Throughout the Secure Surfing Organization sites we urge people not to use their real email addresses when signing up for “free” online services. This is particularly important when your email address contains your family name or another piece of uniquely identifying information.
The importance of this advice came home for one Secure Surfing member when she entered a message on a forum which she was visiting for the first time. She had never been to the site, nor had even heard of it prior to this visit.
She entered a message on a particularly sensitive topic. When she returned to see if anyone had answered her questions she was shocked to find a photograph of herself posted right beside the message she had entered the previous day.
Because the site had no email address or contact information other than the forums, she did not want to enter another message and contacted the Secure Surfing Organization instead.
It was pretty easy to establish what happened and to provide instructions on how to get her photo down, at least over a period of some days.
There is a system of “avitars” run by the same people responsible for WordPress, Automatic Inc, known as Gravitars. The Gravitar service allows a user to upload an image and that image will be attached to the email address under which the user registered.
What users most assuredly do not realize is that once they have uploaded their image to gravitar.com, they lose control over where that image appears because participating web sites do not need to specifically ask permission to use the image posted to Gravitar.
That is what happened here. The young woman had many months ago uploaded an image to gravitar.com using her primary email address for registration. When she visited the forum site she was not asked whether or not she would like to have her image shown with her posts and she was using a screen name for the forum.
Unfortunately, because she had, like every other gravitar user has, given blanket consent to use her image in association with her email address, an action she had long forgotten rose up in a very serious breach of her privacy.
What is worse in our opinion, is that Gravitar refuses to delete accounts. Users are not told at registration that whatever email address they use to register will be retained on account with Gravitar forever and that there is no way to have the email address, much less the account deleted.
This is a fundamental breach of privacy principles and as great as the work that has been done by Automatic, they should be ashamed to impose this nefarious practice.
What can be done, and was done in this case, is to log on to your Gravitar account and delete the image. Depending on a number of factors such as the amount of caching being done by the forum server, the image will disappear from the live forum.
However, if you have bad luck it is entirely possible that one of the many search engines or internet archiving sites will store your message with your image in their own databases and you may have to deal with the consequences pretty much forever.
This young woman made two mistakes: first she used her primary email address to register with Gravitar. Second, she used her primary email address to register for the forum.
Secondary email addresses are easy to obtain, so use them.
See our how-to guide on How to Join Stuff Online for more details.
