Currently MathOverflow uses Gravatar, a commercial service, for its avatars.
I see at least two problems with this.

1) User's email address is disclosed.
Even though Gravatar uses md5 hashes instead of the actual email addresses,
this does not protect them well because there is only a limited number of email user names and domains.
http://www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea
This means that eventually spambots will harvest md5 hashes from gravatar
and recover email addresses from them.
Perhaps somebody already did that.

What I find particularly disturbing is that there is no way to opt out of this,
unless one is willing to delete one's email address from the profile,
which is not a very good idea because MO moderators need email addresses to communicate with users privately.

We have a similar problem with disclosing IP addresses, which are used to generate identicons.
In this case the problem is much more severe, because there are only 2^32 ip addresses,
and one can easily cycle through all of them and determine the exact ip address of a supposedly
anonymous user.

2) Gravatar's terms of service are also very disturbing (I emphasize the most problematic parts):

More specifically, you hereby do and shall grant to Automattic a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to **sublicense**) right to perform the Services (e.g., to use, **modify**, reproduce, distribute, **prepare derivative works of**, display, perform, and otherwise fully exercise and exploit all intellectual property, publicity, and moral rights with respect to any User Submissions, and to allow others to do so).

I would be fine with distributing my avatars using
Creative Commons Attribution-NonCommercial-NoDerivs license,
but Gravatar simply asks too much.

This serves as a motivation for the following two questions:
1) Can we allow users to opt out from disclosing their email addresses to Gravatar,
while still allowing moderators to communicate with them?
2) Can we allow users to host their avatars on other sites?
This can be implemented by adding an additional field (a link to the avatar) to the user's profile.

>Put your email address in your public profile, and clear the email address field.

If I understand everything correctly, the software will then use my ip address to generate the url for the identicon, which is even worse.

>Mine has been prominently displayed on my web page in plain text for many years, and essentially no spam reaches my inbox.

If you have such a powerful spam filter, then perhaps also some non-spam emails don't reach your mailbox? :-)

@Scott: True, but this is somewhat inconvenient.

Also, if somebody wants to use an avatar and does not like Gravatar's crazy license, he is stuck.

Can we put in some JavaScript code that will rewrite avatar urls for some users?