@thomasfuchs @timthelion That is interesting considering the recent controversy over the .NET “Moq” library sending hashes of developers’ email addresses to the cloud. It’s no longer private when someone has a database to do hash -> email lookups.
Top-level
@thomasfuchs @timthelion That is interesting considering the recent controversy over the .NET “Moq” library sending hashes of developers’ email addresses to the cloud. It’s no longer private when someone has a database to do hash -> email lookups. 3 comments
@timthelion @bk1e The whole point of the service is opt-in zero-configuration avatars for services and apps. Note that these are non-reversible hashes of email addresses you’re talking about, not state secrets. ¯\_(ツ)_/¯ @thomasfuchs @timthelion I’m not saying Gravatar is bad. I think using Gravatar as an example helps explain part of the Moq thing. The hash is not directly reversible, but if you add emails, hashed emails, and other user-correlated data (like avatars or open source sponsorship info) to a database, you can look up the other data by hashed email. |
@bk1e @thomasfuchs It gets worse when according to wikipedia the hashes are right in the urls and therefore PUBLICLY available. And it's md5, which is far from secure...