10 Sep 2009, Posted by christie in Blogging Bytes, 46 Comments
Disturbingly easy Gravatar impersonation and more internet fun
Here are three little things I have thought about while enjoying the internet lately:
1) If someone knows the email address I use for my Gravatar and for commenting on blogs, then they can “be me” and comment on blogs saying anything they want to in blog comments, appearing as me, unless someone has reason to check their ip address in the commented blog’s WordPress dashboard. And I can’t think of any reason anyone would check, unless I see a comment which I know is not me and contact the blogger! If you decide to try this at home, please use the email address of someone you know, so they can get you back. Don’t use mine. I read the whole internet top to bottom, so I would know.
2) I am so glad there is no “online now!” indicator in Twitter and I hope they never add it. Imagine if every time you tried to log into Twitter all your followers who were selling something immediately started bombarding you with DMs and @replies about ways to make money. Or worse, imagine how your friends and family would be so mad at you, “I saw you were there, and you didn’t answer me!” or “My friend saw you on Twitter at 2 pm, but we were at my sister’s wedding!”
3) If your significant other decides it’s a good day to start an argument, I suggest you have it in Google Wave. Then when you get to the part where they want to go ’round and ’round with the same old argument over and over again, all you have to do is click Playback to show the opening statement and each successive one. Or you could even show a statement and react differently this time, but in that case you’d have to retype it. Remember you can reply to a single statement in Wave, so it should revolutionize the way you waste your time arguing.
Do I look fat in this outfit? No. You think my sister is prettier than I am! How is that sister of yours, anyway?(repeat)
I think I have given you enough fun things to ponder and try out for now, but don’t worry, I’m always working on finding more internet wonders for you!
Photo credit: Nika
Promote Post
Enjoyed this post?
46 Comments
September 10, 2009 6:39 pm
Klaus @ TechPatio
Good point with the comment stealing. I wonder why it has not become a problem yet? Now that I comment here, you get my email adress and could easily comment on other blogs saying all bad things
maybe that’s when plugins such as disqus, I think it’s called, is really worth something.
Klaus @ TechPatio´s last blog ..Steve Jobs Is Back On Stage At September 9th Keynote
September 10 2009 18:42 pm
christie
:D Yep, I have your email address now, so you'd probably better start looking around to see what I might do with it!
I'm with you - surely we should soon move to disqus or something similar. When we log into instant messenger or email we need a password, and I'd be fine with logging in to leave a comment on a blog, as long as it wasn't too big of a pain.
July 07 2010 08:06 am
Mark Lawrence
This gravatar vulnerability is scary. It makes it so easy to slander someone online and steal their identity. The "Disqus" solution is not really a solution as someone can make a fake Disqus account and just use your same exact gravatar image. It may even make the problem worse, as it adds another layer between the person being slandered and the owner of the blog if they are ever contacted regarding the comment being taken down. At least with regular wordpress comments not through a 3rd party like Disqus, you can see the IP address etc. This is highly concerning, and I am surprised there is not more discussion or solutions for this blatant loop hole.
September 10, 2009 8:38 pm
Evan Kline
Yikes! I never thought of that, but you’re right. One cautionary word about Disqus – the last update broke Gravatar support, so you’ll see lots of the default avatar on Disqus sites (like my site). Evidently they are looking into, but its been that way for a week or two now.
I hope, too, that Twitter doesn’t implement an online status, but if they do, I hope they at least add in the ability to disable it.
Evan Kline´s last blog ..Would LastPass Stand Up to a Password Cracker?
September 10 2009 21:29 pm
Christie
Oh wow, thanks for the heads up on Disqus and Gravatar support! I guess I'll keep doing things the way I am for now since so many other sites are just using default WordPress comments too. If you ever see me saying anything "out of character" somewhere on the web, let me know, and I'll do the same for you. :)
Yes, disabling it would be fine if Twitter decided to show our status - invisible mode.
September 11, 2009 1:35 am
Doug Dillard
I have wondered the same thing about people using your email. I think one reason we don’t see a lot of it (I actually have never seen it yet) is because most of us only comment on reputable blogs, and they are the ones that have our email. I think if they went around saying bad things using our email, it would get back to us fast and they would eventually get caught with their IP address. Next thing they know they would lose all their credibility in the blog world… and who wants that? Just too risky and imagine the bad karma
As for Twitter… having an online indicator would totally suck! That would be one of the worse things ever!
