Security Note: Site Gravatars Disabled

We’ve disabled  gravatars (the little avatar icons that show in your profile) because they pose a security threat. Many sites use an avatar service from gravatar.com:

An “avatar” is an image that represents you online—a little picture that appears next to your name when you interact with websites.

A Gravatar is a Globally Recognized Avatar. You upload it and create your profile just once, and then when you participate in any Gravatar-enabled site, your Gravatar image will automatically follow you there.

Apparently the sites using this service load the images using a hash of your address, and this hash can be used to reveal your email address. We believe the small convenience of having a picture follow you around on the web is outweighed by the security risks.

More in this Wordfence.com article.

Leave a Reply