If you have an account on Github, StackExchange, or any one of countless other sites, there's a good chance hackers can identify the e-mail address you used to register it. That's because Gravatar, a behind-the-scenes service that says it works with millions of sites
, broadcasts the information using cryptography that in many cases is trivial to crack.
People have been warning about the privacy risk posed by Gravatar, short for Globally recognized avatar, since at least 2009. That's when a blogger showed he was able to crack the cryptographic hashes
that the service uses to uniquely identify its users. Gravatar, it turned out, derived the hashes with the user's e-mail address, and the blogger was able to translate about 10 percent of the more than 80,000 user IDs he harvested. Now, a researcher has upped the ante by using a more advanced cracking technique to de-anonymize participants advocating racial hatred and other extreme topics in online forums hosted in France.