Many people have had trouble getting avatars to display when commenting on this blog. Some may have noticed similar problem on other sites.

The issue is not within Echo or (JS-Kit) per se, but rather what information is provided through a widely used login interface called Janrain. Echo uses that interface.

From my Web guy ….

Hello Mish

I went back and reviewed the provider configuration choices for the different mainstream providers used to manage the Janrain backplane. From that review, here’s what’s available for Echo to pull over from the provider at login.

It should be no surprise, that Facebook by far makes the most data available. For some, photo (avatar) data is not available at all.

  • MyOpenID — only email and formatted name are returned for “Basic” mode — no photo
  • is available even with “Extended Profile”
  • Google — only family name, given name, and verified email are returned for “Basic” mode; no photo provided even for Plus, Pro or Enterprise
  • Yahoo! — lots of info returned: Address, Birthday, Display Name Formatted, Name, Gender, Homepage, Preferred Username, Profile Photo, Time Zone, Verified Email
  • Facebook — lots of stuff returned in Basic mode: Address, Birthday, Verified Email, Display Name, Family Name, Formatted Name, Gender, Given Name, Homepage, Preferred Username, Profile Photo, Time Zone
  • LinkedIn — lots of stuff returned with Basic mode: Address, Birthday, Display Name, Family Name, Formatted Name, Given Name, Homepage, Phone Number, Preferred Username, Profile Photo
  • AOL — a few things are returned but no photo option: Birthday, Email, Gender, Preferred Username

The inconsistency is no doubt due in part to different perceptions of security concerns of both the providers and their customers. For example, Facebook and LinkedIn are **by definition** oriented towards sharing information — that’s why you have an account with those providers in the first place.

For those more focused on email services or potentially anonymous blogging, their APIs aren’t as “open” to exposing customized data as the others.

Given this difference in downstream identity provider business goals, this may be an area where Echo may want to consider “smoothing over” those differences by allowing avatar / profile photo stuff to be uploaded / housed within Echo. Otherwise, the visual impact of an Echo-enabled comment page with half of the users showing generic icons instead of normal “avatars” or actual profile photos may appear odd to end-users.

If the community as a whole doesn’t produce a solution for this, the alternative would be to simply not render the profile / avatar objects at all by masking their display via CSS.

Other than blocking some login IDs for violations of policy (racial or ethnic slurs, repeated disruptions, etc) , the only information I am interested in is a display name and an Avatar. I do not pass out or even capture other data and would not do so unless required by law for some legitimate reason such as personal threats.

The goals are to ensure that someone is not masquerading as someone else and to be able to lock out those I do not want in.

Some may be concerned to learn what data may be freely made available to third parties, but that issue is one of trust. Don’t login to any site you don’t trust.

I had to go through some hoops to get access to the Janrain interface, proving I really am “Mike Shedlock” with credit card and phone callback procedures.

With anonymous commenting or “home grown” login procedures, anyone can (and they have), pretend to be me or you or anyone else. Janrain verifies the identity.

Notice that Google does not return a photo or a preferred nickname. I will send this post to the Google team as Gmail (or Blogger) has to be one of the more widely used sign-ins.

Mike “Mish” Shedlock
Click Here To Scroll Thru My Recent Post List