unavatar icon indicating copy to clipboard operation
unavatar copied to clipboard
verified publisher icon microlinkhq

Improve Privacy

Open Kikobeats opened this issue 7 years ago • 3 comments

To avoid expose emails into the URL, gravatar encode it using MD5.

Take a look at the provider/gravatar.

The service can do that because the user is previously registered at gravatar portal.

In the case of unavatar, the service aims to be stateless without previous register or login.

Let determinate if we can do something in order to improve user privacy.

For example, we can support provide the url encoded base64. That's a reversible encoding and of course it doesn't securize your data, but at least it prevents be crawler for simple text scan bots.

Kikobeats avatar Nov 05 '18 10:11 Kikobeats

I had an initial thought: using a pre-shared secret for a common hashing algorithm ...

but that would mean it will be listed on the README and thus reversible ... so maybe not really private after all ...

it might just be a paid / pro feature: users sign up and add a secret for their apps, then they can use the service with their encrypted emails in the url ...

ahmadnassri avatar Nov 05 '18 10:11 ahmadnassri

From my research of unavatar, email is only supported at https://github.com/Kikobeats/unavatar/blob/master/src/providers/gravatar.js . So implementing md5 is not that hard.

saaiful avatar May 22 '21 06:05 saaiful