Security Note: Site Gravatars Disabled

We’ve disabled  gravatars (the little avatar icons that show in your profile) because they pose a security threat. Many sites use an avatar service from gravatar.com:

An “avatar” is an image that represents you online—a little picture that appears next to your name when you interact with websites.

A Gravatar is a Globally Recognized Avatar. You upload it and create your profile just once, and then when you participate in any Gravatar-enabled site, your Gravatar image will automatically follow you there.

Apparently the sites using this service load the images using a hash of your address, and this hash can be used to reveal your email address. We believe the small convenience of having a picture follow you around on the web is outweighed by the security risks.

More in this Wordfence.com article.

Leave Comment

Your email address will not be published. Required fields are marked *