Investigative journalists have exploited a cryptographic weakness in a third-party website commenting service to expose politicians and other Swedish public figures who left highly offensive remarks on right-wing blogs, according to published reports.
People have been warning of the privacy risk posed by
Gravatar, short for Globally Recognized Avatar, since at least 2009. That's when a blogger showed he was able to
crack the cryptographic hashes the behind-the-scenes service uses to uniquely identify its users. The Gravatar hashes, which are typically embedded in any comment left on
millions of sites that use the avatar service, are generated by passing a user's e-mail address through the MD5 cryptographic function. By running guessed e-mail addresses through the same algorithm and waiting for output that matches those found in comments, it's possible to identify the authors, many of whom believe they are posting anonymously.
