Update, 2011.1.29: Welp, there's been sufficient concern expressed in the comments here and elsewhere that we've decided to make display of your Gravatar purely optional. If you visit your account settings, you should now see a checkbox labeled "Use the Gravatar associated with your e-mail address?"
We'll improve the interface to this over the next few days, along with some other planned tweaks to the comment system, but hopefully this strikes a reasonable balance.
So, a while ago, some of us in IT got to talking about how handy Gravatar is.
If you're not familiar with the service, Gravatar pretty much just does one thing: It lets you associate an avatar image with an e-mail address, which can then be used by any site that knows your address.
There are a bunch of major sites currently using Gravatar, including GitHub, Stack Overflow, and WordPress. So, we figured, why not sparkfun.com? Most days of the year, we get way less traffic than those guys. There's even an option to fall back on retro-arcade-style pixel art for people who don't have an account with Gravatar yet.
This turns out to be way easy. For a web developer in PHP, it's as simple as saying:
$hash = md5(strtolower(trim($some_address)));
echo "<img src="https://gravatar.com/avatar/' . $hash . '?size=60" />";
Here's mine, for example:
<
p class="ctr">
Neat, right? It only took me about 20 minutes to implement this one everywhere on the site. If you look at the comments section on a given news post right now, you'll probably get a lot of that old-fashioned Space Invaders vibe.
Want one of your own? The signup is pretty painless. If you're missing your old SparkFun avatar, you can retrieve the image here.
Thanks for switching this to opt-in. :)
At first gravatar might seem easy and fun, but when you dig a bit deeper, this is wrong on so many levels. Here are a few of the problems :
- sparkfun decided to publish the MD5 of our email without allowing us a chance to opt out,
- sparkfun decided to share this information with a third party, the gravatar publisher (known as "automattic", also owner of Wordpress and the commenting tools IntenseDebate) without our consent but that does not violate Sparkfun's privacy policy ... since there apparently is none : http://www.sparkfun.com/static/privacy (oups!),
- Since we actually buy stuff from sparkfun, it would be impractical to use a throwaway email address and anyways we had no way of knowing Sparkfun would override our decision to not show our email address (doing so indirectly using the MD5 hash is no better),
- Since the MD5 is associated with our past posts, our identity is immediately compromised even if we don't log in,
- The decision by Sparkfun to use gravatar does not just expose what users have written in here, it links it with whatever is or have been written by the same individual in any forum that uses this system or will use it or a similar one at any point in the future,
- Anyone grabbing your email address can calculate the MD5 and, if given access to gravatar database, use it as a key to get everything you ever wrote in any website using gravatar, unfortunately including Sparkfun website,
- Anyone grabbing your email address can calculate the MD5 and google it (even without access to the database),
- Linking the MD5 and email even reveals all activity that occurred in the past, with no way for the victim (or even the website that exposed him) to erase that information,
- In any forum, the avatar is supposed to represent the person who writes. Giving control of our image to a third party is not acceptable,
- Today's default avatars for people who don't register with Gravatar are dumb and a bit weird. As they try to coerce more people into signing for their service, we can expect the default avatar to become dumber or silly. Being given the choice between being represented as the marketers from Gravatar decide or yielding and giving them the personal info they request is utterly unethical,
- The content of the avatar influences how people react to message content or interpret it's meaning,
- Gravatar turns the ability for forums users to have an avatar into a privilege that must be paid by loss of privacy,
- Their privacy policy (already filled with nonsense such as "We don’t store personal information on our servers unless required for the on-going operation of one of our services." http://automattic.com/privacy/) and, as usual with corporations who's business model relies on harvesting personally identifiable data, that policy could (and will) change, financial considerations trump fairness and respect every time.
Knowledge, once acquired can never be withdrawn and we don't live in an abstract electronic wonderland. Anyone minimally aware about international news (Tunisia, Egypt, Wikileaks) understands the increasing importance of the net and social interaction websites from a political point of view. Spilling the beans about everything people do and write online does have real consequences and can only have more in the near future. I can understand a small forum owner doing this disservice to his members by lack of knowledge, but Sparkfun ?
PLEASE, Sparkfun, reconsider your decision and stop exposing people's email address in a way neither you or us can control. At the very least, allow us to opt out, and when we do so, completely remove all references to us with Gravatar.com and the MD5 of our email from your website.
Good points,
seems like the simple solution is to allow disabling of the Gravatar request per user account. You could even do this by setting up gravatar@sparkfun.com and defaulting non-participants to that md5.
