OSAlert is in the process of converting our self-hosted avatars to Gravatar.com, a global recognized avatar service hosted by Automattic, the team behind WordPress publishing platform and WordPress.com. Effective immediately, we’ve disallowed uploads of new OSAlert avatars. Please consider registering a gravatar to use a personalized account picture on OSAlert.com.
New gravatars should be live across the site. If you see something funky, please let me know.
Nice move, Gravatar is one of those great ideas that doesn’t seem to get enough traction to become popular
Well, people want an OpenID avatar pic I guess.
yay! Now I can go pick out some idiotic image to represent me on the intarwebs!
What should it be… Bouncing boobs? Me making a funny face? Oh! I know! Some random symbol that is supposed to have meaning and be cool!
I kid.. I kid..
I would say it has traction now. Reason it took so long is because the service had some growing pains, but things are more or less stable and fast enough now.
Nice! Now gravatar just needs to add openid authentication (you can already add more than one email, so shouldn’t be that hard )
So I’ve got my Gravatar URL from my wordpress account, but the link to “change picture” under My Account simply points me to the main Gravatar site. Where do I put my Gravatar URL in OSAlert to change my picture?
You don’t. Your gravatar is connected to your email address. We pull the image based on the email address in your account. Check out the gravatar website for more.
Ah! Thanks for that, now I just need to add my OSAlert email to my Gravatar account. Thanks again!
So you’re contributing to their data mining scheme, fine..
Could OSAlert _please_ remove the statement “OSAlert does not share this address with any third party and does not display it publically” from the preferences page? It’s not true anymore, after all.
While the E-Mail is hashed before sending, it’s still enough to figure out enough data. The service has no way to opt-out reliably, and once the email address is in there, it’s in.
And if that change also affects older articles and their comments, there’s data associated to a reasonably unique user ID that was supposed to be in relative privacy.
No, thanks.
I’m not familiar with gravitar. Wouldn’t the only information hey receive be 1) the requesting ip address, and 2) the gravitar begin requested. OS news wouldn’t request the image first then pass it on to the browser, that wouldn’t save them any bandwith. Most likely the browser would request each gravitar individually. So gravitar may be able to correlate gravitar requests. IE, usually when gravitar 1 is requested, gravitar 2 is also requested, allowing them to infer a social graph of some sorts, but thats about it. I think.
Feel free to correct me, if I missed something.
Gravatar requires a browser to visit that page, yes. But really, it’s not just gravatar that could fetch the information – anyone who’s crawling can:
a gravatar image has a url somewhat like “http://blabla.gravatar.com/{md5 hash of emailaddress}”, and of course, that must be readable to everyone who might try to render that page.
So it’s simple to scrap pages for context (md5 hash close to content), user profiles (if a date is easily extractable) across websites (unless you actively choose different email addresses on all gravatar equipped sites, they all use the same md5 hash for the same user), and often retroactively (where gravatar is added later-on)
Gravatar’s advantage over other crawlers is that they’re pinged about “relevant” sites due to the requests, but really, being identifiable to everyone on the net using a globally unique id (even if “just” md5 hashed) is a bad idea for privacy.
Good point. So I think the solution is to de-globalize gravatar. Different Email address for every site. Collected by the same email client. I’ll change my osnews address to a new one, and presto! The same level of privacy I enjoyed before.
Or use the + trick: [email protected] = unique hash.
I don’t quite understand what’s the problem with data mining anyway. What are people going to do with that data? Targeted ads? Oh, that’s horrible, such ads are going to trash anyway.
I’m sorry, but this is PATENTLY false, and it is the perfect example of what we in this industry call “FUD.”
We put an md5 encrypted string in a the source code. We do not share your email address. Currently, you will need a cluster of servers to reverse encrypt that: if you’re willing to gain those resources to harvest my email address, please just see my profile and save yourself the energy.
The gravatar people are just doing a string comparison: if the encrypted hash matches an encrypted hash they have, they present the avatar.
Please take your whining elsewhere, since it’s based on what amounts to lie.
Once again: we do NOT share your email address.
“The gravatar people are just doing a string comparison: if the encrypted hash matches an encrypted hash they have, they present the avatar.”
And they have my email address, even though I never gave it to them.
You may not give my email address away, but you’re endorsing a service that obviously does not care about privacy.
And there is no reason why anyone would want the same avatar for different sites, it’s just completely nonsense. If I was interested in operating systems and cats, I definetely wouldn’t want the same avatar on os forums and cat forums.
And md5 is not an encryption, that’s just a word that’s (wrongly) used to make it sound safe.
No. You are wrong. Unless you register, they do not have your email address.
The message is still there. And when I tried to remove my e-mail address from the preferences pages, I wasn’t allowed to. I had to change it to the simpler workaround, “[email protected]”.
(On a less serious note, I guess this is my avatar from here on out…)
Edited 2009-10-12 07:16 UTC
(On a less serious note, I guess this is my avatar from here on out…)
The upside is that it’s not really that bad an avatar
Uses Flash on first page.
Why? WHY!? Sucks. No credits given.
This really scared me. I just logged in and saw that my avatar had been set for the first time. I had earlier created a gravatar account for Stack Overflow, but I never set an avatar here.
I don’t really mind, and was going to set this eventually, but it would be nice if it had asked me before just randomly setting my avatar based on my username. (e.g. could I create an insulting avatar for a user I don’t like with their username and have it show up on their account?)
It’s based on the email address in your account, not your username.
Furthermore, if you really want to screw with someone and you changed your account email to theirs just to get their avatar, well… good for you. You can use any avatar you want anyway. Seems like a lot of work for something that could be done pretty easily by just using the same avatar.
What I actually meant was creating an avatar on Gravatar using their username/email address, so that the avatar would show up on their account, not mine.
You can’t do that. You have to verify the email.
…and I was thinking OSAlert was still using it since when avatars was introduced… never really realized it changed to a in-house solution… =]
…why would we want to create another account on another site just to hold an avatar for us? We have to set up an OSAlert account anyway, so just upload an avatar there. I can understand something like OpenID where you create an account once but this is just one small aspect of an account. What next, a web site to host your home address, one to host your date of birth? Maybe I’ve just missed the point….
This is what I hear:
“[smugly] Why would I create an account to hold some representation of my identity? Instead, I want to use a different site that exists solely to represent some aspect of my identity.”
Great, I love Gravatar!
I would love to see OpenID implement avatars instead because I get to choose what people see on a site by site basis. I’ve seen it mention before, but it’s a site just for an avatar to be pulled from…OpenID already houses the data that I want my sites to see, why not an avatar as well?
Nice idea, but I’ll just wait for the OpenID avatar initiative