Avatar Pri­va­cy

Avatars from Gra​vatar​.com are great, but they come with cer­tain pri­va­cy im­pli­ca­tions. You as site ad­min may al­ready know this, but your vis­i­tors and users prob­a­bly don’t. Avatar Pri­va­cy can help to im­prove the pri­va­cy sit­u­a­tion by mak­ing some sub­tle changes to the way avatars are dis­played on your site.

The plu­g­in works with­out chang­ing your theme files if you use a mod­ern theme, and it does sup­port (sim­ple) mul­ti­site in­stal­la­tions. It re­quires at least PHP 5.6 and Word­Press 4.6. For the plu­g­in to do any­thing for you, you need to vis­it the dis­cus­sion set­tings page in the Word­Press ad­min area and en­able Show Avatars. Please note that the plu­g­in does not pro­vide an op­tions page of its own, it rather adds to the ex­ist­ing Discussion set­tings page.

Fea­tures

The plugin’s fea­tures summed up:

  • Add lo­cal avatar caching to en­sure the pri­va­cy of your web­site vis­i­tors.
  • Let users and com­menters ex­plic­it­ly opt-​in be­fore us­ing gra­vatars.
  • Don’t pub­lish en­crypt­ed e-​mail ad­dress­es for peo­ple who are not mem­bers of Gra​vatar​.com.
  • Use de­fault avatar im­ages host­ed on your serv­er rather than Gra​vatar​.com.

If you are in­ter­est­ed in the top­ic, there’s al­so a more de­tailed dis­cus­sion on the Rea­sons for Us­ing Avatar Pri­va­cy.

In­stal­la­tion

Avatar Pri­va­cy can be in­stalled from the Word­Press plu­g­in repos­i­to­ry. If you’d like to di­rect­ly fol­low our on­go­ing de­vel­op­ment ef­forts, you can do so on GitHub (fea­ture re­quests and bug re­ports are al­so wel­come there).

Cred­its

Avatar Pri­va­cy is based on the orig­i­nal plu­g­in by Jo­hannes Freuden­dahl. The new re­lease al­so in­cludes work by sev­er­al oth­er peo­ple:

|

28 Comments

  • john wrote:

    I just up­dat­ed to the lat­est ver­sion and now I can’t see my site.

    ??????

    Respond to this

    • @John: I am sor­ry to hear that. I’ll need some more in­for­ma­tion about your site (PHP and WP ver­sions main­ly and any­thing that might be un­usu­al about it). Can you look if there’s any­thing in your PHP er­ror log? (If you’d like, we can take this to email. Just leave me a short note here and I’ll con­tact your.)

  • john wrote:

    Since the plu­g­in up­date all my word­press set­tings etc and the web­site just dis­play as white pages with no vis­i­ble con­tent. php 5.6

    Respond to this

    • OK, so it’s not the PHP ver­sion. Can you please look at the PHP er­ror log? There should be an er­ror mes­sage there that will tell me more on why the site crash­es.

  • john wrote:

    I can­nott ac­cess any­thing in word­press — set­tings, logs etc. all are just white pages.

    Respond to this

    • I don’t know about your spe­cif­ic host­ing plan, but nor­mal­ly, there is a way to low-​level con­fig­u­ra­tion files and er­ror mes­sages. One such file is the PHP er­ror log. (The path should be list­ed in your php.ini in the error_log di­rec­tive.)

      To de­ac­ti­vate a plu­g­in when the Word­Press back­end crash­es. you need shell or filesys­tem ac­cess to your (vir­tu­al) serv­er and re­name the plu­g­in fold­er. In this case, [path to wordpress]/wp-content/plugins/avatar-privacy/ needs to be delet­ed or re­named.

  • john wrote:

    Thanks! Re­named the plu­g­in fold­er and now every­thing is back to nor­mal. BUT, with no avatar pri­va­cy. hm­m­mm

    Respond to this

  • Tim Themann wrote:

    Hi, un­for­tu­nate­ly, the plu­g­in throws a SQL er­ror on ac­ti­va­tion:

    WordPress-​Datenbank-​Fehler You have an er­ror in your SQL syn­tax; check the man­u­al that cor­re­sponds to your MySQL serv­er ver­sion for the right syn­tax to use near ‘WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1’ at line 1 f\xc3\xbcr Abfrage SELECT meta_​key FROM WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1 von do_action(‘wp_ajax_delete-plugin’), WP_Hook->do_action, WP_Hook->apply_filters, wp_​ajax_​delete_​plugin, delete_​plugins, uninstall_​plugin, do_action(‘uninstall_avatar-privacy/avatar-privacy.php’), WP_Hook->do_action, WP_Hook->apply_filters, Avatar_Privacy\\Components\\Uninstallation::uninstall, Avatar_Privacy\\Components\\Uninstallation::delete_transients, Mundschenk\\Data_Storage\\Site_Transients->get_keys_from_database

    Respond to this

    • Is that a fa­tal er­ror on your site? I no­ticed it in the plug​in​tests​.com re­port. The site_meta ta­ble does not ex­ist on sin­gle­site in­stalls. The plu­g­in should still work, though (the called func­tion is on­ly for site tran­sients clean-​up).

      A fixed ver­sion will be re­leased lat­er tonight.

