Discourse leaks between domains?

Daksol · April 2, 2024, 10:50pm

Tom will know what is happening here…

Just had an interesting experience when I signed up at https://jupyter.org for their forums - they concern the Jupyter project - Jupyter Notebooks, Jupyter Lab and friends.

Immediately after I logged in for the first time i noticed (shock horror!) that the site already had my profile picture in place.

On this new sign up I used the same userid and contact email which I already use on two other sites which also use Discourse. Of course I use different passwords. Note that on both these other sites I use the same profile picture (= Manny from Grim Fandango for those into classic LucasArts games).

The other sites are:

This one, forums.lawrencesystems.com
An American potlical blogging site talkingpointsmemo.com (highly recommended)

So what is going on here? Presume there are “behind the scenes” connections between apparently unconnected Discourse sites?

How does Discourse work in practice? - is this a piece of software which sites license and then self-host, or is it “Software as a Service” - or maybe Discourse instances can be set up in both these ways.

I suppose I could see if I could find out which sites are connected behind the scenes by registering accounts with different profile pics etc - though not sure I have the energy.

paolo · April 3, 2024, 8:11am

Separate Discourse instances may or may not exchange profile pictures via their central service, i.e. I don’t know whether they implemented their own mechanism for that specificially. But there are definitely some other ways this could happen like Gravatar or getting profile pictures from the SSO provider.

Daksol · April 3, 2024, 11:23am

Someone at discourse.jupyter.org pointed out to me that their Discourse is set up to look for info from Gravatar.

I don’t recall ever signing up for Gravatar, but may have happened.

So this sounds like something happening by design - which is better than it being a careless info leak.

LTS_Tom · April 3, 2024, 11:40am

Discourse is open source and can be self hosted like this one or they can host. It’s a public facing site so the information you post here and what you put on your profile, except your email, is public.

I do have my set to to the default, which is to automatically download Gravatars if they match since that is also a public site that people sign up for.