It turns out that the ‘Gravitar’ avatar-generating mechanism, as used here and a variety of other sites, discloses the MD5 hash of the user’s email. Not enough to be useful against a totally naive attacker; but within the realm of brute-forceable if combined with some additional information (email suffix, that sort of thing) to guide the attack.
You can easily work around this by adding routing eg: bla+somecrazystring@gmail.com
We covered this issue here:
http://meta.discourse.org/t/is-gravatar-indeed-a-privacy-leak/779
I originally raised this here in 2009:
Our plan is to allow users to upload avatars and opt out of gravatar. It is next up on @zogstrip’s list.
naïve question: this applies to the randomly generated gravatar like mine, or the one you sign up for and create like yours, or both of them? no I did not RTF link, but will if this applies to me.
It would apply to both, at least until we implement local avatars.
hey, I’m green now! i suppose I wasn’t very threatened by the nature of that security threat (and I’m a bit too dumb to follow the explanation fully) but hey: “just because I’m paranoid doesn’t mean they aren’t out to get me.”
I’ve had my discourse-specific avatar 
designed and ready to go since y’all first mentioned it was to be implemented, soooo … y’know, any day now …
FYI we now support local avatars
2 Likes
And there was much rejoicing.
This topic was automatically closed after 1297 days. New replies are no longer allowed.
