@thomasfuchs I could never get over the creepiness of websites sharing my email with them and them being able to connect my identity with the gravitar powerd forums I visited and used.
Conversation
Notices
-
Embed this notice
timthelion (timthelion@emacs.ch)'s status on Friday, 11-Aug-2023 11:10:42 JST timthelion -
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Friday, 11-Aug-2023 11:10:41 JST Thomas 🔭🕹️ @timthelion they don’t share your email, just a md5 digest of it, so at least if you don’t have an account with Gravatar it should be private
-
Embed this notice
Thomas 🔭🕹️ (thomasfuchs@hachyderm.io)'s status on Friday, 11-Aug-2023 12:56:58 JST Thomas 🔭🕹️ @timthelion @bk1e The whole point of the service is zero-configuration avatars for services annals apps. Note that these are non-reversible hashes of email addresses you’re talking about, not state secrets. ¯\_(ツ)_/¯
-
Embed this notice
Brad (bk1e@mastodon.social)'s status on Friday, 11-Aug-2023 12:57:00 JST Brad @thomasfuchs @timthelion That is interesting considering the recent controversy over the .NET “Moq” library sending hashes of developers’ email addresses to the cloud. It’s no longer private when someone has a database to do hash -> email lookups.
-
Embed this notice
timthelion (timthelion@emacs.ch)'s status on Friday, 11-Aug-2023 12:57:00 JST timthelion @bk1e @thomasfuchs It gets worse when according to wikipedia the hashes are right in the urls and therefore PUBLICLY available. And it's md5, which is far from secure...
-
Embed this notice