Not signed in (Sign In)

Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.

    Currently MathOverflow uses Gravatar, a commercial service, for its avatars.
    I see at least two problems with this.

    1) User's email address is disclosed.
    Even though Gravatar uses md5 hashes instead of the actual email addresses,
    this does not protect them well because there is only a limited number of email user names and domains.
    This means that eventually spambots will harvest md5 hashes from gravatar
    and recover email addresses from them.
    Perhaps somebody already did that.

    What I find particularly disturbing is that there is no way to opt out of this,
    unless one is willing to delete one's email address from the profile,
    which is not a very good idea because MO moderators need email addresses to communicate with users privately.

    We have a similar problem with disclosing IP addresses, which are used to generate identicons.
    In this case the problem is much more severe, because there are only 2^32 ip addresses,
    and one can easily cycle through all of them and determine the exact ip address of a supposedly
    anonymous user.

    2) Gravatar's terms of service are also very disturbing (I emphasize the most problematic parts):

    More specifically, you hereby do and shall grant to Automattic a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to **sublicense**) right to perform the Services (e.g., to use, **modify**, reproduce, distribute, **prepare derivative works of**, display, perform, and otherwise fully exercise and exploit all intellectual property, publicity, and moral rights with respect to any User Submissions, and to allow others to do so).

    I would be fine with distributing my avatars using
    Creative Commons Attribution-NonCommercial-NoDerivs license,
    but Gravatar simply asks too much.

    This serves as a motivation for the following two questions:
    1) Can we allow users to opt out from disclosing their email addresses to Gravatar,
    while still allowing moderators to communicate with them?
    2) Can we allow users to host their avatars on other sites?
    This can be implemented by adding an additional field (a link to the avatar) to the user's profile.

    Essentially the answer is "no, we can't do this, because we have no access to the software".

    Options include:

    1. proposing such changes on, or on the metas of SE 2.0 sites where you're active, hoping that SE implements this, then hope that we migrate to 2.0.
    2. wishing that we had our own software.

    One can of course opt out. Put your email address in your public profile, and clear the email address field. (Is keeping email addresses secret really a relevant concern these days? Mine has been prominently displayed on my web page in plain text for many years, and essentially no spam reaches my inbox.)

    >Put your email address in your public profile, and clear the email address field.

    If I understand everything correctly, the software will then use my ip address to generate the url for the identicon, which is even worse.

    >Mine has been prominently displayed on my web page in plain text for many years, and essentially no spam reaches my inbox.

    If you have such a powerful spam filter, then perhaps also some non-spam emails don't reach your mailbox? :-)

    You could create a new email account, that would never be discovered by looking for md5 collisions, and set it to forward to your standard account.

    @Scott: True, but this is somewhat inconvenient.

    Also, if somebody wants to use an avatar and does not like Gravatar's crazy license, he is stuck.

    Can we put in some JavaScript code that will rewrite avatar urls for some users?
    • CommentAuthortheojf
    • CommentTimeOct 31st 2011

    I was unaware of Gravatar's terrible terms of service. (Aside: I don't remember ever particularly "signing up" to use Gravatar. But I do use it, on many websites, and had never thought much of it.) I agree with Dmitri that in a better world we would use (or, rather, allow to use) some other service. Dmitri: as you understand the issues better, I vote that you leave the desired change requests with SO.

    (There are, of course, other security things to also dislike. E.g. it would be great to allow to use https. Can MO weigh on SE to fix these things?)