Privacy-First Gravatar Replacement, Pixel Avatars Module Released for the Toolbelt WordPress Plugin

Decorative image of pixel avatars set in multiple columns and rows.

Ben Gillbanks decided to put an old idea into motion. After the discussion over Gravatar privacy concerns and local avatars in WordPress reignited a couple of weeks ago, he went to work building Pixel Avatars, a generated avatar solution that requires no connection to a third-party service.

Gravatar solves a huge problem. It creates a global avatar so that users need to upload an image to only one site and carry it around the web with them. To use the service, sites must pass email addresses back to Automattic-owned Gravatar.com, such as when a visitor leaves a comment. The typical local avatar solution suffers because it forces users to sign up and upload an image for that specific site. Neither option is ideal for every site owner. And, both options tend to add heavily to the page load speed, depending on the number of avatars loaded.

That is where Pixel Avatars come into play. The script has all the privacy benefits of local avatars while maintaining a light footprint.

“Initially, I just liked the idea of making dynamic images that can follow you around the internet,” said Gillbanks. “I hadn’t even considered the privacy implications of using Gravatar — although in hindsight they are obvious.”

He is launching Pixel Avatars as a module in Toolbelt, a WordPress plugin that he launched in 2019. The plugin is a privacy-focused alternative to Jetpack, another project of Automattic that relies on connecting to a third-party server.

“The last few years have made a lot of people more aware of privacy online and so I want everything I build to have privacy as a priority,” he said.

Gillbanks had not put much thought into the Gravatar vs. local avatar discussion until the WP Tavern coverage of it. It is nice to see that we are least in part responsible for some innovative ideas.

“It is accepted that using Gravatar is how you add avatars to WordPress sites,” he said. “However, Gravatar is owned by Automattic and it has the potential for them to generate a lot of data about what sites people view (comment on), and how popular websites are. I have no reason to be suspicious here. I doubt it’s being used in this way, but the potential is there and we’d have no way of knowing if it was being used for data collection.”

He further explained that he believes Gravatar would be better as an optional plugin. “Even a bundled plugin would be better than having it on by default,” he said. “In my opinion, the default should be local avatars with a fallback similar to what I have made for non-registered users (or just a blank image). I’ve offered my code to the core privacy team — my plugin is GPL and the code is on Github, so they are welcome to use it if they wish.”

How the Pixel Avatars Feature Works

Pixel Avatars are completely local to the site. Using 5kb of JavaScript, which is smaller than a single avatar image on average, the code generates a pixelated avatar. For each user, the plugin creates a hash string using their email address. This method also ensures that the avatar is consistent regardless of what site it is used own.

One of the reasons this is much faster than traditional avatar systems is that the avatars are generated. They are not images that must be loaded, which can be especially problematic when loading a blog post with 100s of comments, each with its own avatar.

“If you use external or local avatars then you will still need to load additional image files and no matter how good your content delivery system (server, CDN, third-party avatar service, etc.), this will mean more data transfer, so a slower page load than my Javascript system,” said Gillbanks.

From a technical perspective, the script is relatively simple. It short-circuits the core WordPress get_avatar() function and returns an HTML canvas element with a unique data property containing the hash of the user’s email address. Once the page is loaded, the JavaScript code generates a unique image for each of the canvases.

“Since I am filtering a core function, this will work everywhere that function is used,” said Gillbanks. “Comments in the admin, the little avatar in the admin bar, and any other pages or blocks that make use of the get_avatar() function. It’s not just for comments.”

Some site owners may want to use Toolbelt to handle guest commenter’s avatars while serving a local avatar for logged-in users. This system could be the best of both worlds — local avatars for those who have them and not sending any data from site visitors to a third-party site. Gillbanks has tested against 10up’s Simple Local Avatars plugin, but it should work with other local avatar plugins.

11 responses to “Privacy-First Gravatar Replacement, Pixel Avatars Module Released for the Toolbelt WordPress Plugin”

  1. Great idea for a plugin, but I think the WordPress core should be amended in any case.
    I hope the whole gravatar privacy situation gets fixed in core, it’s 2020.

