Gravatar is a widely used web service for attaching faces or other avatars to email addresses. It is useful for humanizing web interfaces without having to develop an avatar upload system and without sending users through the hassle of uploading (and keeping up to date) an image for yet another system.
The simple way to use Gravatar is to take the user's email address, hash it, prefix it with Gravatar's URL, add a query parameter for size, and use that as an image URL. That presents two privacy problems: 1) the reader's browser will connect to Gravatar, thus giving IP and similar personal information to a third party; 2) the email address can be deciphered from the URL. The second issue is often irrelevant because the email address is public anyway; this task is about dealing with the first one.
The obvious solution is to set up a proxy under our control, so Gravatar only sees the proxy's IP; and probably add some sort of caching (for better performance, and to avoid putting too much burden on a third-party service). Bonus points if it can also support FLOSS or self-hosted alternatives to Gravatar (such as Libravatar).
Use cases include:
- OTRS 6: T187984#6465324
- T256541: Fix the problem with gravatar and mailman3
- T191183: Enable avatars in gerrit
- GitLab, if we end up migrating there from Gerrit