For those of you who believe that gravatar or anybody else could figure out your email address using md5 hash, please read this answer that was discussed on Stack Overflow:
Decoding Email Address from Gravatar
For those of you who rather not want to read the lengthy response, he basically demostrats that it is impossible to figure out the original data that was used to generate the hash in the first place.
Now if you were to go to gravatar's website and create account / sign in to set your own avatar image by then they definitely have your email address, so the argument is mute at that point. And of course gravatar will be able to track you by your email address as to what sites(and specific pages) you have posted (not activity visited) on.
Thanks sparkfun for finally doing the right things, even if the beans had already been spilled. It would be even better if you could simply reactivate the previous avatar system that seemed to work well (ain't broken, don't fix it!) in addition to the Gravatar option if you really want to keep it. People who think their privacy is not worth spending 30 seconds uploading an avatar pic will still be able to use it even if I totally fail to see the problem this "service" supposedly solves, except for people who change their avatar 10 times a day.
@TRON:
The ability to directly reconstruct the email from the MD5 is unimportant since there is an easy way to achieve a similar result.
A large scale system (and maybe Gravatar themselves) would use several huge lists of known emails, such as those used, among others, by spammers (they end up getting a vast majority of all valid email addresses, even if you're careful about it) or sold by unscrupulous/dumb websites/ISPs. From those lists, they simply generate the MD5 hash for each email and store both in a database. They can generate many more by combining bits of actual email addresses (eg: they have johnDoe(at)hotmail.com, they can add johnDoe(at)gmail.com, johnDoe(at)yahoo.com, etc...)
To identify the email behind a comment made on a Gravatar enabled website even by users not registered with Gravatar (the default Gravatar Sparkfun removed), they simply query with the MD5 and get the email.
If they don't find a match, they store the info just the same. If the email is used regularly, it will eventually end up in one of those spamming lists or other sources. They then generate the MD5 from those new emails, store them and query the list of previously unknown email MD5 for a match. When they get a hit, it discloses the previously unknown identity of the poster for all occurrences of the Gravatar MD5 in all forums that use it.
ChoicePoint (now part of Reed Elsevier, and countless others in the personal information business) spend their days mining for such info and associating information such as name, email and much more. Gravatar gives them a simple way of completing their data vault with all posts associated with that person, and that's highly valuable information.
Make unflattering comments about products on a Gravatar enabled forum, and see the cease and desist letter fly from sites such as brandprotect.com even without an IP subpoena for maximum chilling effect, comment about the Wikileaks documents and you might regret it, unless you live in a place where the consequences of what you write and post online could be much worse.
For cases where the email is known (such as a job application, and an increasing number of places where this info is asked) getting all the comments in all Gravatar enabled websites from that user is even easier.
This person identified 10% of all stackoverflow email addresses in one hour via the emails md5sums:
http://www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea
So... I wouldn't call that impossible.
Just think of what you could do by taking advantage of a service like amazon's ec2.
Everyone has their own fancy avatars, Im going to revolt
Hey, I have a gravatar! It's easy, so you should too!
Even Finance figured out how to use it!
http://www.gravatar.com/avatar/21898dc02360c6aef3015dec9296a801?d=retro&s=30&r=pg
This is a privacy issue. Not for me necessarily, sparkfun visitors are cool to me, but other commenters past and present may not expect to have their information exposed like this... or realize the data mining implications since their username, email address, and comment history can now be grabbed/linked! It also make anonymous comment accounts not so anonymous now unless users were smart enough to setup a whole new email account just to make a comment.
I see mentioning of google analytics further down on this page but I don't find that to be the same as this. I can block google analytics while I browse.. I cannot block a website from posting my email's md5sum for everyone to see.
Please disable this feature or make it opt-in only. This isn't the only way this system could be exploited.
Note that your experiment only applies when that site (md5.gromweb.com) already happens to 'know' that the particular e-mail address encodes to that particular MD5 format. Enter random ones from others on this board, and there's little such luck.
However, that is an implementation issue; it being a (database) look-up. The alternative is brute force attempts. This takes much, much longer. Although there are sites that will produce strings that result in a given MD5, the vast majority of those strings will not be valid e-mail addresses by syntax (containing an @, and a .[valid TLD], etc.) or by existence. Even if you take those things into account, there is at least the theoretical likelihood that more than 1 e-mail address results in the same MD5 (which would be a pain for gravatar) - although a little guesswork might help there.
