Few days I ago I started working on a #WordPress plugin.
Please understand I'm not really a fan of WordPress, this is very rare for me to work on a plugin.
Already it does nonce's better (what WordPress calls a nonce does not meet the definition) and does passwords better (argon2id) - right now I'm working on the gravatar part. #tootstorm 1/
The problem with Gravatar is that it's a tracking nightmare. Not only does gravatar.com use third party tracking cookies, but the avatar is based on an unsalted md5 hash of the user's e-mail address making it easy for *anyone* to discover the e-mail address of who made what comments on a WordPress blog. #tootstorm 2/
So - the WordPress function that does that is `get_avatar()` in the `pluggable.php` file. I use to have a plugin that fixed that issue by salting the hash first, but that was years ago and WordPress bastardized how the gravatar functions work.
I really wish WordPress just used actual namespaced classes for stuff like this, but it doesn't.
For example, it needs to be able to extract a e-mail address to hash from a postid because WordPress wants to do that sometimes.
The extended class is then called by my replacement for the `get_avatart()` function.
One of the nice things about an abstract class and an extended class is I can easily unit test the abstract class with phpunit - unit testing WordPress plugins are hard because #tootstorm 5/
they basically need all of WordPress, but by making abstract classes that do not use WordPress defined functions, I can at least write unit tests for the bulk of the plugin *as well* as having the ability to re-use those classes elsewhere.
Well, time to start testing the gravatar privacy fixes...
Right now only obfuscates the e-mail hash, gravatar still tracks. An alternate service will take time.