Comments on Closing the open redirect vulnerability in the Libravatar ecosystem

Be civil and read the entire article first. This is not a support forum. Comments from new contributors are moderated. English only.

Plain-text only. Begin lines with a > character to quote.

So, this will be the first comment in this new comment system. Hello world!

Anyhow, Libravatars and Gravatars leak too much information. Passing around a hash of your email address isn’t a good idea. That’s why I’m not using them in this comment system. Instead, you’ll get a unique avatar generated from a salted version of your email address.

You get a unique avatar that people can use to recognize you in the comment system, but one that can’t be used to track you across the web.


Thanks for the heads-up about the vulnerability on my server! I didn't patch it, but removed Libravatar from my server and domain. I liked the idea of it, but no websites (not even yours) support it. Cheers.

Get notified of new replies by feed or email.