• If you have an avatar (a picture) here on AskWoody, make sure Gravatar doesn’t have any personal data

    Posted on October 4, 2020 at 10:20 CDT by Comment in the Forums

    Ax Sharma at BleepingComputer published an article that shows how a sufficiently motivated cracker can scan all of the entries at Gravatar.com and pick up personal information there.

    If you have an avatar here on AskWoody (or on any other WordPress-based site), you have an entry in the Gravatar database. That’s where WordPress (and other sites) pick up your picture. Your picture is indexed by email address – your username on AskWoody doesn’t make any difference. The picture gets picked up by matching the email address you have associated with your AskWoody account, with an email address in the Gravatar database.

    Gravatar is owned by WordPress.

    Since this new scraping technique can pull data from Gravatar, you might want to double-check and make sure you don’t have any sensitive info stored over there. It’s easy.

    Step 1. Go to Gravatar.com

    Step 2. In the upper right, click Sign In. Enter your email address and your Gravatar password (not your AskWoody password). Click Continue and Sign In.

    Step 3. Click My Profile. You see the settings in the screenshot.

     

    Step 4. Work through the entries on the right side and make sure there’s absolutely nothing there that you want to have snooped.

    Step 5. If you changed anything, click Save Profile.

    To be clear, this hack has nothing to do with WordPress itself, nor with AskWoody. But if you’ve set up an avatar for use on AskWoody or any other WordPress site, you should make the effort now to ensure that there’s nothing in the Gravatar database that you don’t want scarfed up for posterity.

    A reminder that AskWoody maintains the absolute minimum amount of information necessary to keep the site going — your username, the email address you used to create the account, your Plus membership status, and any additional info you may have stored, including your signature if you created one. Your password is stored in a one-way salted hash, which means that anyone reading the AskWoody database wouldn’t be able to figure out your password.

    Of course, we don’t store any payment information on AskWoody.com, or anything else worthy of tracking.

    Thx @Microfix, @Kirsty, @PKCano…

    Privacy
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.