liberapay.com icon indicating copy to clipboard operation
liberapay.com copied to clipboard

Published 20 hours ago verified publisher icon liberapay

Using Libravatar by default is a privacy weakness

Open Changaco opened this issue 1 year ago • 2 comments

Using Libravatar leaks the MD5 hash of the account's primary email address, so it should be opt-in, not opt-out.

Changaco avatar Jan 13 '23 09:01 Changaco

Why not change to a SHA256 Hash instead? the MD5 was always only meant to ensure Gravatar compatibility.

Reference: https://wiki.libravatar.org/api/

jaschaurbach avatar May 12 '23 09:05 jaschaurbach

Why not change to a SHA256 Hash instead?

Because leaking a SHA256 hash isn't really better than leaking an MD5, and because we would lose the automatic fallback to Gravatar.

Changaco avatar May 12 '23 09:05 Changaco