Improve Privacy

[Kikobeats]

To avoid expose emails into the URL, gravatar encode it using MD5.

Take a look at the provider/gravatar.

The service can do that because the user is previously registered at gravatar portal.

In the case of unavatar, the service aims to be stateless without previous register or login.

Let determinate if we can do something in order to improve user privacy.

For example, we can support provide the url encoded base64. That's a reversible encoding and of course it doesn't securize your data, but at least it prevents be crawler for simple text scan bots.

[ahmadnassri]

I had an initial thought: using a pre-shared secret for a common hashing algorithm ...

but that would mean it will be listed on the README and thus reversible ... so maybe not really private after all ...

it might just be a paid / pro feature: users sign up and add a secret for their apps, then they can use the service with their encrypted emails in the url ...

[saaiful]

From my research of unavatar, email is only supported at https://github.com/Kikobeats/unavatar/blob/master/src/providers/gravatar.js . So implementing md5 is not that hard.

[mbtools]

Gravatar now uses email hashes:
https://docs.gravatar.com/api/avatars/images/
https://docs.gravatar.com/api/avatars/hash/