It is an age-old question. OK, well, it’s really a 10-year-old feature request, but that is age-old in software development years. Should WordPress have a local avatar system?
Let’s be honest. Most of us have kind of gritted our teeth and quietly — and sometimes not so quietly — lived with the Automattic-owned properties that are integrated directly with the core WordPress software. At least Akismet is a plugin and somewhat detached from the platform. But, avatars, a feature courtesy of Automattic’s Gravatar service, is baked deep into the platform. Users must disable avatars completely or opt into another plugin to distance themselves from it.
There are the obvious privacy concerns that some people have around uploading an image to the Gravatar service and creating an account with WordPress.com. Even aside from such concerns, regardless of whether they are warranted, new users who are unfamiliar with local avatar plugins are essentially guided to create an account with a third-party service to have one of the most basic features expected from a CMS.
Not all WordPress installs have access to Gravatar, such as within companies that use intranets. Some countries have the power to effectively block access to the service, as shown by the move China made in 2013 to block WordPress.com and Gravatar, leaving users to seek out alternatives.
The itch that many want to scratch is to simply remove Automattic-connected services from the core software. Gravatar’s inclusion in WordPress has hampered any chance of competing services gaining a foothold. To be fair, at the time of Gravatar’s initial inclusion in WordPress, there were few good options. It made sense to leverage a working solution that would get an avatar system rolling. And the notion of a globally-recognized avatar is noble — one service to control your avatar across the web. However, having that service under the control of a for-profit U.S. company will always be an issue that could potentially hold it back from being the service that the web truly needs. It will certainly always be a contentious issue in the WordPress community. Even those of us who love the software and services that Automattic offers can see the problem.
WordPress should be agnostic about what services it includes out of the box. Gravatar should be a separate plugin, even if it is bundled with core a la Akismet. Local avatars is not an insurmountable feature, and it might just be time to make the change.
While possible to build into core, it is not a simple matter of plugging in an image upload form on the user profile screen. The feature carries its own privacy concerns too. For example, uploading images currently requires certain permissions that would also provide the user with access to the entire media library. There is the question of how to deal with registered vs. non-registered users in such a system along with several other hurdles.
Recent chatter in the 10-year-old ticket and the #core-privacy and #core-media Slack channels have reignited the idea of local avatars. There is also an early spreadsheet on local avatar requirements and research.
Much of this discussion is amidst the backdrop of the WP Consent API proposal, which seeks to create a standardized method for core, plugins, and themes to obtain consent from users. Presumably, Gravatar usage would tie into this API somehow.
Matt Mullenweg, the co-founder of WordPress and CEO of Automattic, seems open to the discussion. “It’s exciting to see this older ticket picking up so much steam,” he said on the Trac ticket. However, he further pushed for a separate featured plugin that focused on broader privacy concerns.
In many ways, local avatars feel like the early days of the web in which users had to upload a custom avatar to every single website they joined. At times, it could be tedious. Gravatar solved this issue by creating a single service for people to bring their avatars along their journey across the net. However, we have seemingly come full circle in the last few years. With the passage of the European GDPR and other jurisdictions beginning to follow suit with similar privacy laws, it easy to see why there is renewed discussion around Gravatar in core.
We should have local avatars because it is the right thing to do. Provide a basic avatar upload system on the user profile screen. Beyond that, let users choose what they want by installing their preferred plugin without guiding them toward one particular service over another.
If nothing else, I’m excited about a wider discussion around local avatars in WordPress and welcome the possibility of such a featured explored via an officially-sanctioned plugin.