[openstreetmap-website] Disable automatic gravatar opt-in, as it violates the privacy policy (#519)

Simon Poole notifications at github.com
Sat Jul 18 20:12:15 UTC 2015


Digging this out for reasons due to work on the updated privacy policy where it has resurfaced in discussion. 

Wouldn't a reasonable compromise be to 

- check on signup if a gravatar exists, if yes enable the functionality, otherwise turn off
- when users sign in, recheck if a gravatar exists (if functionality is turned off) and if yes ask the use if the functionality should be enabled
- do a bulk check of the existing accounts tuning it off for all accounts that don't have a gravatar

Doing this would avoid the problem of exposing the hashes of accounts that don't actually have a gravatar and make it easy enough for people that add a gravatar later on to switch it on. Naturally this is a lot more to code than simply changing the default.

---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/519#issuecomment-122590012
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20150718/cb16781e/attachment.html>


More information about the rails-dev mailing list