[openstreetmap-website] Disable automatic gravatar opt-in, as it violates the privacy policy (#519)

apmon notifications at github.com
Wed Nov 6 10:13:31 UTC 2013

Much more scary is that you can simply create the md5 hash from an email address and then google for it. (e.g. https://www.google.com/search?q=dee41dcf0aa0c08cf6b0eb935b7504b7 )

This will then allow you to retrieve the OpenStreetMap account for the corresponding email address. And that is possible independently of if you ever agreed to share anything on gravatar or not.

If that isn't a violation of the privacy policy then I don't know what is! 

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20131106/758b57e1/attachment.html>

More information about the rails-dev mailing list