Reddit admins admit "malicious CSS hacks", "raid issues" and "vote fraud" are "threatening the integrity of the site"; Could be "pretty much the end of the community"
The full conversation is here. Here are just some selected posts:
[10:09] <krispykrackers> and I would say "No, not normally. Obviously Erik and I have different opinions, and we're working those out at the moment."
[11:29] <krispykrackers> Like I said, CSS modifications, for the most part, are hugely beneficial to reddit as a whole
[11:30] <krispykrackers> But apparently, some of the stuff that went on in CJ was actually detrimental to the site
[11:30] <krispykrackers> don't worry about TOS
[11:31] <krispykrackers> The problem with your specific CSS hacks was that it was malicious and misleading to users.
[11:31] <krispykrackers> Such as
[11:31] <krispykrackers> someone changed certain links to subscribe people automatically to questionable subreddits
[11:33] <krispykrackers> And unfortunately, we can't tell who did it exactly. So it looks bad on everyone.
[11:34] <krispykrackers> Changing links that people think are going to take them to one place, actually taking them to another.
[11:35] <krispykrackers> Umm. I'm kind of technologically retarded. So I'll just give you a specific example.
[11:36] <krispykrackers> Let's say you click on the "permalink" button, thinking that would take you to where it's supposed to go, but it actually applied malware to your computer or something. That's malicious and unacceptable.
[11:37] <krispykrackers> Well things like that happened, whether you are aware or not.
[11:39] <thedevilsdiction> css should have an ip stamp like wikipedia does
[11:39] <krispykrackers> you're right, thedevilsdiction
[11:39] <krispykrackers> but unfortunately we don't have those types of tools
[11:39] <krispykrackers> which is another problem with reddit
[11:39] <krispykrackers> we are very, very limited in what we can and can't do
[11:40] <krispykrackers> I didn't know the whole back story, and I agreed with the argument (the f7u12 argument)
[11:40] <krispykrackers> so I unbanned you guys. then I got in trouble. and now, here we are.
[11:42] <krispykrackers> I emailed daskoon the CSS code the other week
[11:42] <krispykrackers> But the malicious stuff was probably already deleted
[11:44] <krispykrackers> trust me, he doesn't like this situation either, and admits that he could have handled it better
[11:46] <krispykrackers> Why do you think it isn't justified? Someone in your group was threatening the integrity of the site, and we don't know who it was. I'm not saying I would have made the same move Erik did, but *something* had to be done.
[11:48] <krispykrackers> There was voting cheating going on as well.
[11:50] <krispykrackers> Yes, so voting fraud was also happening
[11:52] <krispykrackers> lol daskoon... I know they're just "derps" to you, but when cheating is happening there, it can happen in other places as well
[11:55] <krispykrackers> Well and if people feel cheated as far as votes are concerned, they'll stop voting, which can lead to a spam-laden site
[11:55] <krispykrackers> and pretty much the end of the community
[11:56] <krispykrackers> prosh, the fraud was coming from mods as well, not just users
[11:56] <krispykrackers> because *sometimes* it had CSS hackery involved
[11:58] <krispykrackers> This is a really touchy situation, and I'd like to know all sides of the story. To be fair to everyone.
[11:59] <krispykrackers> Well I'm not telepathic, and like I said, he understands that he might not have made the perfect decision
[12:00] <krispykrackers> But making another knee-jerk decision might not be the best way to go about it either
[12:07] <hueypriest1> 2) we can't tell (without a lot of work) who was doing what in css
[12:08] <hueypriest1> i cant go into detail but we;re talking about cheating votes etc category of stuff
[12:08] <hueypriest1> also the karma party raids, the css link jacking on "read More"
[12:10] <hueypriest1> after various css or raid issues
[12:11] <hueypriest1> tricking users into subscribing to your reddit by making a link look like site navigation = undermining reddit
[12:11] <hueypriest1> csslink jacking to get upvotes = undermining reddit
[12:15] <hueypriest1> yeah, we don't have any special tools there
[12:16] <krispykrackers> Erik is right, our code is still very threadbare as far as moderation is concerned
[12:17] <hueypriest1> and I don't want to make a list of rules
[12:17] <krispykrackers> and it's hard to have a hard definition of "malicious"
[12:17] <hueypriest1> but the same technical tool was used to spoof reddit being down the other day.
