#43799 closed enhancement (duplicate)
Add a UI and functionality to deactivate gravatar completely (for single site as well as network-wide)
Reported by: | TZ Media | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | gdpr |
Focuses: | Cc: |
Description
In the standard behaviour, WordPress automatically includes gravatar links with every comment, as well as for every logged-in user (as far as I'm aware of). This bears the same problem as with embeds (see #43713).
When the user opens the website in his browser, a third party (gravatar.com) gets access not only to the user's IP address, but also to his md5-hashed email address. If the user has an account with gravatar, he will have accepted the terms of use of gravatar, but I see here the same problem as with social media widgets that transfer data without the user taking an explicit action other than open a web page without knowing that it will transfer data.
Also it is problematic to transfer hashed email addresses of non-registered users. gravatar can't map these to existing user data, but they could still build profiles on the hashed email address (though they probably won't...).
So as an admin I should be able to deactivate gravatar completely in settings.
Also, as a superadmin, I should be able to deactivate gravatar network-wide.
Change History (5)
#2
@
7 years ago
- Keywords 2nd-opinion added
Upon looking at it - yes, it might be. I must admit that I didn't actually look at the implementation of get_avatar()
before opening this ticket.
However, the implementation of get_avatar() allows for 2 ways to display avatars even if show_avatars is false:
$args[''force_display'']
.- the
pre_get_avatar
-filter hook.
This effectively makes it impossible for an admin to override a plugin or theme trying to force the display of gravatars.
At least In the case of show_avatars = false
and force_display = true
, we might have to deliver a (local!) placeholder image, because the layout might depend on "something" being present, hence forcing its output.
So to fix this we need to
- immediately return false if
show_avatars = false
andforce_display = false
, even before executingpre_get_avatar
- immediately return a local placeholder image if
show_avatars = false
andforce_display = true
- in all other cases, run through get_avatar as usual.
I could easily patch this, but the question is if we should filter the local placeholder through pre_get_avatar
and get_avatar
, and effectively allow third party code to replace it with a non-local avatar again.
#3
@
7 years ago
- Keywords 2nd-opinion removed
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #14682.
If you want to deactivate Gravatars globally, you can create a small mu-plugin to enforce it. Increasing the priority should cover prevent any of the various custom avatar plugins from overriding it.
add_filter( 'get_avatar', '__return_empty_string', 1000 );
For folks who leave Gravatar activated, there's language in the privacy policy template to help them inform their visitors about it.
Isn't the option
show_avatars
on the Settings > Discussion page the option you are talking about?