Could you please add support to use Gravatar for profile photos on the support forum?

The title says it all. If you could add support to the forum to allow the use of Gravatar profile images that would be awesome. https://en.gravatar.com/ Using Gravatars is easy, it's just a reference to the email (hashed) provided by the user. As shown on this site: https://en.gravatar.com/site/check/

My Gravatar information is the following for my email:
Email Address: [email protected] <- Just an example for any bots
Email Hash: de4679e2acaea25fa177b4e4ab63b19a <- My real hash
https://s.gravatar.com/avatar/de4679e2acaea25fa177b4e4ab63b19a?s=80 <- s=80 denotes pixel size requested, not including this defaults to 80

The hash is a simple md5 hash which you can generate numerous ways, below is a command line example. Note using printf does not automatically include a trailing new line like echo would. Ignore the trailing - or remove it with cut/awk etc.

printf "[email protected]" | md5sum
8455938a1db5c475a87d76edacb6284e -

More information can be found here as well as a simple code example. https://en.gravatar.com/site/implement/hash/

Thank you!


1Password Version: N/A
Extension Version: N/A
OS Version: N/A
Sync Type: N/A
Referrer: forum-search:Could you please add support to use Gravatar for profile photos on the support forum?

Comments

  • BenBen AWS Team

    Team Member

    Hi @SirGatez

    I recall having this in the past and turning it off due to a privacy concern. I'm going to check with our security team and see if 1) anyone has a better memory than I do as to what the specific concern was, and 2) if that concern is still applicable.

    Thanks!

    Ben

  • BenBen AWS Team

    Team Member
    edited August 12

    I'm still awaiting an answer from security as to point #2, but my colleague Tommy found an old thread that expands upon point #1:

    Using Gravatars may expose your email address

    Ben

  • SirGatezSirGatez
    edited August 13

    I suspect that if you provide it as an option for the user to select then exposing the email via the calculated hash may not be a concern. A simple warning either near the option or before enabling should suffice.

    Providing the choice allows the user to weigh their risk to the potential risk of email discovery via a brute force attack to match the hash.

    If the user never opts in, no Gravatar url requests are ever made so the hash is never exposed.

  • BenBen AWS Team

    Team Member

    @SirGatez Unfortunately we don't have that level of control over the forum. The Gravatar plugin is either enabled or disabled. When enabled users can only opt-out by uploading a custom avatar. We don't have the flexibility of making it opt-in.

    Ben

  • Ah, thank you for clarifying. I understand the issue of trying to enable this in the forum more clearly now.

  • BenBen AWS Team

    Team Member

    You're very welcome.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file