Email or username:

Password:

Forgot your password?
Top-level
Brad

@thomasfuchs @timthelion That is interesting considering the recent controversy over the .NET “Moq” library sending hashes of developers’ email addresses to the cloud. It’s no longer private when someone has a database to do hash -> email lookups.

3 comments
DELETED

@bk1e @thomasfuchs It gets worse when according to wikipedia the hashes are right in the urls and therefore PUBLICLY available. And it's md5, which is far from secure...

Thomas 🔭🕹️

@timthelion @bk1e The whole point of the service is opt-in zero-configuration avatars for services and apps. Note that these are non-reversible hashes of email addresses you’re talking about, not state secrets. ¯\_(ツ)_/¯

Brad

@thomasfuchs @timthelion I’m not saying Gravatar is bad. I think using Gravatar as an example helps explain part of the Moq thing. The hash is not directly reversible, but if you add emails, hashed emails, and other user-correlated data (like avatars or open source sponsorship info) to a database, you can look up the other data by hashed email.

Go Up