Noosfero should make all third-party javascript optional
A clean install of Noosfero incorporates code that allows third-party sites to track users and visitors. Sometimes the site admin will want to trade features and usability for user privacy. I think all non-plugin features should only depend on javascript hosted by the Noosfero instance itself, and make optional integrations with third-party servers. I think there are at least three issues:
-
various places where gravatar.com is called. It seems that the default profile picture is hosted by gravatar.com (!) https://www.gravatar.com/avatar/4c719e20a47ed1e73810d1f8236d1d26?only_path=false&size=150&d=mm
-
various references to addthis.com in the code (although in this case, there is already a configuration switch in noosfero.yml).
-
The Google Maps integration feature in the myprofile/user/maps/edit_location feature.
Maybe there are other places. All of these integrations should be made optional, in my opinion.
(This is a generalization of a previous issue, #58 )