Gravatar for profile picture

[SpongeBob]

I am trying to upload a profile picture and obviously, I have to register on Gravatar to do this.

Well o.k., if there is no other way ... I provided my email adress for registration and recieved an activation link. Now I have to provide a user name and it tells me that 'SpongeBob' is already taken.

I did not check out the benefits for registering an account on Gravatar, but for me personally, there probably is none. Hope there will be a simple 'Upload profile picture' functionality in the future ...

PS: Happy birthday, Gabriel!

[Li Kao]

I just want to note that every website that uses gravatar leaks information about its users' email addresses. This can be used to recover a significant fraction of the email addresses. A quick test revealed 20% of Stackoverflows addresses, but with more effort I believe >50% should be possible.

This leak occurs even if the user isn't registered on gravatar at all. And many websites(stackoverflow, most blogs,...) who do this promise to "never reveal your email address", which IMO is very misleading/borderline lying.

[daal]

I've said this before, but I'll say it again, just to see if anyone wants to concur: I don't at all like the idea of having to register with a 3rd party website in order to have a kaya avatar. I don't know much about Gravatar, but I don't particularly like what I've heard, for example that it is not possible to delete your account. I also don't like the idea that whatever picture I choose for kaya will become by default my avatar elsewhere. Not everywhere do I want to appear as a manga for example. I think it's unreasonable to expect that everybody who wants to have a kaya avatar is happy to agree to Gravatar's terms of service. I'm not. Gabriel has said that it's too much work to check every pic by hand, but I don't see why it's even necessary to check them at all. Why not just say in the TOS what's allowed and what isn't?

[Kaya.gs]

I've said this before, but I'll say it again, just to see if anyone wants to concur: I don't at all like the idea of having to register with a 3rd party website in order to have a kaya avatar. I don't know much about Gravatar, but I don't particularly like what I've heard, for example that it is not possible to delete your account. I also don't like the idea that whatever picture I choose for kaya will become by default my avatar elsewhere. Not everywhere do I want to appear as a manga for example. I think it's unreasonable to expect that everybody who wants to have a kaya avatar is happy to agree to Gravatar's terms of service. I'm not. Gabriel has said that it's too much work to check every pic by hand, but I don't see why it's even necessary to check them at all. Why not just say in the TOS what's allowed and what isn't?

Because the TOS is not working code , and when someone breaks it requires manual labor to react. Saying in the TOS that sexually explicit content is not allowed doesnt not prevent users from putting such pictures. You have to prevent such cases, not fix them when they happen.

I know that many people find it akward to register somewhere else, but its really just that feeling. The only thing that Gravatar does is relate an email address to a picture.


It is extremely comfortable for us at this stage, because they provide storing, cropping (changing the size ) and other details that save us work at this stage and we dont have to check the pictures, and make the system so other volunteeers can do it. So its likely we wont change gravatar in a while, until it becomes a priority.

We do recognize that registering in another website looks quite weird and is uncomfortable, so we will look for another solution. The main issue as i see it, and many developers thing alike, is that they don't provide an api to do it with white labeling.

I just want to note that every website that uses gravatar leaks information about its users' email addresses. This can be used to recover a significant fraction of the email addresses. A quick test revealed 20% of Stackoverflows addresses, but with more effort I believe >50% should be possible.

This leak occurs even if the user isn't registered on gravatar at all. And many websites(stackoverflow, most blogs,...) who do this promise to "never reveal your email address", which IMO is very misleading/borderline lying.

Source for leaking? it would be pretty awful for StackOverflow if people knew they were selling emails.

If you are talking about the guessing mechanism, its really over-paranoid. To put it into context for people that don't know about that, is that because Gravatar saves a hash (a mathematically irreversible operation on the email address that always returns the same value) that is later used to indentify pictures, you can in principle hash any email and see if Gravatar has the email already.
That is almost the same as sending emails to the addresses you are trying to guess.

StackOverflow had this discussion about it, specially because a lot of people use their names on their account. So say, my name is gabriel Benmergui, and you can try gabrielbenmergui@gmail.com/yahoo/hotmail. That is not a leak in Gravatar.

I am trying to upload a profile picture and obviously, I have to register on Gravatar to do this.

Well o.k., if there is no other way ... I provided my email adress for registration and recieved an activation link. Now I have to provide a user name and it tells me that 'SpongeBob' is already taken.

I did not check out the benefits for registering an account on Gravatar, but for me personally, there probably is none. Hope there will be a simple 'Upload profile picture' functionality in the future ...

PS: Happy birthday, Gabriel!

There is probably no visible benefit to you unless you use other sites with Gravatar (like wordpress, stackoverflow, some other blog spaces). The invisible one is that you have pictures today instead of later, because it was a 5 minute work .

[Li Kao]

I just want to note that every website that uses gravatar leaks information about its users' email addresses. This can be used to recover a significant fraction of the email addresses. A quick test revealed 20% of Stackoverflows addresses, but with more effort I believe >50% should be possible.

