liberapay.com
liberapay.com copied to clipboard
Using Libravatar by default is a privacy weakness
Using Libravatar leaks the MD5 hash of the account's primary email address, so it should be opt-in, not opt-out.
Why not change to a SHA256 Hash instead? the MD5 was always only meant to ensure Gravatar compatibility.
Reference: https://wiki.libravatar.org/api/
Why not change to a SHA256 Hash instead?
Because leaking a SHA256 hash isn't really better than leaking an MD5, and because we would lose the automatic fallback to Gravatar.