Great post Christie!
Doug Dillard´s last blog ..Making Money Online Subscription Contest – Win Professionally Designed Logos or a Character Mascot
September 11 2009 03:46 am
Klaus @ TechPatio
Commenting on reputable blogs will of course decrease chances of the e-mail ever slipping out, but even then, it's no further away than:
1) A poor password protecting login to the dashboard
2) A poor password protecting the MySQL database
3) Getting access through the webmasters computer which most likely has auto-login on for his WP Dashboard.
Plus, it probably doesn't take too many guesses to guess the e-mail address that people might be using for comments. One should probably consider making it very hard to guess and just redirect emails from the hard-to-guess email to the one being used normally.
.-= Klaus @ TechPatio´s last blog ..Winmail.dat Fix: Letter Opener 3 For Apple Mail & Snow Leopard Released =-.
September 11 2009 17:30 pm
christie
Thanks Doug! And - surely if Twitter were going to do that to us they already would have. :)
September 11, 2009 4:32 am
DiTesco
That is a scary thought that someone might be using your credentials posing as someone that you are not. recently, I found and internet app that you can use to see all of your conversations on the internet. I use in once in a while to see if there are comments made on my behalf that I might not have done myself. It is a great way to track conversations. The app I am talking about is uberVU and you can find out more about it on the comluv link below (it’s my Twitter related blog). Have you seen this before?
I also agree with you about not having the “mode” thing on Twitter. I think they should leave that untouced. I for one would have a big problem if someone knew I was online and not responding to DM or @replies:)
DiTesco´s last blog ..uberVU – Follow Your Comments All Over The Place
September 11 2009 17:34 pm
christie
Hi DiTesco, no, I had never heard of uberVU but it sounds great! We might be in for some surprises! Thanks for the great tip.
September 11, 2009 10:18 am
Jason
I knew about the comment problem from another article I read on another blog. That is why I do not have an avatar. You never know what people may use it for. Especially that most commenters leave comments annonimously they can easily get your e-mail and leave their opinions under your name.
Jason´s last blog ..What is going on with WordPress?
September 11 2009 17:35 pm
christie
Wow Jason - I hadn't realized that's why you don't have an avatar, but it makes sense. I'm going to just create a new email address and only trust it to bloggers who have good, reputable blogs.
September 11, 2009 11:23 am
Asswass
I’ve never seen someone using my avatar on a blog and I hope I never get to see it. It would be funny though.
Some Twitter users don’t need the online sign because they’re always online. How do you? Well if a user has 35.000 tweets in 2 years then you know that this person doesn’t have a life outside Twitter, so spam this guy instead lol.
Asswass´s last blog ..This Week’s Top WOP: Obama’s School Speech
September 11 2009 17:36 pm
christie
You are so right Asswass! :) There were three women whose faces I always saw when I logged into Twitter, no matter what time of day it was. I finally unfollowed all three of them, asking myself, WHAT TOOK ME SO LONG!
September 11, 2009 2:18 pm
Extreme John
If Twitter were to add an “Online Now” indicator I would probably be in a rush to find the “invisible” feature that goes along with it just like with ICQ.
Extreme John´s last blog ..8 Reasons Follow Friday Sucks
September 11 2009 17:38 pm
christie
Amen John. I'd probably never log in again - would somehow just use search.twitter.com to find mentions of my name or something. I'm glad we can stealth!
September 11, 2009 9:36 pm
Robert Owen
If Twitter ever had an “Online Now” Link I would definitely never log into their interface again. Opting to post to it solely from Friendfeed or some other website or… just cancel the account all together.
One would hope that id they did add it, them they would give you the option to hide your online status like Facebook does. Only then would I use it.
Robert Owen´s last blog ..Friday Funny: The Correct Answer?
September 12 2009 13:41 pm
Christie
Hi Robert, yep, we need to be invisible - and I hope Twitter will always realize that! What about my suggestion to have arguments on Google Wave - wouldn't that be a good place to put the answers to those questions on your Friday Funny, if a guy messes up and doesn't come up with the Proper answer immediately? :D
September 13, 2009 11:06 am
A Vecchioni
I agree the Gravatar abuse you describe is not only possible, but all too easy. I think the reason we don’t see the abuse taking place is that there’s no benefit to the perpetrator. Something like spamming comments benefits the perpetrator by spreading site-link. Impersonating a Gravatar is just petty malevolence. Then again, I guess if you really have it in for someone. . .