This leak occurs even if the user isn't registered on gravatar at all. And many websites(stackoverflow, most blogs,...) who do this promise to "never reveal your email address", which IMO is very misleading/borderline lying.

Source for leaking? it would be pretty awful for StackOverflow if people knew they were selling emails.

I'm talking about brute force guessing email addresses that match a hash. My attempt with only 10 billion guesses recovered 20% of stackoverflows email addresses. Using better implementations or GPUs much larger hash rates are possible(hashcat claims 10GHash/s on a good graphics card), and my email address generation algorithm was pretty primitive too. So I believe that a larger fraction of addresses can be recovered using this method.

This doesn't cover only email addresses where username=email addresses, but all emails with a reasonably predictable format. Many people use combinations of firstname, lastname, initials and a number. The total entropy of this is in many cases brute-forcible, since gravatar was stupid enough to use a plain md5 hash.

A hash function is only irreversible if the domain is large enough, and I believe that many email addresses have low enough entropy to be recovered.

[walpurgis]

I see having to register to a third party website as counter-intuitive and a questionable course of action. Kaya has given the image of being designed to be easy to use with as little hassle as possible when it comes to starting to use its services etc, and this clearly goes against the idea.

In my opinion, it would be better to not allow avatars at all until it's possible to have them as part of Kaya itself. Don't make people register to other websites, especially if there's some untrustworthiness related to Gravatar, as mentioned in previous comments.

[shapenaji]

Yeah, I agree with walpurgis.

Are unique Avatars a requirement? If you don't want people moderating the avatars, don't have them. But don't ship the service out, that's just a lot of hassle.

[Li Kao]

I'm not against using gravatars. They are convenient, since they are shared between websites. But I want to promote honesty, where websites using gravatar clearly state that it's often possible to recover email addresses from gravatar's md5 hashes.

IMO the best option is a gravatar opt-in checkbox which explains this issue.

[Kaya.gs]

I'm not against using gravatars. They are convenient, since they are shared between websites. But I want to promote honesty, where websites using gravatar clearly state that it's often possible to recover email addresses from gravatar's md5 hashes.

IMO the best option is a gravatar opt-in checkbox which explains this issue.

Yeah, I agree with walpurgis.

Are unique Avatars a requirement? If you don't want people moderating the avatars, don't have them. But don't ship the service out, that's just a lot of hassle.

I see having to register to a third party website as counter-intuitive and a questionable course of action. Kaya has given the image of being designed to be easy to use with as little hassle as possible when it comes to starting to use its services etc, and this clearly goes against the idea.

In my opinion, it would be better to not allow avatars at all until it's possible to have them as part of Kaya itself. Don't make people register to other websites, especially if there's some untrustworthiness related to Gravatar, as mentioned in previous comments.

Signing up for gravatar is absolutely optional, we are not forcing anyone.

[Li Kao]

Signing up for gravatar is absolutely optional, we are not forcing anyone.

Do you mean that users can opt-in/out of you displaying the md5 of their email address? Singing up to gravatar itself it unrelated to the privacy issues.

[SpongeBob]

Good to hear that Gravatar is not meant to be the final solution. (I was assuming there was some kind of philosophy behind using it.)

[Kaya.gs]

Signing up for gravatar is absolutely optional, we are not forcing anyone.

Do you mean that users can opt-in/out of you displaying the md5 of their email address? Singing up to gravatar itself it unrelated to the privacy issues.

You can choose to have an avatar with Gravatar, or get the default. The md5 is still shown because im trying to get the latest image for each account. To go around that, i would have to store the result of fetching an image from gravatar and it's not worth the hassle.

LI KAO's concerns are pretty tech-savyy. Its hard to make the matter sound simple and easy. Here is a discussion in SO http://meta.stackoverflow.com/questions ... urity-risk which has things on both sides.



Regards.

[badukJr]

Thanks for bringing this up, I won't use a website where my email is leaked in this fashion.

[speedchase]

I'm talking about brute force guessing email addresses that match a hash. My attempt with only 10 billion guesses recovered 20% of stackoverflows email addresses. Using better implementations or GPUs much larger hash rates are possible(hashcat claims 10GHash/s on a good graphics card), and my email address generation algorithm was pretty primitive too. So I believe that a larger fraction of addresses can be recovered using this method.

I have to break it to you, but all websites that use email addresses for a username, have to tell you if the address has been used before. this doesn't strike me as that scary.

[amnal]

I have to break it to you, but all websites that use email addresses for a username, have to tell you if the address has been used before. this doesn't strike me as that scary.

I think the worry here is that it allows email addresses to be associated with particular accounts on multiple websites.

It's presumably also different to the general case if the hashed url structure (as I understand it, I haven't really been following in detail) allows rapid checking of significant numbers of addresses. Normally, unless there is an account creation API, checking for existing email addresses is much more laborious.