#1495 Posted in ‘CommentBox’

Some potential problems with the General Data Protection Regulation (GDPR)

Latest post by Lefteris Kavadas on Tuesday, 24 February 2026 12:46 EET

Monday, 23 February 2026 19:12 EET

Karsten
CommentBox  is a very nice extension and works as expected. Unfortunately some external requests are performed to sites such as 
    fonts.googleapis.com    fonts.gstatic.com    www.gravatar.com
This will cause some legal issue, particularly problems with the General Data Protection Regulation (GDPR). Therefore, it is problematic to activate this extension in your Joomla-App without notifying the user.
It would be fine, if you can explain some steps to prevent the requests to external sites. What is necessary to store the used google fonts on your local host?
Additionally you can see some request to www.gravatar.com to get some small pics as avatar. This should be stored locally as well.
Without this functionality, it is very risky to use this extension in the European countries.

Tuesday, 24 February 2026 00:47 EET

Karsten
Hi,
The requests to the site fonts.googleapis.com and fonts.gstatic.com were initiated by the another component. There were not caused by CommentBox!
Apologies for misleading you.
The request to site www.gravatar.com is caused by CommentBox and I found a workaround.
You need to change the following file 
administrator/components/com_commentbox/src/Helper/UserHelper.php

class UserHelper
{
public static function getAvatar($email)
{
//return 'https://www.gravatar.com/avatar/'.hash('sha256', strtolower(trim($email))).'?d=mp';
return '/images/avatar.jpg';
}
}
Comment out the one line and add another line. However, this is only a workaround that may no longer be available in the next update. Therefore it is appreciated to deliver a permanent solution.
 

Tuesday, 24 February 2026 12:46 EET

Lefteris Kavadas

Hi Karsten,

Thank you for your detailed feedback.

At the moment, CommentBox does not provide an option to disable avatars or use locally stored avatars. Gravatar is currently the built-in mechanism.

Until we introduce a configurable solution, the only way to fully prevent requests to gravatar.com is to override the getAvatar() method as you described. Please note that this modification is not upgrade-safe and would need to be re-applied after updates.

We will seriously consider adding either:

  • An option to disable avatars completely, or
  • Support for local/default avatar uploads

in a future release.

Thank you for highlighting this — it is valuable input for improving the extension.

Best regards,
Lefteris

Note: An active subscription is required in order to get support for our paid extensions. For our free extensions, if you don't have an account, register and then submit your support request.  In case you just want to ask a question, you can also use the contact form .

Useful links

Joomla extensions

Copyright © 2016 - 2026 Firecoders - All Rights Reserved.
Firecoders is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! name and logo is used under a limited license granted by Open Source Matters, the trademark holder in the United States and other countries.
Firecoders
Are you using our extensions? Please post a review at the Joomla extensions directory!
Post a review