Regards,
Sinha

John P.

1. The entire reason Gravatar offers their service is to collect internet usage data across multiple sites. It is not offered free out of the goodness of their heart. The entire purpose of the service is to analyse the way YOU navigate the internet.

2. Gravatar has clear plans to monetise this data. Whether they are successful or not is another story.

3. It is unlikely that Gravatar would ever disclose individual user’s personal information, but it is not impossible. The Chinese government has often requested to these kind of information aggregators to disclose data for the prosecution of political dissidents – and very often these requests are met resulting in bloggers being jailed (see Yahoo!’s experiences in China). For example, if I leave a number of comments promoting democracy criticising the PRC government on various blogs, it is entirely possible that the Chinese government could use legal authority to request the holder of information to disclose that to them. By retaining this information and preventing you from stoppping it’s collection, Gravatar is putting both bloggers and commenters at risk. This is not just in China. The Patriot Act and many other new pieces of post-9/11 legislation in Western countries convey similar powers to government.

4. The most egregious part of Gravatar’s service is the inability to stop them from collecting your data. I have in the past tried to cancel a Gravatar registration. Gravatar does not allow this and will continue to track your e-mail address for the rest of time.

5. Gravatar does not provide any details about how they use your personal information and does not respond to any queries relating to privacy issues.

6. I do not believe Gravatar is an opt-in service. Obviously they will not display an avator unless you register, but if a blog is Gravatar-enabled, every time you comment on it, your e-mail address is sent to Gravatar. Even if they do not retain this address (and it is quite possible that they do – their Privacy Policy is silent on this point and they have not responded to any of my enquiries on this point), it is VERY likely that your internet usage is still tracked in an anonymous fashion. That is, if I use the same e-mail address to comment on 5 different blogs, even if I am not a registered Gravatar user the fact that a user has accessed those 5 blogs is very likely retained by Gravatar.

Much is made of facebook and Google Chrome’s use of personal information, but Gravatar is far and away the worst popular internet service I have encountered in terms of user (and non-user) personal information.

As a lawyer, I strongly urge all blog authors and users who are concerned about their privacy to avoid Gravatar.

The problem with Gravater ain’t that it serves as a central download host for image thumbnails, primarily. Users signing up will understand that. We don’t have to argue about that.

But what they won’t understand is that they leave more than just their email address. Most users signing up don’t realize that Gravatar can be misused like a web bug. There is no clue on the Gravatar web page that the thing stores more than just the email address and an image or is capable of doing so. And that’s simply not OK. In fact, Gravatar is in violation with laws in several European countries, I am sure they violate German law. They don’t tell users what kind of data they collect or could collect about them and they don’t allow users to delete an account including the data. That’s simply not OK as well. In fact, I’m pretty sure that’s illegal in several countries as well. And if that’s not enough, they don’t react on inquiries at their set-up email address for privacy issues. In my opinion, it’s more than a good idea to be cautious if you care about Internet usage tracks.

Take my friend who introduced me to Gravatar and wanted an opinion. She’s an IT student and runs her own blog, codes PHP and so on. She isn’t a computer illiterate. Yet, she failed to see that Gravatar could theoretically create a database of usage profiles of its users and be able to tell where and when they commented. I explained to her, she agreed yet she still uses the service as she trusts it. I don’t because the people running the service don’t give me any reason to. It’s a question of personality. I am a cautious guy. My trust is not for free.

It’s a fact that the people running Gravatar can collect an awful lot of private data about its users and they don’t tell or explain. It’s a fact that you can’t get rid of this data once signed up for the service. It’s a fact they haven’t replied my inquiry. It’s a fact they don’t disclose who is actually running that service and everybody is willfully using it like lemmings. That’s stupid.

So, when I saw that you wrote a blog post advising on removing “Internet usage tracks” I found it very funny that you yourself are leaving Internet usage tracks of the most private nature in the hands of people you don’t know, at terms they don’t disclose. Every time you comment on ANY blog using your Gravatar that can be tracked and registered on servers serving your Gravatar file. They could be able to tell you when and where you commented. They could know how often you comment. Anybody in their right mind about Internet usage tracks wouldn’t want that. And then I read your blog post about removing Internet usage tracks locally (Ah, the irony!) from your computer while you willingly leave them with a service on the Internet where you can’t delete them and you don’t know anything about. That’s why I couldn’t resist and had to comment. I’m disappointed you can’t see that point.

I stumbled across your blog post while googling for “Gravatar privacy”. Ironic, isn’t that?

I did in fact read your article, and I do indeed understand the points you are making, but I still respectfully disagree with your premise. While I have no doubt that there are many naive, and even some stupid, people who have no idea what is going on online, I believe that choosing to make an issue out of Gravatar is simply the wrong target.

My disagreement is based on the premise that Gravatar’s underlying principle is indeed that they will “follow” you all around the Web and display your avatar whereever you want them to. To me, it just can’t get any simpler. And if people don’t understand the privacy implications, the owness is on them, not Gravatar.

John P.

I totally disagree with your assessment of the issue. If you’ve read my blog post, then you’ll have to agree that it’s not as easy as just “opting in” Gravatar. Let’s face it, most users sign up for stuff and don’t know what they get into or what implications this has.

Gravatar is not transparent. Their privacy policy sucks, they don’t have terms of use, they don’t tell you what kind of misuse potential their service has, they do nothing to calm down any worries about the web bug issue. Hell, they don’t even answer to mails to privacy@gravatar.com! Take a look at their site. Can you tell me as an average user who is running this site? There’s no name, no address, nothing. Would you trust your browsing behaviour to any stranger just like that? And best of all: you can’t even delete your account and data they have about you!

I don’t mean to attack anybody who’s using Gravatar, but has anybody EVER thought about how STUPID it is to opt-in into something like that without prior investigation what this service is about? And you’ve gotta admit that Gravatar doesn’t look too good after investigating it. In case you haven’t done so already, you really should read what I blogged about this. It doesn’t seem like you have. My last question in my blog post was “Are you really sure you want to use this service?”. So in the end, I leave everybody the choice to sign up. But you should at least recognize there’s a privacy issue.

There is a significant difference between an opt-in service like Gravatar and a “privacy issue”. So significant, in fact, that I find your assertion preposterous.

If I, or you, or anyone else, decides to register for a Gravatar service which I know will follow me everywhere I personally self identify using my registered e-mail address, that is NOT a privacy issue.

John

Matt’s web bug or “Hey, where did my privacy go?”

actually The Dane refers me to your site, and since them I am addicted to the site, actually I do a kind of same thing, but not online based. I am a diving instructor in the philippines and me and some friends started a project (sponsered by the EU) to teach the poor fishermen how to conserve and to protect the reefs here and how to make their work more profitable, and I can tell you it is big time fun to sit with 5 locals at sunrise on a smaal fishing-boat and try to invent new tchniques… also very entertaining for all of them and for me even the classroom hours with them…

BTW, did you choose your next holiday-destination already? If you dont spend all money on Playboy-Benefits… hehe

cheers and thanks again

Rhoody

didi

Take care,

John

I slowly read my self through many of your posts, and of the comments, you created such an amazing site with plenty of fun AND information. Thank you for that…

cheers

Rhoody

John