A warning about this BBS's use of Gravatar and anonymity


#1

CowTip:

To those of you that used an email address that is linked to your personal identity with your Gravatar avatar used by this Discourse Boing Boing BBS system, I already know who you are and you might want to prevent others from determining the same thing in the future.

In case you think I’m bluffing:

Time for damage control for some of you.


#2

anyone care to ELI5?


#3

One of many reasons I’ve never seen any reason to use Gravatar.


#4

Welcome back @Cowicide!

The way gravatar works is that it uses an MD5 hash based on your email address – and if you set up your email address at http://www.gravatar.com you get a “free” avatar that automatigically follows you around the internet, whenever you use that same email address.

However, if your user name and email address are the same, e.g.:

username: FrogBuckets
email: frogbuckets@gmail.com

This makes it pretty trivial to “discover” your email address since you just iterate through common email domains like @hotmail, @gmail, etc slap the username on the front, generate the MD5 hash of that email and see if it matches the Gravatar image URL.

Now this gets a hell of a lot more difficult if the username and email don’t match exactly, for example if the username was Frog_Buckets or BucketOFrogs.

In reality this works for about 10% of usernames, because that’s how many people tend to have usernames that exactly match their email addresses.

There are three workarounds:

  1. Don’t choose a username that exactly matches your email. This is probably a good idea in general.

  2. When providing your email, use plus addressing, so your email would be frogbuckets+boingboing@gmail.com. The downside is that you won’t get your standard Gravatar (if you set one up) for that hash since it is now different. The upside is if that email gets “distributed” somehow you will absolutely know since the email is now uniquely customized to the site you provided it to.

  3. Go to your Discourse user preferences and upload a custom avatar. The custom avatar replaces your Gravatar and is not based on your email hash at all.

I am probably biased, but Number 3 also makes you look the awesomest, though it does nothing to solve the “I want a standard avatar that follows me around the Internet with minimal work on my part” problem.


#5

Kind of a Seriously creepy statement. There’s a difference between pointing out a security flaw, and actually exploiting it. Do you mean you’ve hashed out email addresses, and we shouldn’t think you are bluffing, so it’s time for damage control because you’ll be “outing” people?

And @codinghorror I see discus has already discontinued using gravatar. Will BBS be following suit?

Edit - clarity


#6

ELI5 - If your email, “your” personal identifiable email is the same as your user name, you can be tied to it.

Nothing surprising really - If your email is ragingnazi@specialcamp.org, and your user name is ragingnazi, they can be tied together across multiple websites which use gravatar. This is a technical flaw, and nothing really new. Google various usernames on any website for example to see the same person using the same username across multiple websites and sometimes those will tie back to a “real life” identity, in the gravatar case some politicos who were making some statements they probably would not have on their office letterhead.


#7

Not fair, I was first:


#8

That would be up to @beschizza


#9

One question I still have open:

Lindberg also sees the decision to allow homosexuals to become blood donors as part of the government’s “attempts to obliterate the Swedish people”:
"But it faster for the government to wipe out the population if one rubs der it with

Rubbing der it with, is a serious allegation, http://www.expressen.se/nyheter/expressen-avslojar/expressen-avpixlar-anonyma-skribenter/

I have extreme mixed feelings.

On one hand, I don’t really expect privacy unless I am typing into a box using a disposable email address using tor running my text 20 times through google translate loop

On the other hand, even this bigot deserves privacy. When you sign up to a site you may be deluded that you are private cause you add a .j.99 at the end of your user name. This is a clear violation of that delusion. If we do not defend the rights of the most atrocious people… and so on.


#10

I’m up for removing Gravatar from BBS, if it’s not inconvenient. Besides the privacy issue that occurs here in certain cases, the generative defaults strike me as kinda ugly.

Also, categories!

I’d generally like BBS to veer toward “default discourse”, though, so it’s as useful a possible a testing ground.

We’ve also been waiting until planned changes to BB’s own design come to fruition before making any requests or suggestions. This should be soon!


#11
Seriously creepy statement.
I was hoping you'd think so, friend. But, I didn't mean to cow you.
Do you mean you've hashed out email addresses, and we shouldn't think you are bluffing, so it's time for damage control because you'll be "outing" people?

No.


#12


#14

good.

?

welcome back.


#15

Yeah the Identicons are kind of impersonal for a social discussion. We wanted to use these automatically generated robots, which are much cooler, but there were brutal caching difficulties with them. We do plan to come back to that at some point.


#16


#17

How about something similar to gravatar, but simpler and cuter and easy to fit inside a couple of kb of javascript and css. For example, random 8x8 space invaders

And, haha, using the public username as the seed instead of the damned email.


#18

Is there sample code for it somewhere? I like to steal code, I don’t like to write it.


#19

I like to steal code, I don’t like to write it.


#20

These are pretty, but is written in something weird: http://www.turtlezero.com/models/view.php?model=space-invader-generator

This looks easier to hack at: http://pastebin.com/223eTMka


#21

That is Logo, I love logo :slight_smile: