https://comment.ctrl.blog/discussion/libravatar-open-redirect?api=feed2021-12-09T03:50:00ZClosing the open redirect vulnerability in the Libravatar ecosystem (Discussion thread)https://comment.ctrl.blog/discussion/libravatar-open-redirect#comment-182021-12-09T03:50:00ZDennisNew comment on: Closing the open redirect vulnerability in the Libravatar ecosystem<p>Thanks for the heads-up about the vulnerability on my server! I didn't patch it, but removed Libravatar from my server and domain. I liked the idea of it, but no websites (not even yours) support it. Cheers.</p>
<hr>
<p><a href="https://comment.ctrl.blog/discussion/libravatar-open-redirect#comment-18">Reply and view the full discussion</a>.</p>https://comment.ctrl.blog/discussion/libravatar-open-redirect#comment-152021-12-08T17:51:00ZDaniel AleksandersenNew comment on: Closing the open redirect vulnerability in the Libravatar ecosystem<p>So, this will be the first comment in this new comment system. Hello world!
</p>
<p>Anyhow, Libravatars and Gravatars leak too much information. Passing around a hash of your email address isn’t a good idea. That’s why I’m not using them in this comment system. Instead, you’ll get a unique avatar generated from a salted version of your email address.
</p>
<p>You get a unique avatar that people can use to recognize you in the comment system, but one that can’t be used to track you across the web.</p>
<hr>
<p><a href="https://comment.ctrl.blog/discussion/libravatar-open-redirect#comment-15">Reply and view the full discussion</a>.</p>