I pursed my lips a bit when I read this about Gravatar:
I’m a lawyer specialising in internet and privacy issues at a Fortune 100 company and I personally think that Gravatar is easily the worst service available in terms of your data security and privacy. I generally don’t comment on any blogs that are Gravatar-enabled (this being an exception), for the following reasons:
- The entire reason Gravatar offers their service is to collect internet usage data across multiple sites. It is not offered free out of the goodness of their heart. The entire purpose of the service is to analyse the way YOU navigate the internet.
- Gravatar has clear plans to monetise this data. Whether they are successful or not is another story.
- It is unlikely that Gravatar would ever disclose individual user’s personal information, but it is not impossible. The Chinese government has often requested to these kind of information aggregators to disclose data for the prosecution of political dissidents – and very often these requests are met resulting in bloggers being jailed (see Yahoo!’s experiences in China). For example, if I leave a number of comments promoting democracy criticising the PRC government on various blogs, it is entirely possible that the Chinese government could use legal authority to request the holder of information to disclose that to them. By retaining this information and preventing you from stoppping it’s collection, Gravatar is putting both bloggers and commenters at risk. This is not just in China. The Patriot Act and many other new pieces of post-9/11 legislation in Western countries convey similar powers to government.
- The most egregious part of Gravatar’s service is the inability to stop them from collecting your data. I have in the past tried to cancel a Gravatar registration. Gravatar does not allow this and will continue to track your e-mail address for the rest of time.
- Gravatar does not provide any details about how they use your personal information and does not respond to any queries relating to privacy issues.
- I do not believe Gravatar is an opt-in service. Obviously they will not display an avator unless you register, but if a blog is Gravatar-enabled, every time you comment on it, your e-mail address is sent to Gravatar. Even if they do not retain this address (and it is quite possible that they do – their Privacy Policy is silent on this point and they have not responded to any of my enquiries on this point), it is VERY likely that your internet usage is still tracked in an anonymous fashion. That is, if I use the same e-mail address to comment on 5 different blogs, even if I am not a registered Gravatar user the fact that a user has accessed those 5 blogs is very likely retained by Gravatar.
Much is made of facebook and Google Chrome’s use of personal information, but Gravatar is far and away the worst popular internet service I have encountered in terms of user (and non-user) personal information.
As a lawyer, I strongly urge all blog authors and users who are concerned about their privacy to avoid Gravatar.
Deep down-I’m not sure I think it is that big a deal. Every one should be aware that whenever they type anything anywhere it is going to some recording event. The bigger concern is how the downloading of a bunch of images every time slows down your page load.
Plus, I’ve tried to upgrade my comments twice-with lousy results. But I am going to keep trying.