Newsletter Archives

• If you have an avatar (a picture) here on AskWoody, make sure Gravatar doesn’t have any personal data

  Posted on October 4, 2020 at 10:20 CDT by woody • Comment in the Forums

  Ax Sharma at BleepingComputer published an article that shows how a sufficiently motivated cracker can scan all of the entries at Gravatar.com and pick up personal information there.

  If you have an avatar here on AskWoody (or on any other WordPress-based site), you have an entry in the Gravatar database. That’s where WordPress (and other sites) pick up your picture. Your picture is indexed by email address – your username on AskWoody doesn’t make any difference. The picture gets picked up by matching the email address you have associated with your AskWoody account, with an email address in the Gravatar database.

  Gravatar is owned by WordPress.

  Since this new scraping technique can pull data from Gravatar, you might want to double-check and make sure you don’t have any sensitive info stored over there. It’s easy.

  Step 1. Go to Gravatar.com

  Step 2. In the upper right, click Sign In. Enter your email address and your Gravatar password (not your AskWoody password). Click Continue and Sign In.

  Step 3. Click My Profile. You see the settings in the screenshot.

  

   

  Step 4. Work through the entries on the right side and make sure there’s absolutely nothing there that you want to have snooped.

  Step 5. If you changed anything, click Save Profile.

  To be clear, this hack has nothing to do with WordPress itself, nor with AskWoody. But if you’ve set up an avatar for use on AskWoody or any other WordPress site, you should make the effort now to ensure that there’s nothing in the Gravatar database that you don’t want scarfed up for posterity.

  A reminder that AskWoody maintains the absolute minimum amount of information necessary to keep the site going — your username, the email address you used to create the account, your Plus membership status, and any additional info you may have stored, including your signature if you created one. Your password is stored in a one-way salted hash, which means that anyone reading the AskWoody database wouldn’t be able to figure out your password.

  Of course, we don’t store any payment information on AskWoody.com, or anything else worthy of tracking.

  Thx @Microfix, @Kirsty, @PKCano…

  Privacy Gravatar

• Reprise: How to put a picture “avatar” on your account

  Posted on April 30, 2019 at 07:50 CDT by woody • Comment in the Forums

  It’s easy. WordPress picks up your picture from a site called Gravatar.com.

  Video Player

  Media error: Format(s) not supported or source(s) not found

  Download File: http://videos.videopress.com/HNyK67JS/sequence-01_dvd.mp4?_=1

  00:00

  00:00

  00:00

  Use Up/Down Arrow keys to increase or decrease volume.

  Gravatar is owned by WordPress, the company that makes the software that drives this site.

  We don’t support the full Gravatar shtick – you can’t click on an avatar on AskWoody and get all of the background info stored on Gravatar (sorry, it’s my privacy tin foil hat shining through) — but in spite of several legitimate privacy concerns, it works well for most people. I use it.

  Full discussion – including pro’s and con’s – here.

  Other Gravatar

• How to put an avatar (picture) next to your posts

  Posted on November 1, 2015 at 10:29 CST by woody • Comment in the Forums

  Lots of you have asked how I stuck a “Mr. Dummy” picture next to my posts in the comments. It’s easy – and only takes a second.

  Go to Gravatar, sign in, upload a pic, and you’re done. That’s all it takes.

  UPDATE: As noted by RC in the comments, setting up a Gravatar requires signing up for a WordPress id. Auttomatic, which owns both WordPress and Gravatar, wants you to sign up with a single id which it can use to track your browsing across WordPress sites. (Or you can look at it the other way around, which is you only need to sign up for Gravatar once, and it’ll work when you make comments on any WordPress site.)

  Uncategorized Gravatar