Gravatar (a

portmanteau A portmanteau word, or portmanteau (, ) is a blend of wordsavatar Avatar (, ; ), is a concept within Hinduism that in Sanskrit literally means "descent". It signifies the material appearance or incarnation of a powerful deity, goddess or spirit on Earth. The relative verb to "alight, to make one's appearanc ...

s and was created by

Tom Preston-Werner Thomas Preston-Werner (born May 27, 1979) is an American billionaire software developer and entrepreneur. He is an active contributor within the free and open-source software community, most prominently in the San Francisco Bay Area, where he l ...

. Since 2007, it has been owned by

Automattic Automattic Inc. is an American global distributed company which was founded in August 2005 and is most notable for WordPress.com (a freemium blogging service), as well as its contributions to WordPress (an open source blogging software). The co ...

, having integrated it into their

WordPress.com WordPress.com is a platform for self-publishing that is popular for blogging and other works. It is owned and operated by Automattic, Inc. It is run on a modified version of WordPress software. This website provides free blog hosting for regis ...

blogging platform.

Designs

On Gravatar, users can register an account based on their email address, and upload a digital avatar to be associated with the account. Gravatar plugins are available for popular

blogging software A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

; when the user posts a comment on such a

blog A blog (a truncation of "weblog") is a discussion or informational website published on the World Wide Web consisting of discrete, often informal diary-style text entries (posts). Posts are typically displayed in reverse chronological order ...

that requires an

email address An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineer ...

, the blogging software checks whether that email address has an associated avatar at Gravatar. If so, the Gravatar is shown along with the comment. Gravatar support is provided natively in

WordPress WordPress (WP or WordPress.org) is a free and open-source content management system (CMS) written in hypertext preprocessor language and paired with a MySQL or MariaDB database with supported HTTPS. Features include a plugin architecture ...

as of v2.5 and in web based

project management Project management is the process of leading the work of a team to achieve all project goals within the given constraints. This information is usually described in project documentation, created at the beginning of the development process. Th ...

application

Redmine Redmine is a free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects and associated subprojects. It features per project wikis and forums, time tracking, and flexible, role-based acc ...

beginning with version 0.8. Support for Gravatar is also provided via third-party modules for web

content management system A content management system (CMS) is computer software used to manage the creation and modification of digital content (content management).''Managing Enterprise Content: A Unified Content Strategy''. Ann Rockley, Pamela Kostur, Steve Manning. New ...

s such as

Drupal Drupal () is a free and open-source web content management system (CMS) written in PHP and distributed under the GNU General Public License. Drupal provides an open-source back-end framework for at least 14% of the top 10,000 websites worldwide ...

and

MODX MODX (originally MODx) is an open source content management system and web application framework for publishing content on the World Wide Web and intranets. MODX is licensed under the GPL, is written in the PHP programming language, and suppo ...

. A Gravatar image can be up to 2048

pixel In digital imaging, a pixel (abbreviated px), pel, or picture element is the smallest addressable element in a raster image, or the smallest point in an all points addressable display device. In most digital display devices, pixels are the smal ...

s wide, is always square and is displayed at 80 by 80 pixels by default. If the uploaded avatar is larger or smaller, the avatar is scaled appropriately. Each Gravatar is rated with an

MPAA The Motion Picture Association (MPA) is an American trade association representing the five major film studios of the United States, as well as the video streaming service Netflix. Founded in 1922 as the Motion Picture Producers and Distribu ...

-style age recommendation, allowing

webmaster A webmaster is a person responsible for maintaining one or more websites. The title may refer to web architects, web developers, site authors, website administrators, website owners, website coordinators, or website publishers. The duties of ...

s to control the content of the Gravatars displayed on their

website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google Search, Google, Facebook, Amaz ...

. Webmasters can also configure their system to automatically display an Identicon when a user has no registered Gravatar.

Security concerns and data breaches

Gravatars are loaded from the Gravatar

web server A web server is computer software and underlying hardware that accepts requests via HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiate ...

