Thanks for reporting. Whou, yeah, disturbing. 

Introduced in https://git.gnome.org/browse/evolution/commit/?id=91aee2a805d70c9f7a5f0d089139fbfc710939c1

Not documented in the user docs so no big blinking warning to add there.

To switch off: "Edit > Preferences > Mail Preferences > Headers > Sender Photograph > Show the photograph of the sender in the mesage preview"

(In reply to comment #1)
> To switch off: "Edit > Preferences > Mail Preferences > Headers > Sender
> Photograph > Show the photograph of the sender in the mesage preview"

Yeah, I also do not like the feature. The problem with the above option is that you disable also addressbook lookups, which can be fast and so on.

A workaround would be to delete the gravatar module, located at
   $PREFIX/lib/evolution/3.XXX/modules/module-gravatar.*

(it can be /usr/lib/... or /usr/lib64/lib/... and so on).

I'll add an option, disabled by default, which will influence whether the gravatar module will be used or not.

One observation, I hope a good news, the gravatar.com is not asked with the sender's email address, but with an MD5 hash of it, from which they cannot recognize the address, unless it's already stored on the server. That means that this eats only a band-width, but no private information is exposed (maybe except of the requester's address).

@Andre:
Well I guess no one could guess from that:
"Edit > Preferences > Mail Preferences > Headers > Sender
Photograph > Show the photograph of the sender in the mesage preview"
that this includes disclosing information to gravatar... most people will simply think about the X-Face header and the image included in the email.

@Milan:
I don't think having the hash is of any help here...
a) gravatar knows all the addresses they, so THEY can easily build up the tables and just compare.
Any many people do have a gravatar account, since the way it's usually used (websites) there's no information leakage.
And since I'd expect that there is no salting,... then both, gravatar and other people on the wire can at least check whether you have contact with "well known" addresses.

Cheers,
Chris.

The below commit adds a GSettings option "search-gravatar-for-photo" to org.gnome.evolution.mail and make it use to the gravatar source. There is also added a check box below the option named at comment #1 with a description "Search gravatar.com for the photograph of sender", which also influences the new GSettings key. The key, thus also the gravatar.com search, is disabled by default.

I cannot commit this to stable due to new translatable strings and a UI change. Maybe a simplified version without the UI change would be possible (what do you think, Andre?), the text in GSettings is not shown anywhere but DConf editor, which is not a place where users should usually look.

Created commit 82076f2 in evo master (3.13.3+) [1]

[1] https://git.gnome.org/browse/evolution/commit/?id=82076f2

I noticed this the other day too and immediately blocked access to gravatar using my hosts file.

This should be optional and disabled by default as per Milans patch.

One other thing to add: Please remember to always use SSL if it is an option. I.e, please change http://www.gravatar.com/ to https://secure.gravatar.com/

(In reply to comment #6)
> Please remember to always use SSL if it is an option.
> I.e, please change http://www.gravatar.com/ to https://secure.gravatar.com/

Please file a separate ticket for separate requests

That would be the line
  #define AVATAR_BASE_URI "http://www.gravatar.com/avatar/"
in modules/gravatar/e-gravatar-photo-source.c

mcrha: Fine with changing that?

Yes, sure thing. It only got lost in my bug mails, otherwise I'd do it sooner.

Created commit 7d28bdf in evo master (3.15.91+)