On a default installation of Discourse, the signup pane asks for an email. It says this email is “Never shown to the public”. But upon completing the flow and being signed up, before the user has any chance to edit their profile or do anything, the email address is used to fetch an avatar from Gravatar.
I would consider this a leak of personally identifying information. A Gravatar could, in principle, be correlated with someone’s identity and therefore their email address. The user has the chance to change the avatar, but it is possible in principle for someone to see the account and attached avatar before the user has done anything, using the public “Users” list. Gravatar support is a great feature, but the problem is Discourse specifically creates an expectation that the email address is private using the language in the Sign Up box itself: “Never shown to the public”.
I think the best way to fix this would be to either alter the sign up box text to create a different expectation, or have a checkbox/confirm for “fetch avatar with gravatar”.