    • Tim Themann wrote:

      Cor­rect, I´m sor­ry. That one was from unin­stal­la­tion. On ac­ti­va­tion, it throws

      CUT
      WordPress-​Datenbank-​Fehler You have an er­ror in your SQL syn­tax; check the man­u­al that cor­re­sponds to your MySQL serv­er ver­sion for the right syn­tax to use near ‘WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1’ at line 1 f\xc3\xbcr Abfrage SELECT meta_​key FROM WHERE meta_​key like ‘_​site_​transient_​avatar_​privacy_​%’ and site_​id = 1 von activate_​plugin, include_once(‘/plugins/avatar-privacy/avatar-privacy.php’), run_​avatar_​privacy, Dice\\Dice->create, Dice\\Dice->Dice\\{closure}, Dice\\Dice->Dice\\{closure}, Dice\\Dice->create, Dice\\Dice->Dice\\{closure}, Dice\\Dice->Dice\\{closure}, Dice\\Dice->create, Dice\\Dice->Dice\\{closure}, ReflectionMethod->invokeArgs, Avatar_Privacy\\Data_Storage\\Site_Transients->__construct, Mundschenk\\Data_Storage\\Transients->__construct, Mundschenk\\Data_Storage\\Abstract_Cache->__construct, Mundschenk\\Data_Storage\\Transients->invalidate, Mundschenk\\Data_Storage\\Site_Transients->get_keys_from_database
       — CUT

    • That’s fixed in 1.0.1. The er­ror should not have had any ill ef­fect, though, ex­cept for not clean­ing up site tran­sients prop­er­ly on unin­stall.

    • Tim Themann wrote:

      On­ly once and not re­pro­ducible (un­for­tu­nate­ly I can not pin­point that one) it threw

      CUT
      WordPress-​Datenbank-​Fehler Du­pli­cate col­umn name ‘time’ f\xc3\xbcr Abfrage ALTER TABLE ‘wp_​gravatars‘ ADD ‘time‘ int von activate_​plugin, do_action(‘activate_fv-gravatar-cache/fv-gravatar-cache.php’), WP_Hook->do_action, WP_Hook->apply_filters, fv_​gravatar_​cache_​activation
       — CUT

      It is non-​fatal and func­tion­al­i­ty does not seem to be af­fect­ed. If this is “nor­mal” for non-​multisite in­stal­la­tions, I´d sim­ply count it as a cos­met­ic is­sue ;-).

      By the way: This is is pret­ty much what a lot of peo­ple might be look­ing for at the mo­ment! Thanks a lot!

  • Tim Themann wrote:

    Oh. Cor­rect. I re­placed the FV Gra­vatar Cache plu­g­in, there­fore the er­ror that plu­g­in threw dur­ing de­ac­ti­va­tion went right be­tween the oth­er ones in the log. Sor­ry for the con­fu­sion.

    Respond to this

  • Frank Kunert wrote:

    Thank you very much for this very use­ful plu­g­in. If I dis­able or delete the plu­g­in and pre­vi­ous­ly se­lect­ed Sil­hou­ette as the de­fault avatar, no de­fault avatar will be dis­played and cre­at­ing an http sta­tus 400 when ac­cess­ing i0​.wp​.com. Sug­ges­tion: Change Sil­hou­ette to “Mys­te­ri­ous Per­son” at de­ac­ti­va­tion.

    Respond to this

  • vilmoskörte wrote:

    It does not work for me: The gra­vatar im­age is saved in wp-​content/​uploads/​avatar-​privacy/​cache, and if a add a new com­ment the check­box at the text “Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.” is checked, how­ev­er, there is no gra­vatar im­age dis­played along with the com­ment. Al­so, the ta­ble wp_​avatar_​privacy in the SQL data­base has no rows.

    Lat­est Word­Press, PHP 7.1.18

    Respond to this

    • Are you per­haps us­ing a mail ad­dress for an anony­mous com­ment that is used by a reg­is­tered user on your site? In that case, the val­ue is not saved to pre­vent avatar dis­clo­sure by fraud­u­lent com­ments.

  • vilmoskörte wrote:

    Ich habe noch ein weit­eres Prob­lem: Aus guten Grün­den musste ich in Word­Press die Vari­ablen Home-​URL und Website-​URL auf den Pun­y­code https://​xn​-​-vil​moskrte​-kcb​.de statt http://vilmoskörte.de set­zen:

    Home-​URL https://​xn​-​-vil​moskrte​-kcb​.de
    Website-​URL https://​xn​-​-vil​moskrte​-kcb​.de

    Seit­dem bleibt die Check­box “Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.” im­mer aus­geschal­tet, auch wenn ich sie beim let­zten Kom­men­tieren eingeschal­tet hat­te. Gle­ich­wohl ist das Cook­ie comment_​use_​gravatar_​a1b16743124519a8fc9b7ade2eac1c0a für die Web­site xn​-​-vil​moskrte​-kcb​.de auf 1 geset­zt. (Und wird auf 0 geset­zt, wenn ich einen Kom­men­tar ohne Häkchen an der Check­box sende).

    Respond to this

  • vilmoskörte wrote:

    Eine An­re­gung: Ich fände es gut, wenn mit dem Text zur Check­box unter dem Kom­men­tar (“Ein Gravatar-​Bild neben meinen Kom­mentaren anzeigen.”) eine Er­läuterung aus­gegeben würde, aus der her­vorge­ht, dass die Ein­bindung der Pro­fil­bilder ohne Über­mit­tlung per­so­n­en­be­zo­gen­er Dat­en er­fol­gt, ggf. mit einem op­tionalen, in den Ein­stel­lun­gen zu set­zen­den Link auf einen er­läutern­den Text.

    Grund: Ich habe das zwar in mein­er Cookie-​Policy er­läutert, aber wer li­est die schon. Und in­zwis­chen haben die Leute mit­gekom­men, das Gra­vatar “böse” sein kön­nte und set­zen aus Furcht keinen Hak­en.

    Respond to this

Mentions

  • DSGVO für Blogger: mein neues Setup - Ein Ostwestfale im Rheinland

Leave a Reply

By posting a comment you consent that we store the submitted information as well as your anonymized IP address on our servers, under the terms of our data protection policy. Your email is never shared with anyone else.

Required fields are marked *.