A Vecchioni´s last blog ..Penny Games
September 15 2009 19:37 pm
Christie
Yes - it really would be all too easy. I guess if you ever see a comment by someone and think, 'That's really out of character for him..." that could be it! :)
September 14, 2009 1:39 am
Terry with Medical Scrubs
I think IntenseDebate is better than Disqus. Just my two cents though.
On the Twitter thing, it’s fine by me. After all, you won’t follow those spammers in there so they can’t send you a DM. They can “reply” to you but that’s not much of a bother. And you can block these spammers easily.
Good idea about using Wave.. Hahaha.. Maybe you should make a post on ten ways you can use Google Wave with that argument bit taking the cake.
September 15 2009 19:38 pm
Christie
Hi Terry - I had never heard of IntenseDebate - thanks for the tip!
:) Yes - I'll bet I could find a few more amusing ways we could use Google Wave! Thanks for your comment - please come back to MiscBytes soon!
September 14, 2009 3:21 am
Tech-Freak Stuff
Ohh…This Gravatar thing can cause serious problems ! I just hope that people where we comment don’t disclose my Email address.
Tech-Freak Stuff´s last blog ..How to prepare yourself for Shifting from Blogger to WordPress?
September 15 2009 19:39 pm
Christie
Hi - No, I don't think they will give up your email address. In my case, I had made an email address a bit too public, but now I've gone to a little more obscure one linked to my gravatar for leaving comments.
September 14, 2009 10:23 am
Ching Ya
LOL.. aren’t you the smart one, Christie! Ok, let’s see:
For case 1:
You bet! So we could only hope for the thing called ‘self-conscience’ comes up every time someone meant to do a bad thing, like impersonating another. I had a friend once got furious when found out somebody is using her site’s URL while commenting. The person didn’t make a terrible comment but she felt violated. I would never want that to happen to me either, EVER!
Case 2:
There are a lot of ‘status notifications’ online already. Certainly glad that Twitter skipped that. Really not necessary.
Case 3:
It’s like reading MSN chat history (does anyone still remember this feature?)
Overall, I had a good time reading these. You never ceased to amuse me with these interesting thoughts.
@wchingya
Social/Blogging Tracker
Ching Ya´s last blog ..How To Pick Up From Your Blogging Downturns
September 15 2009 19:40 pm
Christie
Oh wow, yes that would make me mad too, for someone to use my url. Why on earth would anyone do that? Glad you enjoyed! :)
September 15, 2009 4:53 am
Weekly Link Party-Part2 | TechGenuine
[...] Disturbingly easy Gravatar impersonation and more internet fun by Christie [...]
September 15, 2009 8:21 pm
Deneil Merritt
I never had the problem of someone using my email address but there has been times people have used my name to get on someones top commentator’s list.
I would totally hate if twitter had an online now feature. I would never go to twitter than. I would have it auto update my blog posts and use twitthis firefox plugin to send tweets to twitter.
Deneil Merritt´s last blog ..Stranger In The Mirror
September 19 2009 10:47 am
christie
Hi Deneil! Wow, someone used your name - that would make me so mad!
Very true - if Twitter took away our invisibility, I'd be auto-update all the way.
September 17, 2009 9:22 am
Michael Aulia
It’s true. I thought of this once but thankfully people who know my email address normally are good people like you guys *ugh*
Not sure for how long though. I hope Gravatar can at least have an extra security layer one day
Michael Aulia´s last blog ..Left 4 Dead 2 banned in Australia???
September 19 2009 10:49 am
christie
Hi Michael! Good people - hahahaaa... (just kiddin')! :) Yes, I trust other bloggers. I just shouldn't have gone throwing my email address around on my contact page. It's gone now, so hopefully no one will try to "be me."
That would be awesome if Gravatar would require a quick login; I wonder why they don't already!
