Is Gravatar exposing your email address?

Do you use Gravatar to display a custom image next to your comments on various blogs? Or do you have a blog at If so, Gravatar has your email address, and it might be easy for a hacker to figure out what that address is.

Wordfence explains the problem, and why it matters.

For example: A user may be comfortable having their full name and profile photo appear on a website about skiing. But they may not want their name or identity exposed to the public on a website specializing in a medical condition. Someone researching this individual could extract their Gravatar hash from the skiing website along with their full name. They could then Google the hash and determine that the individual suffers from a medical condition they wanted to keep private. [continue]

Monster icons in the comments

(See update at the end of this post.)

A while back I mentioned that supports gravatars: if you’ve created a gravatar image, it will magically appear next to your name when you post a comment here, or on any other gravatar-enabled blog. That’s why there’s a flower beside every comment I post: that’s my gravatar. (For now, anyway. I’ll probably change my gravatar one of these days.)

So what happens if you post a comment and you don’t have a gravatar? Until now, a mystery man image has been representing you.

Well. That’s awfully boring, so now we’re using monsters instead. If you don’t have a gravatar, a monster image will be auto-generated for you, based on your email address. That way you all ought to have monsters of your own. Want to see your monster? Post a comment here, and your monster will show up.

If you like your monster, you’re set. If you don’t like your monster, go create a gravatar, and then your gravatar will replace your monster.

Isn’t technology wonderful?

Update, June 2015: no longer uses gravatars. Or monsters, for that matter. The monsters may return one day, but I’m less keen on gravatars. I don’t like some of the things that does in terms of user privacy, that’s why. now supports gravatars

What’s a gravatar? The Gravatar website explains:

A gravatar, or globally recognized avatar, is quite simply an avatar image that follows you from weblog to weblog appearing beside your name when you comment on gravatar enabled sites.

If you want a gravatar, you sign up at Then you select the image you wish to use as your gravatar, and you’re done. (It’s free.)

Once you have a gravatar, the gravatar image you selected will show up beside your name when you post comments on weblogs — so long as you post using the same email address you used when you signed up for your gravatar.

Here are a couple of recent comment threads: