By default Gravatar grabs and then leaks private info in emails to blog admins

tadaddy · Member · Aug 31, 2012 at 7:39 pm
Copy link

Add topic to favorites
I just created a new blog. I left the profile blank. Minutes after creating the site, I received an email from Gravatar.com announcing that I had a new ‘follower’. I got over the surprise of receiving an email from a random web site (I understand wordpress owns Gravatar). I then realized that Gravatar was just telling me I was following myself. No problem — But then just below my userid, the email gave away my location: City, State and Country.

Interesting. I never provided this information and I never filled in my profile. My location was presumably deduced from the ip address that I logged in from, and then sent out in the email to the blog admin (in this case me, but it could have been an blog admin who I decided to follow).

I understand the information is available from the ip-address, but sending it out in an email without my knowledge or consent?? Really???

You guys should fix this.

The topic ‘By default Gravatar grabs and then leaks private info in emails to blog admins’ is closed to new replies.

Couldn't find what you needed?

Contact us

Get answers from our AI assistant, with access to 24/7 expert human support on paid plans.

Browse our guides

Find step-by-step solutions to common questions in our comprehensive guides.