Firefox Tracking Protection breaks Avatars

Summary

On Firefox 51 by default private browsing windows come with Disconnect.me's anti-tracking blacklist built in and active. When enabled, user avatars become a jumble of alt text.

Steps to reproduce

Start a new Private Browsing Window on Firefox 51 and go to a commit log, or a comment thread, or anywhere else Gravatars are used.

What is the current bug behavior?

Instead of avatars showing, the git user.name or maybe the full Gravatar URL spills over the bounds of the rounded avatar icon.

What is the expected correct behavior?

The avatars should show up! Or, if not, some reasonable approximation, like maybe a single bold letter the way Android and Google properties behave without a set picture.

Relevant logs and/or screenshots

This shows what happens with tracking protection enabled.

Screen_Shot_2017-02-22_at_11.50.44_AM

Disabling it fixes the visual issue Screen_Shot_2017-02-22_at_11.50.57_AM

The code being displayed there is

<img class="avatar has-tooltip s36 hidden-xs" alt="Nick Guenther's avatar" title="" data-container="body" src="https://secure.gravatar.com/avatar/f9edbb4a5a9317e842862a7dffc2e708?s=72&amp;d=identicon" data-original-title="Nick Guenther">

It seems to be even worse on comment threads Screen_Shot_2017-02-22_at_2.25.48_PM

<img class="avatar s40" src="https://secure.gravatar.com/avatar/0adc60a96b41045e2c677455df574154?s=80&amp;d=identicon" alt="0adc60a96b41045e2c677455df574154?s=80&amp;d=identicon">

Output of checks

This bug happens on GitLab.com.

Possible fixes

Proxy the gravatar images to a local cache and serve them from gitlab.com. And make sure to do the gravatar download in a separate process that censors all client headers.