Disable (gr)avatar by default

discobot · March 6, 2021, 4:53pm

Uncheck “Settings > Discussion > Show Avatars” setting by default for new installs. Keep functionality in code.

Read-only archive: https://petitions.classicpress.net/posts/8/disable-gr-avatar-by-default

Author: Dora D.

Vote count: 103

Status: open

Tags:

difficulty-moderate
request-modify-feature

Comments

While I think disabling any external calls to Gravatar by default is perhaps a reasonable idea for any WordPress fork, I do think its one of the more universally useful projects that Automattic has maintained. Heck, even this Petitions website is using the Gravatar service to display user photos

For performance and privacy reasons, having it disabled by default is probably a useful idea to consider. But aggressively trying to eliminate Gravatar is probably not a good idea because the service is more popular than you might think… plus, it makes managing user photos much easier for many projects, and having to reverse engineer that and then tell users to install a plugin is pretty messy.

Imagine a WordPress or ClassicPress website that is being used to create a dating community (etc)… do you think tech savvy users are more comfortable uploading personal photos to your Bluehost cPanel server, or keeping a single profile picture on their Gravatar account that can be changed anytime?

I don’t think Automattic deserves criticism on this one, frankly… it arguably improves privacy and control more than anything.

~ posted by Jesse

system · September 19, 2021, 6:20pm

viktor · September 19, 2021, 10:31pm

This petition received a lot of support and simply calls for the option to be disabled by default. This is an option inside schema.php:

github.com

ClassicPress/ClassicPress/blob/a665bda2d734618e8248de19bbb4a897fee59fc2/src/wp-admin/includes/schema.php#L469

    
      
          
          
	// 2.1
          	'blog_public' => '1',
          	'default_link_category' => 2,
          	'show_on_front' => 'posts',
          
          
	// 2.2
          	'tag_base' => '',
          
          
	// 2.5
          	'show_avatars' => '1',
          	'avatar_rating' => 'G',
          	'upload_url_path' => '',
          	'thumbnail_size_w' => 150,
          	'thumbnail_size_h' => 150,
          	'thumbnail_crop' => 1,
          	'medium_size_w' => 300,
          	'medium_size_h' => 300,
          
          
	// 2.6
          	'avatar_default' => 'mystery',

But, as we noticed with disabling comments, a simple option change can cause additional problems.

The ideal outcome will be for Gravatars to be removed from the core and moved into a core plugin. For now, disabling by default can be a good option.

ozfiddler · September 20, 2021, 12:47am

I was thinking the same thing. They are enabled by default which mean that we are shipping CP with…

all current avatar options effectively call out to Gravatar.

There is good agreement that this should be disabled as an interim solution. I can do a PR for the simple change in schema.php, but it remains to be seen how much extra work is involved.

zigpress · September 20, 2021, 7:01am

I would say this is a good fit for an urgent 1.3.1 release. ClassicPress sending tracking data to a third party service owned by a competitor is both a bug and a security vulnerability.

viktor · September 20, 2021, 2:31pm

If you can do a PR, that would be great. We can see what the core team will say. Hopefully, it’s an easier change than comments.

james · September 20, 2021, 5:27pm

Not a bug: this is functionality that we inherited from WordPress that is working as intended.

Not a security vulnerability: the current state of this functionality could not lead to sites getting hacked.

It is a privacy issue and we can do better, but it doesn’t make sense to do an urgent new release for this. The change being proposed will only affect new installations since we are changing a default.

It’s unfortunate that we would need to disable all avatars in order to make this possible, but I agree with this interim solution. I’d put this in 1.4.0.

ozfiddler · September 21, 2021, 5:55am

Are you doing the PR or do you want me to do it?

EDIT: Sorry, I read that as “I’ll put this…”. I have now done the PR.

github.com/ClassicPress/ClassicPress

Set default show_avatars option to off

ClassicPress:develop ← simplycomputing:Disable-gravatar-by-default

opened 05:52AM - 21 Sep 21 UTC

simplycomputing

+1 -1

Change a setting so that avatars are set to "off" by default. ## Descriptio…n This PR changes the default setting of the show avatars checkbox to be unchecked on any new CP installation. ## Motivation and context All of the avatar options (including the default mystery option) involve a call out to Gravatar, which is run by Automattic. This is a privacy concern for CP. The petition has a lot of popular support. More discussion here: https://forums.classicpress.net/t/disable-gr-avatar-by-default/2801 ## How has this been tested? On a new install change this line in schema.php from 1 to 0. ``` // 2.5 'show_avatars' => '0', ``` Set up the new site and check in the settings. **NOTE:** As with the other previous change to schema.php there will probably be other related changes required. This is a preliminary PR to get us started. ## Screenshots ### Before ![before](https://user-images.githubusercontent.com/46998578/134118483-273f63e5-e256-438c-98a8-03f265e35bd5.jpg) ### After ![after](https://user-images.githubusercontent.com/46998578/134118602-3a97ba3d-50f3-46e0-b598-1316ac11d6ff.jpg) ## Type - New feature

zigpress · September 21, 2021, 12:03am

The ideal outcome will be for Gravatars to be removed from the core. Statement ends.

Gravatar is an Automattic “service” that has the ability to track admin usage, and has no place in ClassicPress. It should have been surgically removed by Scott when developing the Sunrise Alpha.

Some may disagree but my view will not change.

timkaye · October 3, 2021, 8:14pm

Setting avatars not to show by default is a good move. But I don’t really understand the rest of this discussion. Surely all that needs to be done to avoid a call out to gravatars is to use the pre_get_avatar filter. That’s what I do. It also has the effect of loading the local avatar much faster than using the get_avatar filter because the former fires earlier.

This also has the advantage that those who want to use gravatar (which Jesse suggests some people do) can still do so.