That is not to say that gravatar is without privacy concerns, however - a quick Googling about gives several scenarios I hadn't even thought of; e.g. old anonymous blog comments suddenly receiving your gravatar because the blog author didn't think to put the gravatar code in the same code block that adds e-mail addresses.
But it is unlikely that you can get the sparkfun account e-mail address from the MD5 sent to gravatar -unless- somebody happens to enter that e-mail address at the site in the "String to convert to MD5" field.
Ultimately it's a question of whether the convenience* outweighs your privacy concerns, and basing your decision on that.
* a centralized place to change your avatar used on many sites -is- a useful service - similar to facebook login being used to log into many sites (google on that if you're ready to fold your own tinfoil hat ;) )
Unfortunately, it's not always you, the user, making that decision; sometimes it's sites making that decision for you.
I think this is a reasonable analysis of the actual situation. Thanks for taking the time to comment.
The tone here is fairly alarmist. As observed by other commenters in this thread, you can't in general simply reverse a hash without the assistance of a database that already knows the key (i.e., your e-mail address). That said, the argument that leaking the md5s in question should be up to the user is compelling. We'll be more careful in future.
Oh good god sparkfun. PLEASE think and test before you do these things. This may be the biggest privacy/security risk I have seen recently. I gave you guys alot more credit than that. Im even afraid to make this post due to the email exposure. Please at least make this opt-in, not opt-out. Better yet, go back to the way it was w/o exposing the information we give you to a third party.
Go ahead and tell me my email address using my gravatar hash string. If you know even a little bit about me you'll be able to discover my email anyway, but you will NOT be able to find my email from my gravatar hash without significantly more computing power, or a very long time, than you have in front of you right now. There have been a lot of articles on the security implications of gravatar, end the risk is minor. Add your own salt to your gravatar hash (such as myemail+randomstring@gmail.com) and it will be impossible for people to verify your email using the hash.
Note that if someone adds my email to the database at md5.gromweb.com then it will show up when you "reverse" it, but as of right now it doesn't know my email address, and cannot compute it.
Is there an app for that?
Now THAT would be a good idea :P An iPhone/Symbian SparkFun App :D
stilldavid:
Hmm... Perhaps a 2% or 3% discount?
Edit: Wait, that could be bad. Customers could confuse customers with the flame logo for Sparkfun employees.
Worse yet, they could be confused as SunSparc users.
I've got one too!
Me too! It's almost like IT has been utilizing gravatar for some time now...
Gravatar sounds like the site that has the privacy issues, glad I don't have one.
I for one, welcome our new gravitar overlords.
I preferred Gravatars - its all ways the moan-y ones who complain about everything that are the most vocal who cares if they don't like it most people either don's care, don't know, or like it, the small minority moan about it.
Personally I think a neat hybrid would be to use Gravatars for new signups and display a notification on next sign in for existing customers.
Thank you for making it opt-in! Hooray for a company that listens to its customers' concerns and does something more than bury them under a pile of committees.
I know you are also using google analytics and in many ways its the same thing but i understand the benefit analytics gives the business. Gravatars dont provide that same benefit other than eye candy so would it be reasonable to also request an opt out to even seeing the gravatars? The reason being that the mere act of visiting a page with a gravatar on it, gives the gravatar makers access to a persons browsing habits across gravatar enabled sites even if they are not logged in.
Others have expressed their concern over the display of their gravatar and we thank you for the new opt out. One last step will allow your customers to manage their own privacy as they choose.
Cool, I just implemented Gravatar on my current project.
Neat service for those that want to use it. Do be aware that if you give gravatar your details they can then track you across all gravatar-enabled sites you comment on.
It would be cool if you could offer an opt out. The ability to continue having an avatar served from SparkFun directly would be a bonus.
We should all get one - after all, one can never have too many entities tracking and selling one's browsing behavior. /tinfoilhat
On that front, you should probably be more worried that we use Google Analytics.
Yeah, not quite true. GA doesn't track unique visitor identities (unless you, as the website developer take special pains to set it up to do so). Gravatar, by default, does track unique visitors (aka. me). Unlike OpenAuth, I don't even have an option to use it or not now that you took the "20 minutes to implement it" across the site.
I mean no offense, but declaring that it was done so quickly is a testiment to the amount of thought put into it.
Ok so where's this opt-out option ? I see nothing in the profile allowing me to prevent this exposure of my email address to anyone looking at the avatar links. Or any way to allow me to continue using my previous avatar. I am very very disappointed in you Sparkfun.
