[openstreetmap/openstreetmap-website] gravatar / user image should only be available to authenticated users (#1631)
Simon Poole
notifications at github.com
Tue Jul 28 14:55:57 UTC 2020
>
>
> Do friends and nearby users even appear in that case? I thought they only appeared when you were logged in and looking at your own page?
That's the whole point of the discussion, gravatar gets information -on me- even though I don't have gravatar enabled because the other users have it turned on. So gravatar knows that <finger printed OSM user> has viewed gravatars of nearby user 1, nearby user 2 ...
The alternative to being restrictive would be to proxy accessing the gravatars (I haven't checked if their ToU allow that, iirc caching isn't allowed).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1631#issuecomment-665089539
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200728/49a36427/attachment.htm>
More information about the rails-dev
mailing list