Disable (gr)avatar by default

Uncheck “Settings > Discussion > Show Avatars” setting by default for new installs. Keep functionality in code.


Read-only archive: https://petitions.classicpress.net/posts/8/disable-gr-avatar-by-default

Author: Dora D.

Vote count: 103

Status: open

Tags:

  • difficulty-moderate
  • request-modify-feature

Comments

This petition received a lot of support and simply calls for the option to be disabled by default. This is an option inside schema.php:

But, as we noticed with disabling comments, a simple option change can cause additional problems.

The ideal outcome will be for Gravatars to be removed from the core and moved into a core plugin. For now, disabling by default can be a good option.

I was thinking the same thing. They are enabled by default which mean that we are shipping CP with…

all current avatar options effectively call out to Gravatar.

There is good agreement that this should be disabled as an interim solution. I can do a PR for the simple change in schema.php, but it remains to be seen how much extra work is involved.

1 Like

I would say this is a good fit for an urgent 1.3.1 release. ClassicPress sending tracking data to a third party service owned by a competitor is both a bug and a security vulnerability.

1 Like

If you can do a PR, that would be great. We can see what the core team will say. Hopefully, it’s an easier change than comments.

1 Like

Not a bug: this is functionality that we inherited from WordPress that is working as intended.

Not a security vulnerability: the current state of this functionality could not lead to sites getting hacked.

It is a privacy issue and we can do better, but it doesn’t make sense to do an urgent new release for this. The change being proposed will only affect new installations since we are changing a default.

It’s unfortunate that we would need to disable all avatars in order to make this possible, but I agree with this interim solution. I’d put this in 1.4.0.

2 Likes

Are you doing the PR or do you want me to do it?

EDIT: Sorry, I read that as “I’ll put this…”. I have now done the PR.

1 Like

The ideal outcome will be for Gravatars to be removed from the core. Statement ends.

Gravatar is an Automattic “service” that has the ability to track admin usage, and has no place in ClassicPress. It should have been surgically removed by Scott when developing the Sunrise Alpha.

Some may disagree but my view will not change.

1 Like

Setting avatars not to show by default is a good move. But I don’t really understand the rest of this discussion. Surely all that needs to be done to avoid a call out to gravatars is to use the pre_get_avatar filter. That’s what I do. It also has the effect of loading the local avatar much faster than using the get_avatar filter because the former fires earlier.

This also has the advantage that those who want to use gravatar (which Jesse suggests some people do) can still do so.