[openstreetmap-website] Disable automatic gravatar opt-in, as it violates the privacy policy (#519)

vincentdephily notifications at github.com
Tue Nov 5 11:00:11 UTC 2013

The [Gravatar TOS](https://secure.gravatar.com/site/terms-of-service/) mentions that third-party websites must "not copy, store or modify User Submissions". As with any TOS, it is subject to interpretation, but that item looks like it forbids caching the image. I have asked for clarifications on the [wordpress forums](http://en.forums.wordpress.com/topic/caching-gravatar-on-third-party-website-to-avoid-privacy-issues).

We could still obey the TOS by proxying the request without cacheing it, but that migth cost too much ressources ?

As for handling [cache invalidation](http://cacheinvalidation.blogspot.ie/), since this isn't a critical feature, we can simply look at the last-update-time when serving a gravatar. Fetching only once and in the background may be the tricky part, since we're rails-based ?

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20131105/770ef2c5/attachment.html>

More information about the rails-dev mailing list