[openstreetmap-website] Disable automatic gravatar opt-in, as it violates the privacy policy (#519)

[Frederik Ramm]

For the privacy aspect, see "De-anonymizing Users of French Political Forums" (http://archive.hack.lu/2013/dbongard_hacklu_2013.pdf) in which 70% of email addresses of contributors to a French forum were successfully brute-forced through the Gravatar hash. 

@ppawel, you misunderstand when you write "I already opted in by registering with gravatar"; even for users who have never registered with gravatar, we publish their email hash in a Gravatar link (go to a random recent user's profile page on OSM, view source, and look at the Gravatar link in there).

In all privacy discussions we tell people that they are not forced to reveal their identity - "just choose a nickname and nobody gets to know who you are". It kind of defeats that argument if automatic Gravatar integration leads to easy decypherability - yes, people can switch it off, but we don't even make an attempt to explain anything to them so why should they.

@tomhughes you are correct when you say that we are not "sharing email addresses" and therefore @apmon overstates the problem when he speaks of a "clear violation" of the privacy policy, but on the whole I think that shouting out the MD5 sums of the email addresses of our users is indeed a problem.

Even if someone doesn't apply a cluster of GPUs to guess email addresses, the question "does user SlickJoe123 use the email address freddy.krueger at gmail.com, because his edits sure look like they could be Freddy's" is trivially answerable from SlickJoe123's email hash that we publish. 

I for one would welcome @apmon's patch.

---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/519#issuecomment-27418179
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20131030/57b3e22f/attachment.html>