Opt-out is a falacy. If you really want to give the user a choice, make it opt-in, instead of by default giving their information out to a third party, in a way that is proven (see earlier in comments) to expose the actual email address, even of NON gravatar users, not only to a third party, but to ANYONE. This is a huge privacy and security issue.
The opt-out would be great, thanks. Seriously, no offense meant.
With respect to GA, using CURL (or your favorite browser's developer tools) you can pretty quickly see what Google is up to inside ga.js and in terms of cookies. Last time I checked they didn't have a mechanism in place to track visitors by identity. That, of course, is subject to change at any moment.
I'm not sure if this comment is going to end up in the right spot, but this is in response to lee and the whole thread about Google Analytics and tracking.
So I am super paranoid about Google analytics because even if the cookies feature very little obvious personally identifiable there are a lot of ways to identify a browser.
For a good example of this check out the eff's panopticlick website https://panopticlick.eff.org/
It shows you how much personally identifiable information your browser leaks even when you have turned off features like javascript and cookies.
I have noscript with google analytics marked as "untrusted" and I also have cookies from there blacklisted, but it's still unnerving how many different websites use it, to the point where I could almost see following someone's browsing habits in near real-time if needed.
The chances that google actually bothers to view any of this information ever is negligible, but the fact that a sufficiently motivated party with control of the google-analytics domain COULD do this is terrifying.
--Man with a bajillion tin foil hats
+1 on optout.
Not a big fan of a very trackable MD5 of my email address floating all over the place.
Dude, do you ever wonder why you normally see common themed ads when you browse the web?
google is graphing the web with ga. They give web developers awesome analytical tools in return for putting their tracking code on sites. In return, they harvest this information to map (or more directly) graph the web.
Although they do not try to figure out who you are, they do target ads to you by your browsing patterns.
Do this as a test!!!
Go to www.3dcart.com, and spend a little time there. Google will pick up on this. You'll notice later as you browse the web, you'll see a bunch of 3dcart banner ads.
After about a week or so, go to bodyfortress.com, and spend a little time there. Again, later as you browse the web, you'll notice you'll see a bunch of body fortress banner ads on the web.
If you just go to these sites and immediately leave, this will be counted as a bounce. In this case google knows you're not interested in that site and not really target you with those ads. But if you browse around, they will.
Although they are not directly targeting YOU, they are targetting your browser.
BTW, i am in no affiliation with google, 3dcart or bodyfortress except I have used their products in the past and noticed that this was happening
A lot of corporate firewalls block this junk. Leaving the comments section covered in [x}'s.
gravatar cant handle a domain name where I use unique addresses with each site. Thats a fail IMO.
Yay! Something to distract me from the coming IPV4 ARPAgeddon! It's Free day for every website for 6 months.... but there's no questions or free stuff.... just intermittent internet down time.... for everything....
Oh well it's not going to be that bad...
Oh, the irony - this post doesn't have an icon in the Past News Posts list :P
And please no comments saying that wasn't irony, I don't care
Just wanna see if I have one too.
Pretty cool!
Now loads of avatars aren't working?? :O
You could use the GD option in php to do a simple "rewrite". Grab ?image=vampist look up email in DB, get image from gravatar. Open it with GD, output it as src="gravatar.php?image=vampist"
You wouldn't have to do any photo editing so it would be simple/fast.
EDIT: You could also use fpassthru...
I can haz Gravatar!
Nah gravatar can haz you!
Of course, Dan :P
A simple fix to all this would be for Sparkfun's web server to save the gravatar as the page loads and display the saved image. This would be better than adding a link to the gravatar website for the pic - Only downside is the extra bandwidth used to retrieve the gravatar for the Sparkfun server.
Sparkfun could even cache the gravatar image for someone, thus only displaying the cached image.
Another issue I would be worried about is some hacker getting my password from some 'loose security' website. Then being able to go to all other sites I visit (known by my gravatar) to do what ever - My fault for not having a different password for each website - I blame my short memory.
Testing...
Guess I'm not a "cool kid." I realize it's your site and you can do anything you want, but leaving someone without a choice is enough for some to make the choice you didn't intend, to stop visiting. I am now on the fence.
Plus points for fast response guys!
I love Gravatar. Wish more sites used it!
Well done!
Let's see mine
Chickens are nice.
I wish Gravatar was implemented more widely, that way I would only have to change one to change my avatar on all my sites.
hello i want to ask something how can i get item like a picaxe-28
To see all our picaxe products, just type "picaxe" into the search bar in the upper left corner of this page.
