Uncheck “Settings > Discussion > Show Avatars” setting by default for new installs. Keep functionality in code.
Read-only archive : Issues · ClassicPress/ClassicPress · GitHub
Author : Dora D.
Vote count : 103
Status : open
Tags :
difficulty-moderate
request-modify-feature
Comments
If we disable gravatars by default, it needs to serve generic avatars by default. It has gravatar serve them.
Why is it relevant what WP knows?
~ posted by David Shanske
I agree that gravatar has nothing to do with CP’s purpose as a CMS and supporting that code seems counter-intuitive for core, going forward. As a feature plugin, sure, but Gravatar is definitely a pet project of Matt’s that is just confusing to most users. Support requests for how to change the avatar are a constant part of life for any membership site that uses this functionality. If we want to support avatars out of box, they should be locally hosted. Let gravatar be a plugin.
~ posted by Greg Schoppe
local avatars by default I second that
~ posted by rotello
As a business user, I don’t want any avatars AT ALL, except on forum and / or marketing subdomains.
Avatars are for social networking aspects, NOT for non-marketing sites where people have specific jobs to do that don’t require talking to one another and where sensitive data is stored. I am not the only person who feels like this. Plugins that disable author pages exist for a very similar reason.
So yes, I don’t want WP (or anyone else) knowing exactly who visits which pages on my websites…
Please disable all calls to gravatar by default.
~ posted by ALS
On this I agree with @ALS . Business users very often sport informative sites, very few publish blogs. So avatar and author pages may not be relevant to them.
But there’s a catch, we may aim CP at business users entirely, but we aren’t able to foresee realistically who will going to use it and for what.
So I feel we need to set no gravatars by default, leaving hidden in some place the feature to switch them on at site owners’ liking and convenience.
~ posted by Elisabetta Carrara (Emc2)
While I think disabling any external calls to Gravatar by default is perhaps a reasonable idea for any WordPress fork, I do think its one of the more universally useful projects that Automattic has maintained. Heck, even this Petitions website is using the Gravatar service to display user photos
For performance and privacy reasons, having it disabled by default is probably a useful idea to consider. But aggressively trying to eliminate Gravatar is probably not a good idea because the service is more popular than you might think… plus, it makes managing user photos much easier for many projects, and having to reverse engineer that and then tell users to install a plugin is pretty messy.
Imagine a WordPress or ClassicPress website that is being used to create a dating community (etc)… do you think tech savvy users are more comfortable uploading personal photos to your Bluehost cPanel server, or keeping a single profile picture on their Gravatar account that can be changed anytime?
I don’t think Automattic deserves criticism on this one, frankly… it arguably improves privacy and control more than anything.
~ posted by Jesse
I see some comments in here about local avatars. Is it a better option to open a different petition for this? I see James in the second comment said there is nothing to do here because of the initial state.
~ posted by Laurence Bahiirwa
I see some comments in here about local avatars. Is it a better option to open a different petition for this?
Open to ideas about this but here is what I am thinking now: When we move Gravatar out to a core plugin we will need a fallback option (local avatars) for when users remove/disable Gravatar. So incorporating local avatars into core would be part of a complete implementation of this petition.
I see James in the second comment said there is nothing to do here because of the initial state.
I was wrong about this - I didn’t realize at the time that all current avatar options effectively call out to Gravatar.
~ posted by James Nylen
viktor
September 19, 2021, 10:25pm
3
This petition received a lot of support and simply calls for the option to be disabled by default. This is an option inside schema.php:
// 2.1
'blog_public' => '1',
'default_link_category' => 2,
'show_on_front' => 'posts',
// 2.2
'tag_base' => '',
// 2.5
'show_avatars' => '1',
'avatar_rating' => 'G',
'upload_url_path' => '',
'thumbnail_size_w' => 150,
'thumbnail_size_h' => 150,
'thumbnail_crop' => 1,
'medium_size_w' => 300,
'medium_size_h' => 300,
// 2.6
'avatar_default' => 'mystery',
But, as we noticed with disabling comments , a simple option change can cause additional problems.
The ideal outcome will be for Gravatars to be removed from the core and moved into a core plugin. For now, disabling by default can be a good option.
1 Like
I was thinking the same thing. They are enabled by default which mean that we are shipping CP with…
all current avatar options effectively call out to Gravatar.
There is good agreement that this should be disabled as an interim solution. I can do a PR for the simple change in schema.php, but it remains to be seen how much extra work is involved.
1 Like
I would say this is a good fit for an urgent 1.3.1 release. ClassicPress sending tracking data to a third party service owned by a competitor is both a bug and a security vulnerability.
1 Like
viktor
September 20, 2021, 2:31pm
6
If you can do a PR, that would be great. We can see what the core team will say. Hopefully, it’s an easier change than comments.
