Gregory's Server@timthelion they don’t share your email, just a md5 digest of it, so at least if you don’t have an account with Gravatar it should be private
|
4 comments
@bk1e @thomasfuchs It gets worse when according to wikipedia the hashes are right in the urls and therefore PUBLICLY available. And it's md5, which is far from secure...  @timthelion @bk1e The whole point of the service is opt-in zero-configuration avatars for services and apps. Note that these are non-reversible hashes of email addresses you’re talking about, not state secrets. ¯\_(ツ)_/¯  @thomasfuchs @timthelion I’m not saying Gravatar is bad. I think using Gravatar as an example helps explain part of the Moq thing. The hash is not directly reversible, but if you add emails, hashed emails, and other user-correlated data (like avatars or open source sponsorship info) to a database, you can look up the other data by hashed email. |
@thomasfuchs @timthelion That is interesting considering the recent controversy over the .NET “Moq” library sending hashes of developers’ email addresses to the cloud. It’s no longer private when someone has a database to do hash -> email lookups.