, using a URL containing an MD5 hash of the associated email address. This method has, however, been shown to be vulnerable to

dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands o ...

s and

rainbow table A rainbow table is an efficient way to store data that has been computed in advance to facilitate cracking passwords. To protect stored passwords from compromise in case of a data breach, organizations avoid storing them directly, instead transfo ...

approaches. In 2009, it was demonstrated that over 10% of the email addresses of a set of forum users could be determined from the Gravatar URLs combined with the forum user names. Subsequently, in 2013, security researcher Dominique Bongard presented that he was able to determine 45% of the email addresses used to post comments on a well-known French political forum by using Gravatar URLs and the open source Hashcat password cracking tool. Given that Hashcat uses

graphics processing units A graphics processing unit (GPU) is a specialized electronic circuit designed to manipulate and alter memory to accelerate the creation of images in a frame buffer intended for output to a display device. GPUs are used in embedded systems, mob ...

to achieve high-efficiencies at cracking hashes, it has been proposed that as GPU technology and performance continues to improve, that Gravatar hashes will only become easier to crack over time as a result. This is in addition to the fact that the MD5 hashing algorithm itself is severely compromised and unfit for cryptographic applications; the

CMU Software Engineering Institute The Software Engineering Institute (SEI) is an American research and development center headquartered in Pittsburgh, Pennsylvania. Its activities cover cybersecurity, software assurance, software engineering and acquisition, and component capabil ...

has recommended against its use in any capacity since the end of 2008. In October 2020, a technique for scraping large volumes of data from Gravatar was exposed by Carlo di Dato, a security researcher, after being ignored by Gravatar when he raised his concerns with them. 167 million names, usernames and MD5 hashes of email addresses used to reference users' avatars were subsequently scraped and distributed within the hacking community. 114 million of the MD5 hashes were cracked and distributed alongside the source hash, thus disclosing the original email address and accompanying data, with email account holders able to check whether their addresses have been leaked using Have I Been Pwned.

Metadata

A user's profile data is available in a number of metadata standards, including

hCard hCard is a microformat for publishing the contact details (which might be no more than the name) of people, companies, organizations, and places, in HTML, Atom, RSS, or arbitrary XML. The hCard microformat does this using a 1:1 representation o ...

JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other ser ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable ...

PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group ...

, and

vCard vCard, also known as VCF (Virtual Contact File), is a file format standard for electronic business cards. vCards can be attached to e-mail messages, sent via Multimedia Messaging Service (MMS), on the World Wide Web, instant messaging, NFC or ...

as well as via

QR code A QR code (an initialism for quick response code) is a type of matrix barcode (or two-dimensional barcode) invented in 1994 by the Japanese company Denso Wave. A barcode is a machine-readable optical label that can contain information about th ...

s. The raw data formats (JSON, XML, and PHP) use the

Portable Contacts Portable Contacts was an open protocol for developers to make it easier for developers to give their users a secure way to access the address books and friends lists they have built up all over the web. The goal of the project was to increase data ...

standard.

History

For some time, the Gravatar service remained unmaintained. The maker became busy with working on a new version of the service, as Gravatar's popularity grew and more

bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...

was required. On 16 February 2007, "Gravatar 2.0" was launched. Besides an improved server script, users also noticed other improvements, such as being able to crop and use an image already hosted on the

web Web most often refers to: * Spider web, a silken structure created by the animal * World Wide Web or the Web, an Internet-based hypertext system Web, WEB, or the Web may also refer to: Computing * WEB, a literate programming system created by ...

. Support for two gravatars per account was added, between which the user can easily switch. "Gravatar Premium" was also launched, allowing unlimited email addresses and Gravatars per account. On 11 June 2007,

announced that 32,000 new users had signed up since the launch of Gravatar 2.0. On 18 October 2007,

acquired Gravatar. After doing so, they offered all previously paid services at no cost, improved server response time, and refunded those who had recently paid for service.

Matt Mullenweg Matthew Charles Mullenweg (born January 11, 1984) is an American entrepreneur and web developer living in Houston. He is known for developing the free and open source software, free and open-source web software WordPress, now managed by The WordP ...

announced on ''The Big Web Show'' on 2 December 2010 that Gravatar was serving approximately 20 billion images per day.

References

External links

* {{Automattic Inc. Virtual avatars Automattic WordPress de:Avatar (Internet)#Gravatar