1 Like
james
September 20, 2021, 5:27pm
7
Not a bug: this is functionality that we inherited from WordPress that is working as intended.
Not a security vulnerability: the current state of this functionality could not lead to sites getting hacked.
It is a privacy issue and we can do better, but it doesn’t make sense to do an urgent new release for this. The change being proposed will only affect new installations since we are changing a default.
It’s unfortunate that we would need to disable all avatars in order to make this possible, but I agree with this interim solution. I’d put this in 1.4.0.
3 Likes
james:
I’d put this in 1.4.0.
Are you doing the PR or do you want me to do it?
EDIT: Sorry, I read that as “I’ll put this…”. I have now done the PR.
ClassicPress:develop
←
opened 05:52AM - 21 Sep 21 UTC
Change a setting so that avatars are set to "off" by default.
## Descriptio… n
This PR changes the default setting of the show avatars checkbox to be unchecked on any new CP installation.
## Motivation and context
All of the avatar options (including the default mystery option) involve a call out to Gravatar, which is run by Automattic. This is a privacy concern for CP.
The petition has a lot of popular support. More discussion here: https://forums.classicpress.net/t/disable-gr-avatar-by-default/2801
## How has this been tested?
On a new install change this line in schema.php from 1 to 0.
```
// 2.5
'show_avatars' => '0',
```
Set up the new site and check in the settings.
**NOTE:** As with the other previous change to schema.php there will probably be other related changes required. This is a preliminary PR to get us started.
## Screenshots
### Before
![before](https://user-images.githubusercontent.com/46998578/134118483-273f63e5-e256-438c-98a8-03f265e35bd5.jpg)
### After
![after](https://user-images.githubusercontent.com/46998578/134118602-3a97ba3d-50f3-46e0-b598-1316ac11d6ff.jpg)
## Type
- New feature
2 Likes
The ideal outcome will be for Gravatars to be removed from the core. Statement ends.
Gravatar is an Automattic “service” that has the ability to track admin usage, and has no place in ClassicPress. It should have been surgically removed by Scott when developing the Sunrise Alpha.
Some may disagree but my view will not change.
1 Like
Setting avatars not to show by default is a good move. But I don’t really understand the rest of this discussion. Surely all that needs to be done to avoid a call out to gravatars is to use the pre_get_avatar
filter. That’s what I do. It also has the effect of loading the local avatar much faster than using the get_avatar
filter because the former fires earlier.
This also has the advantage that those who want to use gravatar (which Jesse suggests some people do) can still do so.
1 Like
maiki
March 27, 2022, 7:41pm
12
There seems to be a patch ready at Set default show_avatars option to off · Pull Request #803 · ClassicPress/ClassicPress · GitHub , but it may be awaiting a test unit in Change default_comment_status to closed · Pull Request #793 · ClassicPress/ClassicPress · GitHub (concerning default comments settings).
What is the next step for this change? (I’m not experienced with PHP Unit tests…)
@maiki
PR 803 is ready to merge into develop once 1.4.0 is released pending the work on 1.5.0. Once 803 is merged we can take a look at 793 and extending tests there to ensure the setting is off be default but still running all of the current tests.
At the moment pretty much everything is waiting for 1.4.0 to be released.
3 Likes
maiki
March 27, 2022, 10:20pm
14
Thanks so much for the update!
viktor
July 8, 2022, 4:51am
15
This petition has a pull-request and has been scheduled version 1.5.0. This will be marked completed and closed.
ClassicPress:develop
←
opened 05:52AM - 21 Sep 21 UTC
Change a setting so that avatars are set to "off" by default.
## Descriptio… n
This PR changes the default setting of the show avatars checkbox to be unchecked on any new CP installation.
## Motivation and context
All of the avatar options (including the default mystery option) involve a call out to Gravatar, which is run by Automattic. This is a privacy concern for CP.
The petition has a lot of popular support. More discussion here: https://forums.classicpress.net/t/disable-gr-avatar-by-default/2801
## How has this been tested?
On a new install change this line in schema.php from 1 to 0.
```
// 2.5
'show_avatars' => '0',
```
Set up the new site and check in the settings.
**NOTE:** As with the other previous change to schema.php there will probably be other related changes required. This is a preliminary PR to get us started.
## Screenshots
### Before
![before](https://user-images.githubusercontent.com/46998578/134118483-273f63e5-e256-438c-98a8-03f265e35bd5.jpg)
### After
![after](https://user-images.githubusercontent.com/46998578/134118602-3a97ba3d-50f3-46e0-b598-1316ac11d6ff.jpg)
## Type
- New feature
1 Like
viktor
Closed
July 11, 2022, 4:51am
16
This topic was automatically closed after 3 days. New replies are no longer allowed.