22

Area 51 uses a different system for avatars than the rest of the network. While on every other site Gravatar URIs are salted, on Area 51 they aren't because it hasn't been updated (Area 51 uses a 2011 fork of the SE engine and the change was made in 2013). This could allow determining the email address associated with any user who has an Area 51 account. Avatars on Area 51 should also be salted to prevent this.

Area 51 avatars should be salted the same way as the rest of the network to prevent this information leakage.

See also this deferred request for the whole avatar system to be updated (I don't want a whole revamp, just this one bug fixed).

Improve this question
8
  • 7
    In a similar security issue, I find no way to actually delete an account on Area 51 like other sites. Commented Mar 20, 2021 at 15:44
  • @Casey You can have your Area 51 account removed by contacting SE. Commented Mar 21, 2021 at 3:14
  • @SonictheCuriouserHedgehog But why can't it be deleted directly by me like other SE sites? Commented Mar 21, 2021 at 15:19
  • 3
    @Casey As the question says, Area 51 uses a very old fork of the SE engine, from 2011 to be exact. The ability to delete one's own account wasn't implemented in the main SE engine until 2017. Commented Mar 21, 2021 at 18:42
  • This has been finally addressed: meta.stackexchange.com/q/411007 Commented Jun 26 at 14:43
  • 2
    I marked this status-complete because this issue is now resolved, more info here. Commented Jun 26 at 17:02
  • @Sasha You may also want to mark this request as completed, as with the new changes Gravatar is no longer linked in any way to Area 51, which technically makes that request completed. Commented Jul 9 at 0:43
  • @SonictheAnonymousHedgehog done, good catch Commented Jul 9 at 17:26

1 Answer 1

Reset to default
9

Update – June 26, 2025:

This issue is now resolved. See this announcement for more info: New identicons for all Area 51 users

This has been added to our backlog to be addressed by our bug duty rotation. That being said, we may be getting close to a point where we need to pay off some Area 51-related tech debt, so it might get addressed as a part of a bigger project rather than bug duty.

Either way, we'll keep y'all updated about progress as it happens.

Improve this answer
1
  • 5
    How long does a "duty rotation" takes? Commented Mar 14, 2023 at 9:55

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.