31 Comments

  1. Marcus Tibesar
    · Reply

    Local baby. Amen!

    Report

  2. Miroslav Glavic
    · Reply

    One advantage of Gravatar versus local uploads………..One site I manage for someone………requires people to have an account to comment and participate.
    350,000-ish accounts.
    No login via facebook, twitter, google+, linkedin, etc…

    If each avatar of those accounts is 100kb………35GB. Just in 512×512 PNGs/JPGs.
    If you have 50kb…17.5GB.

    I am all for local and avoid third party connects (hi akismet, jetpack, google analytics)….but everything has PROs and CONs. local avatars have the above con.

    Report

  3. Ionut Calara
    · Reply

    I think a choice would be great. Now, its a lot harder to switch to local avatars than too remove Akismet. Giving users a choice is the fair thing to do here IMHO.

    Report

  4. Peter Müller
    · Reply

    In response to GDPR concerns with Gravatar there is a plugin called »Avatar Privacy« which shows a way how this could be handled:

    https://wordpress.org/plugins/avatar-privacy/

    Summary from the plugin page:
    – Self-uploaded avatars for users (and custom default images), hosted on your server.
    – Users and commenters explicitly opt-in before using gravatars.
    – Gravatar caching to ensure the privacy of your website visitors.
    – Don’t publish weakly encrypted e-mail addresses of comment authors.

    Report

  5. Matthias Pfefferle
    · Reply

    It does not have to be so local, that you have to upload your image to every site, there are some nice solutions like for example pavatar https://github.com/pavatar/pavatar (Check the given Commenters URL for a reference to an image and display that one, or cache it locally).

    Report

  6. René Hermenau
    · Reply

    Gravatar in Europe is more or less a dead horse due to the GDPR regulatories. I claim that most of the European sites disabled the gravatar connection due to this. So a locally hosted avatar service would be the way to go.

    Report

  7. Pedro Mendonça
    · Reply

    @Miroslav Glavic that would be easily customized, by filtering the allowed fields per user role, the same way you choose what every custom post type support.

    Report

    • Miroslav Glavić
      · Reply

      The loading of an Avatar, profile pic, Gravatar, whatever you want to call it is something basic. When your site has a crap load of users and a requirement is to have an Avatar, PP, Gravatar, etc…it screws up your site specially with 35GB that adds to the size of other files (specially when a site has been around for around 15+ years. Every GB matters. I can’t block the gravatars/avatars. If we were to switch to local…size does matter.

      Report

  8. Erik Geurts
    · Reply

    You wrote: “There are the obvious privacy concerns that some people have around uploading an image to the Gravatar service and creating an account with WordPress.com.”

    That’s quite a statement, yet without sources or supporting arguments. Could you elaborate?

    Report

    • M
      · Reply

      They could know, for example, which websites you visit and at what times.

      Report

    • Miroslav Glavić
      · Reply

      In theory…Gravatar can track websites you visit.

      Report

    • pepe
      · Reply

      In addition what people have already said, it can also lead to unwanted identity disclosure (MD5 can easily be brute-forced today, and the hash could link pseudonymous comments across sites, even when you don’t have a Gravatar account).

      Report

    • Otto
      · Reply

      @pepe: It’s a service designed to show a picture of yourself. Brute forcing it doesn’t make much sense, and if you want to be anonymous, you don’t ever use your real email. Privacy is not an actual valid concern with the service.

      Report

      • pepe
        · Reply

        I know you don’t care much about European notions of privacy, but yes, this is a valid concern as we promise never to disclose email addresses for comments and an MD5 hash does just that. (Comments can exist for a long time, so you might not even remember using a specific address.)

        Furthermore, you do not get a choice, even if you don’t use Gravatar, the MD5 hash is published by the current WordPress Core implementation. Caching or proxying (and using a better hash function for the public-facing site) can mitigate that issue, but Core currently does neither.

        Report

  9. Anh Tran
    · Reply

    I’d love to see this feature is merged into Core. While Gravatar is great, setting up a gravatar is not simple for normal users. If this feature is available in WordPress, we can avoid using a plugin for this and makes everything easier for users.

    Report

  10. kris
    · Reply

    10 years late, but better than never

    the idea was a good one but in real world. users like to have different profile pictures on different sites

    while gravatar might be popular on WPtavern. check how many users who should know how.. uploaded personal gravatars on bbpress or buddy press forums.. what hope there ever was for ordinary users??

    Report

  11. Modestina Paddock
    · Reply

    I just hope such feature doesn’t open the gate for hackers to find away to upload malicious files

    Report

  12. Peter Shaw
    · Reply

    This is plugin territory, putting it in core and removing gravatar would be a step backwards.

    Gravatar is an open standard standard that works for everyone. Most commenters/users are simply not going to bother uploading an avatar that is site specific.

    If you really need local avatars then there are plugins and/or buddypress

    And is you are concerned about privacy cache the avatars locally

    Local Avatars in WordPress? No, thanks

    Report

    • pepe
      · Reply

      Gravatar is a proprietary API with serious privacy issues that cannot be fixed without abandoning the current API (even mitigation means using local caching, which for pratical purposes, is the same as “local avatars”).

      Report

      • Peter Shaw
        · Reply

        Yes it is a proprietary solution and that makes me uncomfortable too.

        But local caching is NOT the same as local avatars. Local avatars require a user to upload on everyone site (which won’t happen). With local caching you are just copying gravatar (or Facebook or whoever) locally. So you actually get frictionless avatar without compromising privacy.

        The ideal solution is a non proprietary gravatar, with a better privacy algorithm. That would require Matt Mullenweg to donatw gravatar to wordpress.org though

        Report

  13. David Anderson
    · Reply

    https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/#7-plugins-may-not-track-users-without-their-consent

    There are too many places in WordPress core which don’t follow the same (very reasonable) guidelines as are imposed upon plugins. This erodes trust and should be fixed.

    Report

  14. Frank Mulder
    · Reply

    One of the weirdest features in WordPress: Gravatar. Maybe a revolution back then, but now it’s more a privacy concern. Random visitors don’t use it and even some editors ignore the option. So, yes please!

    Report

  15. Phil v. Sassen
    · Reply

    A bit off topic … We use WordPress as our intranet platform. Very often articles are published that are written and signed by the management. However, these are published by employees.

    Is there a way to display the name of the original author in the front end and at the same time display the person who added the article in the system in the back end?

    Report

  16. CM30
    · Reply

    Yeah, I’d definitely like to see local avatars added to the WordPress core at some point. Honestly, it’s always surprised me that they weren’t a thing given that pretty much every other piece of software with an account system has them, and it’s definitely something that’s more feature material than plugin material.

    Might also be worth making gravatars into a plugin instead, given how few people seem to actually make use of that feature in any real way.

    So yeah, happy to see it might be included soon enough.

    Report

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: