Improve Privacy #19
Comments
|
I had an initial thought: using a pre-shared secret for a common hashing algorithm ... but that would mean it will be listed on the it might just be a paid / pro feature: users sign up and add a secret for their apps, then they can use the service with their encrypted emails in the url ... |
|
From my research of unavatar, email is only supported at https://github.com/Kikobeats/unavatar/blob/master/src/providers/gravatar.js . So implementing md5 is not that hard. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To avoid expose emails into the URL, gravatar encode it using MD5.
Take a look at the provider/gravatar.
The service can do that because the user is previously registered at gravatar portal.
In the case of unavatar, the service aims to be stateless without previous register or login.
Let determinate if we can do something in order to improve user privacy.
For example, we can support provide the url encoded base64. That's a reversible encoding and of course it doesn't securize your data, but at least it prevents be crawler for simple text scan bots.
The text was updated successfully, but these errors were encountered: