

Your email address will not be published. Required fields are marked *