Bookmark
Gravatars: why publishing your email's hash is not a good idea
www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea, posted 2009 by peter in email hack privacy security spam
The guys at gravatar.com offer a nice service: for website owners, they let you automatically associate an avatar to your users, through the user's email address. The users who register to gravatars.com are able to change their gravatar and the change will be visible on all gravatar-enabled websites where they registered with the same email.
...
There is a piece of information which must be made public, though. It's this 32 char string which serves as a token for your web browser to retrieve the right image. How much information are we leaking to the bad people inhabiting the internet? Can that key be used to retrieve our email?