Views from Phanfare CEO and Co-founder Andrew Erlichson
« Phanfare Photon 2.1: search your Phanfare collection
Internet TV »

Link Privacy – The Principle of least surprise

I commented on a blog that had issues with our privacy policy. I was surprised when I posted the comment that my face showed up next to the comment. No big deal. But since the blog is in the scott jones domain, I wondered how it had access to any photo of me.

I did a little sleuthing and noticed my profile picture came from Gravatar. Never heard of them? Neither had I. Reading the privacy policy, it is clear that Gravatar is run by Automattic, the people who brought us Wordpress.com.

I use wordpress.com because we maintain a Phanfare Health Status blog there. It needs to be independent of Phanfare so it can reliably work even if Phanfare is down.

I was surprised to see that Wordpress was sharing my avatar photo with a third party blog. I went into the wordpress settings and I see that they do make some reference to Gravatar. Nevertheless, I think that this use by Wordpress violates good practice.

When you sign up for a Wordpress blog and set it up to completely hide the Wordpress brand, you certainly don’t expect Wordpress to share this information with other blogs.

I know why Wordpress is doing this. They are doing it because they want to compete with sites like Disqus, a startup in the business of tying together the conversation going on across blogs, tying back comments to their authors across blogs.

But with Disqus, which I use in this blog, it is completely obvious that I am carrying my identity with me across blogs. I have to login to disqus on at least one of the blogs, and the disqus logo appears across the network of blogs.

I find what Wordpress is doing to be a bit sneaky and I think they can and should do better.

This entry was posted on Wednesday, May 27th, 2009 at 5:17 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or trackback from your own site.

Viewing 3 Comments

    • ^
    • v
    This isn't sneaky at all. You obviously setup a photo at some point. So instead of blaming Gravatar or WordPress for being "sneaky" as you say look at your own ignorance. Or perhaps you didn't have anything to post about so you made this idiotic post.
    • ^
    • v
    Of course I submitted the photo to wordpress at wordpress.com. That is not an issue. Privacy issues are always about the way the receiver uses the information you give to them. What is your point?

    I never signed up at gravatar, and it was certainly not clear that signing me up for one service opted me in to the other. I created a blog on wordpress and now wordpress is giving up my identity without notice to millions of wordpress blogs. This is privacy 101.

    You need to look at how this works. When I go to any blog that is hosted by wordpress, even when that blog is a completely separate domain, and I post a comment, even if I deliberately use a false email address and name, then my photo will appear.

    They do this by placing a link to gravatar.com or wordpress into the blog and because I have logged into wordpress from that browser, it passes my cookie to wordpress and they give up my identity.

    It would not be difficult for wordpress to fix this. In the comment field. It just needs to say

    "Wordpress Blog: You are logged in as Andrew Erlichson" Logout.

    In fact, given that Wordpress knew who I was on the page and planned to give my identity up, why did the even make me type an email address and name to post the comment?

    Disqus does this right. Right now, I am t yping a comment into this blog and I see my photo and a note that says "logged in as erlichson" and a link that says "Logout from DISQUS"
    • ^
    • v
    i think a lot of people are going to accidentally post comments they intended to be anonymous that turn out not to be -- not a photo problem but just a username showing up problem
 

Trackbacks

(Trackback URL)

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus

    Back to Phanfare blog home »

© 2007-8 Phanfare, Inc.