September 18, 2009 6:24 pm
John Sullivan
You have a brilliant mind because we think alike LOL:)
but from the comments I can see bloggers are some THINKING people 
I did think about that gravatar issue but like Doug said if a person
was stupid enough to do that they would only set themselves up to possibly be the most hated blogger on Earth. As wordpress expands and our sites become more valuable we are entrusted with people’s info so I think it’s a given to never use any information to harm someone and yes that means even your ” enemies ” I also am glad that we haven’t seen this and when I first read this I said to myself she should of kept that one a secret
Thanks stumbled
John Sullivan´s last blog ..Facebook for GOOFS my new book
September 19 2009 10:50 am
christie
Hi John! Yep, brilliant and dangerous minds - think alike! :) I did pause for a second, didn't want to be like these reporters who tell the world how to make a bomb or some other bad thing they might not have thought of, but I decided this was something so obvious I may as well make fun of it in a post. :) Thank you SO much for the stumble!!
September 19, 2009 11:19 pm
Brian D. Hawkins
I never considered the possible comment impersonation. There’s no way to hide the email we us to comment since every blog we comment on gets it. I fall way behind on my comment duties and I’m not sure it would be a bad thing. They would almost certainly spell better than me and probably gain more friends
I hope Twitter never reads this post and gets the “online now!” idea. That drives me crazy about Facebook. I log in for a minute and get three people wanting to chat for an hour. Yahoo started that with their email so I’ve all but stopped using it. Being online shouldn’t mean you are available, just very busy.
Brian D. Hawkins´s last blog ..Chasing The Guru Ghost
September 21, 2009 12:32 am
Internet Income
That is pretty funny about the e-mail, good thinking! I never really thought about it that way but your competitors could really make a fool of you… LOL!
Internet Income´s last blog ..Maximize Your StumbleUpon Toolbar And Traffic To Your Blog
September 22, 2009 3:42 am
10 Blogs where you will really enjoy commenting! | Tech-Freak Stuff
[...] her views and I am glad to say, most of her views match with mine! Her recent topic about the Gravatar Impersonation literally shook me! She makes me feel at home when I comment on her blog which is the best thing [...]
September 22, 2009 10:56 am
EdZee
Very nice observation about our email address being linked with our Gravatar image. I wish the Gravatar people would stumble upon this article and do something about the risk it now have on its members.
EdZee´s last blog ..Making Mozilla Firefox Start Faster
September 29, 2009 5:33 pm
Sire
I’ve actually just done a post on blogging identity theft where someone stole Mitch’s identity to leave a comment. He/she was hoping for an easy ride to the top commentator widget. Too bad I caught the low life out and delinked him.
Sire´s last blog ..The Reason Behind Your MLM Failure
October 9, 2009 1:32 pm
Flashback Monday – 100th Blog Post, Affiliate Program, & Super Mario Bros Z
[...] Google Trends, Apple News & My New iPod Happy Birthday What is Your Favorite Part of Blogging? Disturbingly easy Gravatar impersonation and more internet fun Content Is Not King Blog Commenting and High PageRank WordPress Quickie: Insights Plugin for Better [...]
November 26, 2009 12:10 am
Bellamy
Great post, and great comments too. I have never thought about gravatar impersonation, but it is the unexpected threats that are most dangerous.
July 9, 2010 8:45 am
ZubenElSchemali
I ran across this article while searching for something and had to share some information, even though months later. I hope you see it. It is very easy to steal someone’s identity and impersonate them. It is happening to several people commenting on wordpress blogs as we speak, including me. Sometimes they just right click and copy the image and save to use in their gravatar account. Sometimes they just use the ID or online name of the person. The most recent impersonation of me I found is using the email account that I closed and have been watching for, due to my email account being hacked and my suspicions as to who it is. There are only 4 blog sites I’ve used that email address at. The person spoke vulgar in my name and said I love NAMBLA which I found out is a pedophile group, clear slander and illegal. The man I suspect has exposed email addresses and IPs of those he considers his enemy, on his blog, not mine though. He posted the name, address and phone number of a PI and asked his readers to harass him. Still he is allowed to continue his blog. He also posted the picture of a convicted pedophile and in white type so it is invisible, typed the real name of one of his perceived enemies. He since deleted it but it comes up every time someone google’s either his name or his online ID. Still he continues. I am the latest on his enemy list because I have shared proof of certain things and reported him. I posted there a few times before I realized what kind of man he really is because an article caught my attention. His latest trick is to have found a way to post as multiple people and not have any email hash showing in the address for the gravatar, even though the email is required there, so they can’t be compared to other known gravatar IDs.
Just a heads up because abuse is rampant and needs to be stopped.
Posting your comment...
Leave A Comment