[wp-trac] [WordPress Trac] #55062: GDPR compliance: Loading gravatars from gravatar.com might pose a problem.
WordPress Trac
noreply at wordpress.org
Tue Sep 6 09:03:35 UTC 2022
#55062: GDPR compliance: Loading gravatars from gravatar.com might pose a problem.
--------------------------------------+------------------------
Reporter: BjornW | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Privacy | Version:
Severity: critical | Resolution: duplicate
Keywords: close has-privacy-review | Focuses: privacy
--------------------------------------+------------------------
Comment (by domainsupport):
Hi,
Sorry to comment on a closed ticket but ...
I think this may be a massive issue, way more of a problem than just
exposing visitor IPs to third party servers without consent.
The gravatar ID is just an MD5 of their email address. Apparently the
National Institute of Standards and Technology (NIST) considers an email
address to be PII, or personally identifiable information.
So publicly showing a hash of a user's email address is surely very, very
bad indeed?
What's worse is that even if the user doesn't use gravatar, a hash of
their email address is still shown.
Surely the only solution is for a user's gravatar to be downloaded by the
web server and cached in /wp-content/ and given a completely random
filename that is in no way related to their email address.
This would ...
1) Prevent user's email address hashes from being exposed
2) Prevent visitor requests to gravatar when a gravatar doesn't exist
3) Prevent visitors from making requests to a third party server exposing
their IP address without their consent
A CRON shedule could then be setup to update the user's gravatars.
Apologies if this is already in hand but none of the old, related tickets
seemed to cover this!
Thanks,
Oliver
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55062#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list