OSNews

Nice move, Gravatar is one of those great ideas that doesn't seem to get enough traction to become popular

Well, people want an OpenID avatar pic I guess.

yay! Now I can go pick out some idiotic image to represent me on the intarwebs!

What should it be... Bouncing boobs? Me making a funny face? Oh! I know! Some random symbol that is supposed to have meaning and be cool!

I kid.. I kid..

I would say it has traction now. Reason it took so long is because the service had some growing pains, but things are more or less stable and fast enough now.

You don't. Your gravatar is connected to your email address. We pull the image based on the email address in your account. Check out the gravatar website for more.

Ah! Thanks for that, now I just need to add my OSnews email to my Gravatar account. Thanks again!

I'm not familiar with gravitar. Wouldn't the only information hey receive be 1) the requesting ip address, and 2) the gravitar begin requested. OS news wouldn't request the image first then pass it on to the browser, that wouldn't save them any bandwith. Most likely the browser would request each gravitar individually. So gravitar may be able to correlate gravitar requests. IE, usually when gravitar 1 is requested, gravitar 2 is also requested, allowing them to infer a social graph of some sorts, but thats about it. I think.

Feel free to correct me, if I missed something.

Gravatar requires a browser to visit that page, yes. But really, it's not just gravatar that could fetch the information - anyone who's crawling can:
a gravatar image has a url somewhat like "http://blabla.gravatar.com/{md5 hash of emailaddress}", and of course, that must be readable to everyone who might try to render that page.

So it's simple to scrap pages for context (md5 hash close to content), user profiles (if a date is easily extractable) across websites (unless you actively choose different email addresses on all gravatar equipped sites, they all use the same md5 hash for the same user), and often retroactively (where gravatar is added later-on)

Gravatar's advantage over other crawlers is that they're pinged about "relevant" sites due to the requests, but really, being identifiable to everyone on the net using a globally unique id (even if "just" md5 hashed) is a bad idea for privacy.

Good point. So I think the solution is to de-globalize gravatar. Different Email address for every site. Collected by the same email client. I'll change my osnews address to a new one, and presto! The same level of privacy I enjoyed before.

Or use the + trick: whatever+osnews@gmail.com = unique hash.

I don't quite understand what's the problem with data mining anyway. What are people going to do with that data? Targeted ads? Oh, that's horrible, such ads are going to trash anyway.

I'm sorry, but this is PATENTLY false, and it is the perfect example of what we in this industry call "FUD."

We put an md5 encrypted string in a the source code. We do not share your email address. Currently, you will need a cluster of servers to reverse encrypt that: if you're willing to gain those resources to harvest my email address, please just see my profile and save yourself the energy.

The gravatar people are just doing a string comparison: if the encrypted hash matches an encrypted hash they have, they present the avatar.

Please take your whining elsewhere, since it's based on what amounts to lie.

Once again: we do NOT share your email address.

"The gravatar people are just doing a string comparison: if the encrypted hash matches an encrypted hash they have, they present the avatar."

And they have my email address, even though I never gave it to them.

You may not give my email address away, but you're endorsing a service that obviously does not care about privacy.

And there is no reason why anyone would want the same avatar for different sites, it's just completely nonsense. If I was interested in operating systems and cats, I definetely wouldn't want the same avatar on os forums and cat forums.

And md5 is not an encryption, that's just a word that's (wrongly) used to make it sound safe.

No. You are wrong. Unless you register, they do not have your email address.

The message is still there. And when I tried to remove my e-mail address from the preferences pages, I wasn't allowed to. I had to change it to the simpler workaround, "no@no.no".

(On a less serious note, I guess this is my avatar from here on out...)

Edited 2009-10-12 07:16 UTC

(On a less serious note, I guess this is my avatar from here on out...)

The upside is that it's not really that bad an avatar

It's based on the email address in your account, not your username.

Furthermore, if you really want to screw with someone and you changed your account email to theirs just to get their avatar, well... good for you. You can use any avatar you want anyway. Seems like a lot of work for something that could be done pretty easily by just using the same avatar.

What I actually meant was creating an avatar on Gravatar using their username/email address, so that the avatar would show up on their account, not mine.

You can't do that. You have to verify the email.

This is what I hear:

"[smugly] Why would I create an account to hold some representation of my identity? Instead, I want to use a different site that exists solely to represent some aspect of my identity."