Very NOT cool sparkfun. Kinda unethical even. If you were going to do this, it should have been an opt-in function, not something you did without asking your users. There are those of use who prefer not to have our info distributed to tracking databases, and now we've just been added to gravatar's db without our permission.
Adding gravatar to my blacklist, although the damage has now already been done. Definitely not impressed.
What are you on about the system doesn't require them to add you they send an MD5 hash of your email address to Gravatar (non-reversible) and Gravatar looks for your email address on their database, if they do keep your address for tracking what harm is there, its not like you're going to get more spam everyone already gets shit tones of spam anyway.
Looks like a pretty cool addition to the site
Bumping to test mine!!
Testing
testing 123... GRAVATAAAAAAA
MD5!! you have a huge security liability, is there a options for SHA, I don't recommend you this kind of setup. No even https. Be careful, it could be a mess.
md5 is weak. You're leaking information that is not protected well enough.
yay
I'm posting to see my avatawesomeness
EOM :)
Even without me posting this gravatar already knows the MD5 of my mail adres (from a post I made on another item). Now al they need is an other site that is stupid enough to give my adres to them and they can start sending me spam.
On the other hand, there are al lot of other ways to track surfing behavour so why should I complain?
test
This is so cool :)
My main problem with Gravatar is that it works very, very poorly when you have a different email address that you give to every website. In this case, it's really bad for a service to be reliant on email addresses. Maybe it would be better if it relied on oauth/openid urls or something similar?
(Speaking of that, maybe it would be better to have openid/oauth for logins instead of having a password here? Lots of sites are setting that up these days, giving you a list of openid providers like twitter and facebook to let you login with.)
Hey! I want to sign on to Sparkfun with my Facebook account!
The problem with programmers is that they don't stop making unnecessary/useless/annoying changes until you take their keyboards away.
looking at the same code all the time is boring...
But you may be right, coders are not unlike cocaine addicts: "maybe just one more line..."
I like the idea that I can use the gravatar I originally set up for StackOverflow. This internet stuff is pretty cool. :)
AHHH!!! SPACE INVADERS TOOK MY AVATAR!!!! %freaks out%
At least mine now is a lot better.. but its pink...
This should have been an opt-in feature. :(
uhm, the image of my sparkfun account is the same as the image of gravatar :S
Test?
YAYAY GRAVATAR! :)
Wait it doesn't work, the picture shows in my profile but not here :(
Looks fine to me. Maybe your browser's caching it?
It's fine now, thanks :)
I already had one, what what!
EDIT: Oh golly wrong email address.
hiya hiya hiya!
Done! Got my username! :)
COOL!
Test
I have got your package with excellent rapping technique. so thank you very much for your corporation.
thank you..
"excellent rapping technique."
Ultimate 3-word Wu-Tang Review
How long before gavatar sells your e-mail address? lol. No thanks.
Hmmm? My old avatar is now gone without any thought to whether I wanted it to disappear or not. Great idea...
As mentioned above, see here.
There's nothing there except an empty page. The site is there, but no content in the middle.
It appears you never uploaded an avatar to this site, so there's nothing to display on that page.
Gonna have to disagree with you there. I had a lovely avatar here once, but the "old avatar" link shows nothing. I don't remember where I got the picture, so I guess I'll be an Atari gremlin. Bummer.
Give it another shot; I forgot to pull in the smaller file.
It will be a tiny, tiny image, but it's probably there.
I guess I was thinking about another website.
So the option to host an avatar picture on SparkFun is no longer available?
Alright Fine, I Gravatar'd Up.
And yet... I'm still being represented by this galaga tile...
ha ha now your avatar is the same size as everyone elses :P
Haha, indeed...
I still have a big head though :P
May be cached. Try forcing a refresh. I see the expected pooch.
Yep I just got it, I tend to forget how "sticky" my browser is.
Gravatars rock :P
Testing, Nice it works.
GRAVITAR-ED
Everyone is going to test it now!
So true! That is the only reason I am commenting on this.
Gravatar is awesome!
done!
I wonder what my gravatar is...
w0ot
Done. Guess I'm not the only BlackJester out there.
YAY Gravatar!
i don't. i tried using my normal username sign ups and they were all taken already. They Merged with WordPress so usernames are very limited :(
yeah, there are no usernames left... unless I want to start appending random 6-digit numbers. At least I got my username on SparkFun where it counts... take that gravatar! :P