    • Thanks – and I totally agree. Gravatars fill a need, but local avatars is such an obvious feature. I hope it gets added/ changed as well.

  2. all very good BUT,.

    I would rather see built in the core option that would let users upload their own picture as avatar..

    the user profile has all these fields:
    Name
    Username Usernames cannot be changed.
    Role
    First Name
    Last Name
    Nickname (required)
    Display name publicly as
    Contact Info

    Email (required)
    Website

    it’s all good, we have a toolbar at the top, where users can access their profile
    And yet, NO chance to upload the image natively without a plugin.. :((((

    • Yes to this – unfortunately I can’t change core, but I can make a plugin. Hopefully local avatars will be added at some stage.

    • Hello Matt, is there any chance that WP will have an update to remove any code related to Gravatar from the base code?

  3. If privacy is a concern with gravatars, why not ask Automattic to add to their privacy policy? The Automattic privacy policy applies generally to a number of their sites and services, but it would be possible to exclude Gravatar data from advertising and tracking (if that is the concern).

    • Adding something to the privacy policy doesn’t remove privacy concerns. It just makes what they are doing with the data clearer. Whatever the privacy policy says you’ll still be giving data to a third party, and some people don’t want to do that.

      Plus – what’s wrong with having more choices? You don’t have to use this. And if Gravatar does get removed from core (which I can’t see happening), I’m sure there will be a plugin to add it back pretty quickly.

  4. The current Gravatar implementation is painful from a UX and privacy situation. The worst thing is that it even smells a little bit fishy.

    Let me explain why:

    Today I had to change our organization email address in our account on wordpress.org.

    Due to that, our avatar image was gone. It’s obvious why; I changed the mail address, so gravatar lost the connection. Not a big deal, I trust Automattic and have no issues with adding our new mail address to wordpress.com. (Another user might not think same as I do but this is another topic)

    Here comes what smells: When you go to gravatar.com for the sake of adding a new avatar image, you are required to go through the normal wordpress.com registration process. That process does not differentiate between me as an experienced developer who only wants to add an avatar to his wordpress.org account and a user who wants to use the wordpress.com service for creating a hosted blog or something else.

    So, I’ve created the new wordpress.com account, and WordPress immediately added me into the sales/registration funnel for adding a new domain and a hosted wordpress.com website.

    I got a marketing mail instantly in my inbox that I am ” a few steps closer to creating a great website.”

    Please, I didn’t want this. I didn’t want to use any of the wordpress.com hosted services, and I was not particularly eager to get any marketing emails from you when I did not explicitly give you my consent.

    I only wanted to create an avatar image for my public wordpress.org account, where I am very active every day. I did not expect wordpress.com was trying to pull me into their hosted ecosystem that aggressively.

    After checking account privacy settings, it turned out that the system automatically activated my account to share my information with the wordpress.com analytics tool. https://monosnap.com/file/rLV9jaKQnTiQIKvS5lXmsqYsPwjabj?idx=0&total=65

    It opted me in instantly after registration, and I had to unsubscribe from it manually —the same as with the marketing emails.

    I don’t think this is the correct way how you do it, and I’d appreciate it if you take the user’s privacy more seriously.

    Frankly, I am more than a little bit surprised or better say disappointed how Automattic handles this, especially as we as small plugin developers have to take care a lot not to break any rules.

    Jeff wrote an interesting article in 2016 about a similar bad experience he had with the gravatar service. It did not touch much the privacy issues, but it’s still up to date: https://wptavern.com/managing-gravatars-in-wordpress-is-a-jarring-user-experience

    Please give us users the option to upload a local avatar, especially on wordpress.org.

    Thank you🙏

    • Agreed completely. After using Gravatar for years, this WordPress integration is a usability nightmare. I’m switching away from Gravatar for all my projects. Currently evaluating Libravatar.

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: