Lars Magne Ingebrigtsen writes: > Julien Danjou writes: > >> Welcome to 2010! Now we got Gravatar[1], used all around the Interweb. >> It's like Face headers… but with more people. > > Gravatar is nice, and the code looks good, but I'm not quite sure > whether adding functionality that relies on outside services is good. I > mean, we've done this in the past now and then... and it's mostly > turned out to not be good. > > So I'm not sure. What do all y'all think? There is a serious privacy issue lurking, which lets gravatar.com perform traffic analysis. It is totally unreasonable to have any code enabled by default that queries external servers based on received mail. Also, there's a philosophical question about free software support for proprietary services. If there's a standard protocol and multiple implementations, that seems fine. But it seems really like this could have been: X-Face-URL: http://www.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50 if it's intended that requests be made about every email address, that seems even more invasive.