Make WordPress Core

Opened 6 years ago

Last modified 6 years ago

#44067 new enhancement

Refactor get_avatar and related functions to make Gravatar a Hook instead of a Default

Reported by: dshanske's profile dshanske Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Privacy Keywords:
Focuses: Cc:

Description (last modified by dshanske)

The design of get_avatar and related functions is a problem for a variety of reasons. It creates a dependency on gravatar even when a gravatar isn't being used.

However, gravatar is such a long-standing part of WordPress it would hurt more to remove it. So, the logical solution is a refactoring.

We've added filters are various levels. Gravatar should be hooked onto these filters, and if someone removes the hook, everything will return an anonymous image hosted in Core, that can be overridden by a plugin.

Identicon, wavatar, and monsterIDs were originally plugins for WordPress that were absorbed by Gravatar(https://blog.gravatar.com/2008/04/22/identicons-monsterids-and-wavatars-oh-my/). They generate anonymous icons from the provided email or hash. Mystery person can be stored locally, and maybe we can add a few options for this.

It would not change any functionality. It might pave the way for local avatars, waiting in #16020 for seven years.

Gravatars are implemented are problematic from a privacy standpoint, which has come out locally as a priority issue. As noted in an 8 year old ticket, #14682, it does share your information with gravatar.

5 Years Ago, in #23179, it waas suggested that gravatars should only be used for registered users.

So, we have people saying that this should be addressed. Local avatars continues to be a request, but this isn't that.

While I set out a bigger agenda here to host the default icons, the scope of this ticket would be that if you remove the gravatar hunting hook from WordPress, it would just return false, as the signature of the function already has as an option.

Change History (4)

This ticket was mentioned in Slack in #gdpr-compliance by sergey. View the logs.


6 years ago

#2 @pputzer
6 years ago

  • Component changed from Comments to Privacy

I think this properly belongs to the Privacy component, as avatars are used not only in comments.

Last edited 6 years ago by pputzer (previous) (diff)

#3 @dshanske
6 years ago

  • Description modified (diff)

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


6 years ago

Note: See TracTickets for help on using tickets.