Uncheck “Settings > Discussion > Show Avatars” setting by default for new installs. Keep functionality in code.
Read-only archive: https://petitions.classicpress.net/posts/8/disable-gr-avatar-by-default
Author: Dora D.
Vote count: 103
If we disable gravatars by default, it needs to serve generic avatars by default. It has gravatar serve them.
Why is it relevant what WP knows?
~ posted by David Shanske
I agree that gravatar has nothing to do with CP’s purpose as a CMS and supporting that code seems counter-intuitive for core, going forward. As a feature plugin, sure, but Gravatar is definitely a pet project of Matt’s that is just confusing to most users. Support requests for how to change the avatar are a constant part of life for any membership site that uses this functionality. If we want to support avatars out of box, they should be locally hosted. Let gravatar be a plugin.
~ posted by Greg Schoppe
local avatars by default I second that
~ posted by rotello
As a business user, I don’t want any avatars AT ALL, except on forum and / or marketing subdomains.
Avatars are for social networking aspects, NOT for non-marketing sites where people have specific jobs to do that don’t require talking to one another and where sensitive data is stored. I am not the only person who feels like this. Plugins that disable author pages exist for a very similar reason.
So yes, I don’t want WP (or anyone else) knowing exactly who visits which pages on my websites…
Please disable all calls to gravatar by default.
~ posted by ALS
On this I agree with
@ALS. Business users very often sport informative sites, very few publish blogs. So avatar and author pages may not be relevant to them.
But there’s a catch, we may aim CP at business users entirely, but we aren’t able to foresee realistically who will going to use it and for what.
So I feel we need to set no gravatars by default, leaving hidden in some place the feature to switch them on at site owners’ liking and convenience.
~ posted by Elisabetta Carrara (Emc2)
While I think disabling any external calls to Gravatar by default is perhaps a reasonable idea for any WordPress fork, I do think its one of the more universally useful projects that Automattic has maintained. Heck, even this Petitions website is using the Gravatar service to display user photos
For performance and privacy reasons, having it disabled by default is probably a useful idea to consider. But aggressively trying to eliminate Gravatar is probably not a good idea because the service is more popular than you might think… plus, it makes managing user photos much easier for many projects, and having to reverse engineer that and then tell users to install a plugin is pretty messy.
Imagine a WordPress or ClassicPress website that is being used to create a dating community (etc)… do you think tech savvy users are more comfortable uploading personal photos to your Bluehost cPanel server, or keeping a single profile picture on their Gravatar account that can be changed anytime?
I don’t think Automattic deserves criticism on this one, frankly… it arguably improves privacy and control more than anything.
~ posted by Jesse
I see some comments in here about local avatars. Is it a better option to open a different petition for this? I see James in the second comment said there is nothing to do here because of the initial state.
~ posted by Laurence Bahiirwa
I see some comments in here about local avatars. Is it a better option to open a different petition for this?
Open to ideas about this but here is what I am thinking now: When we move Gravatar out to a core plugin we will need a fallback option (local avatars) for when users remove/disable Gravatar. So incorporating local avatars into core would be part of a complete implementation of this petition.
I see James in the second comment said there is nothing to do here because of the initial state.
I was wrong about this - I didn’t realize at the time that all current avatar options effectively call out to Gravatar.
~ posted by James Nylen
This petition received a lot of support and simply calls for the option to be disabled by default. This is an option inside schema.php:
'blog_public' => '1',
'default_link_category' => 2,
'show_on_front' => 'posts',
'tag_base' => '',
'show_avatars' => '1',
'avatar_rating' => 'G',
'upload_url_path' => '',
'thumbnail_size_w' => 150,
'thumbnail_size_h' => 150,
'thumbnail_crop' => 1,
'medium_size_w' => 300,
'medium_size_h' => 300,
'avatar_default' => 'mystery',
as we noticed with disabling comments, a simple option change can cause additional problems.
The ideal outcome will be for Gravatars to be removed from the core and moved into a core plugin. For now, disabling by default can be a good option.
I was thinking the same thing. They are enabled by default which mean that we are shipping CP with…
all current avatar options effectively call out to Gravatar.
There is good agreement that this should be disabled as an interim solution. I can do a PR for the simple change in schema.php, but it remains to be seen how much extra work is involved.
I would say this is a good fit for an urgent 1.3.1 release. ClassicPress sending tracking data to a third party service owned by a competitor is both a bug and a security vulnerability.
If you can do a PR, that would be great. We can see what the core team will say. Hopefully, it’s an easier change than comments.
Not a bug: this is functionality that we inherited from WordPress that is working as intended.
Not a security vulnerability: the current state of this functionality could not lead to sites getting hacked.
It is a privacy issue and we can do better, but it doesn’t make sense to do an urgent new release for this. The change being proposed will only affect
new installations since we are changing a default.
It’s unfortunate that we would need to disable all avatars in order to make this possible, but I agree with this interim solution. I’d put this in 1.4.0.
I’d put this in 1.4.0.
Are you doing the PR or do you want me to do it?
EDIT: Sorry, I read that as “I’ll put this…”. I have now done the PR.
05:52AM - 21 Sep 21 UTC
Change a setting so that avatars are set to "off" by default.
The ideal outcome will be for Gravatars to be removed from the core. Statement ends.
Gravatar is an Automattic “service” that has the ability to track admin usage, and has no place in ClassicPress. It should have been surgically removed by Scott when developing the Sunrise Alpha.
Some may disagree but my view will not change.
Setting avatars not to show by default is a good move. But I don’t really understand the rest of this discussion. Surely all that needs to be done to avoid a call out to gravatars is to use the
pre_get_avatar filter. That’s what I do. It also has the effect of loading the local avatar much faster than using the
get_avatar filter because the former fires earlier.
This also has the advantage that those who want to use gravatar (which Jesse suggests some people do) can still do so.
There seems to be a patch ready at
https://github.com/ClassicPress/ClassicPress/pull/803, but it may be awaiting a test unit in https://github.com/ClassicPress/ClassicPress/pull/793 (concerning default comments settings).
What is the next step for this change?
(I’m not experienced with PHP Unit tests…)
PR 803 is ready to merge into develop once 1.4.0 is released pending the work on 1.5.0. Once 803 is merged we can take a look at 793 and extending tests there to ensure the setting is off be default but still running all of the current tests.
At the moment pretty much everything is waiting for 1.4.0 to be released.
Thanks so much for the update!
This petition has a pull-request and has been scheduled version 1.5.0. This will be marked completed and closed.
This topic was automatically closed after 3 days. New replies are no longer allowed.