Welcome back @Cowicide!
The way gravatar works is that it uses an MD5 hash based on your email address – and if you set up your email address at http://www.gravatar.com you get a “free” avatar that automatigically follows you around the internet, whenever you use that same email address.
However, if your user name and email address are the same, e.g.:
This makes it pretty trivial to “discover” your email address since you just iterate through common email domains like @hotmail, @gmail, etc slap the username on the front, generate the MD5 hash of that email and see if it matches the Gravatar image URL.
Now this gets a hell of a lot more difficult if the username and email don’t match exactly, for example if the username was
In reality this works for about 10% of usernames, because that’s how many people tend to have usernames that exactly match their email addresses.
There are three workarounds:
Don’t choose a username that exactly matches your email. This is probably a good idea in general.
When providing your email, use plus addressing, so your email would be
firstname.lastname@example.org. The downside is that you won’t get your standard Gravatar (if you set one up) for that hash since it is now different. The upside is if that email gets “distributed” somehow you will absolutely know since the email is now uniquely customized to the site you provided it to.
Go to your Discourse user preferences and upload a custom avatar. The custom avatar replaces your Gravatar and is not based on your email hash at all.
I am probably biased, but Number 3 also makes you look the awesomest, though it does nothing to solve the “I want a standard avatar that follows me around the Internet with minimal work on my part” problem.