[openstreetmap/openstreetmap-website] gravatar / user image should only be available to authenticated users (#1631)

[Simon Poole]

> 
> 
> Well if that's the requirement we might as well just shut the site down.
> 
> I mean why concentrate on gravatar and ignore the three third party tile servers, the three third party routing engines, the third party overpass instance, not to mention the innumerable third party sites that iD accesses and probably potlatch as well to a lesser extent.

I don't know how you arrive at the "ignore" bit, particularly given that I had just pointed out that they are problematic but are currently something we can cover in the privacy policy as essentially required to provide the specific functionality. With the exception of tile servers, all of these require active use the users and are less problematic than something that "just happens" because you are looking at your own account profile. As to the tile servers and other infrastructure, yes there are constraints on which traffic should land where, luckily this mostly works out right "naturally", but we should be more careful about that particularly we will probably have further restraints at the end of the year (as you know).

Not doing something that we are required, not only, by law to do, because we can't do it perfectly and it is a bit of a pain, is neither legally nor ethically defensible.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1631#issuecomment-665191282
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200728/66d1aa84/attachment.htm>