An email used with a WordPress.com blog is listed publicly but should not be.

  • tweenagers · Member ·

    A few years ago, I helped my daughter create a blog as part of a school project. I set myself up as an administrator and my daughter as an author. Although WordPress.com says that my contact info / email would not be released publicly, it appears it may be available to Rapportive through an API or other means — or it was released publicly through some other method.

    Rapportive shows my profile with the fun and false name I used when I helped my daughter set up her blog. It made for a funny discussion with a technical contact recently — but it brings up a good question.

    I’m just wondering what portions of our profiles (and especially emails) are private — and what is not private. It seems that it may not be as clear-cut as I thought when I created the fun blog for my daughter.

    If there’s something I should change about my personal settings, please let me know.

    Thanks.

    The blog I need help with is: (visible only to logged in users)

  • timethief · Member ·

    You have two separate email address settings at WordPress.com.

    Blog notifications for the admin (like comment moderation, Likes, new subscriptions, etc) are sent to the email address at Settings -> General in the Dashboard.

    Personal notifications     (like comments on your post, subscription emails, and upgrade renewals) are sent to the email address at Users -> Personal Settings in the Dashboard.

    See also > Issues Changing your E-mail Address > http://en.support.wordpress.com/email-address/#issues-changing-your-e-mail-address

    … but want to find out if it really has been made public before.

    I don’t know how to assist with that part so I tagged this thread for Staff attention. If you subscribe to the thread you will be notified when Staff respond.

  • charliebowden · Member ·

    Thanks for the quick reply.

    However, in both of those locations (Settings -> General and Users -> Personal Settings), it says right next to the email address box (“This address is used for admin purposes.” or “Used for notifications, not published.”)

    So that leads me to believe that the email address should not be public. Especially if I have not posted, or commented using that profile.

    Any clarification here would be appreciated.

  • timethief · Member ·

    I already tagged this thread for a Staff response. If you subscribe to the thread you will be notified when Staff respond.

  • kathrynwp · Staff ·

    Hi there – thanks for getting in touch about this. Could you please check whether your Rapportive account is connected to your WordPress.com account, or to any other account where that email address might also have been used?

  • fencecity · Member ·

    Hi,

    I don’t have a Rapportive account. A technical friend uses it and through it he saw the Username that was associated with the email I used to setup the account.

    After thinking about it, here’s what I guess might be happening:

    1) I sent an email to my friend (who uses Rapportive).
    2) Rapportive takes my email from Gmail and uses it to query WP.com
    3) WordPress.com responds with the username information.

    If my guess is accurate, it means if you were to email any Rapportive user through the email address associated with your account, they would be able to identify that your WP username is kathrynwp

    That’s different than releasing an email publicly — but it does seem worthwhile discussing whether there are any privacy, permission or notification that should be given to WordPress users. It certainly surprised me.

    In my case it was amusing because I was identified in Rapportive with a goofy username that I had created just for training purposes.

    Other WP users might have more specific concerns.

    Thanks for getting back to me about this.

    If I can help by providing any other information, let me know.

  • kathrynwp · Staff ·

    Thanks for getting back to me with these details. I’m doing some further investigation and will keep you posted here.

  • kathrynwp · Staff ·

    Thank you for your patience while we looked into this.

    This is what we think happened:

    • You sent an email to friend
    • Rapportive took the email address from Gmail and encrypted it
    • Rapportive went to http://www.gravatar.com/ and input the encrypted email
    • Rapportive got redirected to your Gravatar profile here – http://en.gravatar.com/tweenagers – and with it the associated WordPress.com username and blog

    WordPress.com has not revealed your email address, only your username, which is not considered private information, since it’s displayed in other places publicly.

    If you would like to prevent this from happening, you could change the primary email address on your Gravatar account to one that is not your main email used for correspondence.

    Another alternative would be to hide your Gravatar profile to make it not publicly accessible, by clicking the link at the bottom right corner here:

    http://en.gravatar.com/tweenagers

    …as you can see in this screenshot:

    http://cl.ly/image/000g3V0e1F3a

    We’re sorry for the confusion this caused. Just let us know if you have any further questions.

  • The topic ‘An email used with a WordPress.com blog is listed publicly but should not be.’ is closed to new replies.