[openstreetmap-website] Disable automatic gravatar opt-in, as it violates the privacy policy (#519)
apmon
notifications at github.com
Tue Oct 29 18:33:55 UTC 2013
Currently there is an automatic opt-in for all new users to have gravatar enabled.
This transmits the users unsalted md5 hash of their email address over an unencrypted
link the the third party site gravatar.com before the user has a chance to opt-out.
This is in clear violation of the OpenStreetMap privacy policy, which states:
"The registered email address for an OSM user account, will never intentionally
be published on the internet anywhere, shared with third party organisations, ..."
One can still explicitly opt-in to the use by setting the "use gravatar" option
on ones settings page, if one wishes.
You can merge this Pull Request by running:
git pull https://github.com/apmon/openstreetmap-website privacy
Or you can view, comment on it, or merge it online at:
https://github.com/openstreetmap/openstreetmap-website/pull/519
-- Commit Summary --
* Disable automatic gravatar opt-in, as it violates the privacy policy
-- File Changes --
A db/migrate/20131029121300_set_default_gravatar_to_false_for_privacy.rb (9)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/519.patch
https://github.com/openstreetmap/openstreetmap-website/pull/519.diff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20131029/e1203740/attachment.html>
More information about the rails-dev
mailing list