User avatars should be hosted on official image server and not hotlink to external services

Basically, to change an avatar, you’ll have to upload it to the network’s hosting and use the link to the upload. This way sudden changes of avatar image content are prevented, and tracking by third-party domains is not possible. Also this prevents a situation where the avatar cannot be loaded due to country IP range blocks if it’s hosted by some social network which is blocked by your internet service provider.

Third-party logins should upload the avatar from the third-party service upon first login.


Absolutely! Same as with other images and data - everything gets hosted on our server, even if the original source was elsewhere (e.g., properly licensed Q&A content brought in from SE or another site).

In the case of avatars, it should be possible (but we’d need to check any licensing issues) to offer to copy a user’s avatar from SE, though I don’t think I will need a “Reinstate Monica hat” avatar here :slight_smile:


Should we also allow users to copy/import avatars from gravatar and other such services?


Why not? Though the easiest way to avoid any licensing questions is to have any images be paste/upload (with a warning to the user, as should be the case with all image upload functions, that they are only to upload their own work or open source licensed images) rather than “grab from a specific service” - and which is also makes sense for MVP.

Should be easy to edit to “Celebrate Monica”.