Privacy leakage: gravatars leak identity information — at Version 3
|Reported by:||jmdh||Owned by:|
Description (last modified by jane)
If a commenter on a blog leaves a comment without having a log in to the site, and the "Comment author must fill out name and e-mail" preference is enabled for the blog, the author must provide an email address. The form for this says "Mail (will not be published) (required)"
It's true that the email address itself is not published, but if the site has gravatars enabled, the persistent identity of the commenter is nonetheless revealed. Together with inspection of other posts where the commenter has chosen to reveal their identity, on the same blog or other blogs, or a brute-force approach taking a known email address to find postings attributed to them (using a global search engine) this results in a complete loss of anonymity.
At the bare minimum, the user should be aware of this, so that they can choose not to comment; preferably, the software should be changed so that gravatars are not used for these sorts of posts (or made configurable, in combination with the user being made aware).
I would suggest closing as wontfix.