tracking

fernandel

Aspiring Daemon

Reaction score: 244
Messages: 921

Hi!

When I use the Forum my firewall blocking 192.0.73.2:443 ...in via...
I have this address on my blocking list. Does anyone has the same experience, please?
Thank you.
 

memreflect

Active Member

Reaction score: 140
Messages: 163

Adding to what [USER=51300]VladiBG[/USER] mentioned, if you look at your avatar settings for the forums, you can use Gravatar or upload a custom avatar, which is why you're seeing that IP appear when using the forums. There's nothing wrong with blocking Gravatar, but it's not harmful to leave unblocked either.
 

getopt

Aspiring Daemon

Reaction score: 613
Messages: 866

but it's not harmful to leave unblocked either.
Here is a cite that is more informative:

"I’m a lawyer specialising in internet and privacy issues at a Fortune 100 company and I personally think that Gravatar is easily the worst service available in terms of your data security and privacy. I generally don’t comment on any blogs that are Gravatar-enabled (this being an exception), for the following reasons:

1. The entire reason Gravatar offers their service is to collect internet usage data across multiple sites. It is not offered free out of the goodness of their heart. The entire purpose of the service is to analyse the way YOU navigate the internet.

2. Gravatar has clear plans to monetise this data. Whether they are successful or not is another story.

3. It is unlikely that Gravatar would ever disclose individual user’s personal information, but it is not impossible. The Chinese government has often requested to these kind of information aggregators to disclose data for the prosecution of political dissidents – and very often these requests are met resulting in bloggers being jailed (see Yahoo!’s experiences in China). For example, if I leave a number of comments promoting democracy criticising the PRC government on various blogs, it is entirely possible that the Chinese government could use legal authority to request the holder of information to disclose that to them. By retaining this information and preventing you from stopping it’s collection, Gravatar is putting both bloggers and commenters at risk. This is not just in China. The Patriot Act and many other new pieces of post-9/11 legislation in Western countries convey similar powers to government.

4. The most egregious part of Gravatar’s service is the inability to stop them from collecting your data. I have in the past tried to cancel a Gravatar registration. Gravatar does not allow this and will continue to track your e-mail address for the rest of time.

5. Gravatar does not provide any details about how they use your personal information and does not respond to any queries relating to privacy issues.

6. I do not believe Gravatar is an opt-in service. Obviously they will not display an avator unless you register, but if a blog is Gravatar-enabled, every time you comment on it, your e-mail address is sent to Gravatar. Even if they do not retain this address (and it is quite possible that they do – their Privacy Policy is silent on this point and they have not responded to any of my enquiries on this point), it is VERY likely that your internet usage is still tracked in an anonymous fashion. That is, if I use the same e-mail address to comment on 5 different blogs, even if I am not a registered Gravatar user the fact that a user has accessed those 5 blogs is very likely retained by Gravatar.

Much is made of facebook and Google Chrome’s use of personal information, but Gravatar is far and away the worst popular internet service I have encountered in terms of user (and non-user) personal information.
As a lawyer, I strongly urge all blog authors and users who are concerned about their privacy to avoid Gravatar." End of cite.

I found this cite somehow off topic there:

Interesting is that this information is 13 years old. Regarding the 2nd point one can say from hindsight, that Gravatar made a lot of money for Thomas Preston-Werner, who is an American billionaire, in all those years from users not caring to be used and measured. Gravatar's tools became most probably more powerful over the years.

What does Gravatar give you in return to your privacy?
I do not want to feed American billionaires for ethical reasons.
 

obsigna

Daemon

Reaction score: 743
Messages: 1,158

On my gateways, for some years already, gravatar.com and all of its sub-domains are resolved to NXDOMAIN by the way of the dns/void-zones-tools:
Code:
rolf$ host gravatar.com
Host gravatar.com not found: 3(NXDOMAIN)

rolf$ host en.gravatar.com
Host en.gravatar.com not found: 3(NXDOMAIN)

rolf$ host secure.gravatar.com
Host secure.gravatar.com not found: 3(NXDOMAIN)

Only instead of avatars, I see this:

Bildschirmfoto 2020-11-29 um 10.52.11.png


The question mark avatars are meant to be read, why the hell do these guys use gravatar.com?
 

memreflect

Active Member

Reaction score: 140
Messages: 163

[USER=42828]getopt[/USER]
I should have been more precise in my wording. What I meant to say is it's not a security risk in the sense that one can use the information provided to attack your personal network. However, I do feel it is a privacy risk.

Like any other product, usage of Gravatar requires consent to its privacy practices, and if you don't agree with them, don't use the service. Of course, there's a loophole in that logic: sites may still make use of the service provided by Gravatar, and those sites may not be aware of the privacy implications and might consequently forget to mention it in their privacy policies. Remember that even if you block it from loading on your end, that doesn't stop programs from seeing it on their end—programs like hash harvesters that might get lucky to harvest a hash of an email address.

On the other hand, I don't use an avatar in the first place, so I'm likely not leaking any private information like an MD5 hashed email address that Gravatar could use to associate with an individual user's avatar. I also use the same email address on Stack Overflow—another site that uses Gravatar—and a few other sites. I get maybe 1 or 2 spam emails per year. Based on that, I'd conclude that Gravatar just isn't a viable attack surface to those who seek to exploit one's private information.

While they're not authoritative sources, a number of discussions in the Stack Exchange network have been started about the privacy risks associated with Gravatar, and the conclusion I draw from the discussions is that whether you block Gravatar or not is mostly a matter of principle. Some "answers" in the questions linked below support my theory that Gravatar just isn't worth the time when you can harvest emails from other sites far more easily.


The last page linked also contains an "answer" providing a "cautionary tale" where someone didn't follow the most basic rule of privacy on the internet: if you don't want a piece of information available for others to steal and use against you, don't publish the information in the first place.

Edit:

A more specific case would be a discussion forum concerning health information. Healthcare regulations such as HIPAA in the USA state that email addresses are personally identifiable information, which are considered protected health information; legal ramifications would certainly be plausible if one's Gravatar could be reliably traced back to their email address. If we were discussing the Gravatar service in that context, I would say it needs to be removed entirely and shouldn't have been used from the start. However, outside of those contexts where privacy laws protect personal information like that, it's simply a choice for site admins to allow the service and a choice for users of that site to share that information.
 

obsigna

Daemon

Reaction score: 743
Messages: 1,158

[USER=60220]memreflect[/USER], your discussion of privacy concerns is missing one crucial point, namely the profiling & targeting part of all these tracking efforts. Gravatar does track you even if you are not registered with them. Now why at all is tracking a privacy issue? There are even some people here on these Forums who don’t seem to have any problem with it. However, I do have and many others as well. The problem for me is that based on the profile which these crooks stitched together about my interests and preferences would be used to show me biased content. I call this manipulation, and for me this is so much upsetting that I wrote a BLog article about it, naming Google Analytics which belongs to just another group of crooks:
https://obsigna.com/articles/1528644109.html
 
Top