[12:17] <hueypriest1> not cool
posted by Lou franklin at 10:37 AM
19 Comments:
I find it hard to even care about this. The reddit admins can disable custom CSS in subreddits if it ever becomes a problem. It's a non-issue.
Hahaha!!! Reddit "actually applying malware to your computer" is a non-issue?!? Are you on crack?
They have lost control of the site. They are now giving entire subReddits to trolls and hackers. They have no idea who put that malicious code in their codebase. None.
Er, it's quite obvious to everyone who's not a moron that the "malware" quote was a hypothetical example of something that would be against the rules, not a thing that actually happened.
Do you know it didn't happen? Reddit doesn't. They have no way to.
Can you say for certain that nobody in any subReddit made such a change? Of course not. It could very well be happening right now. There is nothing stopping it from happening.
I want to be fair to Reddit, so I will use the Reddit admin's words verbatim. we are talking about "changing links that people think are going to take them to one place, actually taking them to another. Let's say you click on the 'permalink' button, thinking that would take you to where it's supposed to go, but it actually applied malware to your computer."
It was the Reddit admin who suggested this could be "the end of the community" - not me.
There is no reason in the world that the CSS couldn't be changed such that when you upvoted, it instead redirects you to a site with a virus. No reason in the world.
The site isn't safe to visit. It is that simple.
One could say the very same thing about this blog.
False.
There is no way for you to modify the CSS on this blog and redirect me to a site with a virus.
Dumbass.
You have total control over this blog's CSS, just like a reddit moderator has on her reddit's CSS. I don't, just like a reddit non-moderator.
You seriously can't comprehend the difference?
Anybody can easily become a Reddit moderator. The subReddit in question had 150 of them.
On Reddit, you can just ask to be modded or create your own subReddit. There are thousands and thousands of "moderators" on Reddit and when one of them puts something malicious in the code, Reddit has no idea who did it and has no way to stop it.
That is obviously very different from have one blogger accountable for his own blog.
Reddit is not a well thought-out system, and it is not a safe site to visit. You heard it right from the admins.
Anybody can easily become a Blogger author.
You can just ask to be added or create your own blog. There are thousands and thousands of "authors" on Blogger and when one of them puts something malicious in the code, Blogger has no idea who did it and has no way to stop it.
> Blogger has no idea who did it
WTF? If you were on Lou Franklin's blog and the CSS was changed such that you were maliciously sent to a site where you got a virus, and Lou Franklin is the only one who can change the CSS on his site, then Blogger knows EXACTLY who did it.
You REALLY don't see how that is different from Reddit giving thousands of anonymous users access to CSS? Really??
WTF is the matter with you?
Blogger allows stylistic changes to the CSS only. They don't allow you to redirect users.
Why did reddit hire an admin who is 'technologically retarded'?
Your blog has one author. That's like a subreddit with one moderator. Only one person can change the CSS.
There are subreddits with many moderators, and there are blogs with many authors. In both cases, it's hard to track who makes a CSS change.
Anything a reddit moderator can do with CSS, a blog owner can do as well.
Again, Blogger allows stylistic changes to the CSS only. They don't allow you to redirect users.
Why doesn't reddit just check for redirects? If the user's CSS changes contain redirects then don't allow them to save their changes.
They never thought of that before? For Pete's sake! Do they have 12 year olds running the site?
The most shocking comment was the reddit admin admitting to be 'technologically retarded'. Reddit used to pretend to have tech-savvy employees. Things have gone so wrong for them that they aren't even putting up the facade anymore.
The two most surprising things about that conversation are:
1) The users have no respect for the admins
Can you imagine asking a female admin "Do ye rub yer cunny hole with a dirty finger everytime you unban us for a few hours like a dog you pretend to take the leash off of and laugh as it runs off at full speed only to be choked when it reaches the end of the chain?"
These users called Erik (hueypriest) "the queen bee", and said he "sucks", called him "butthurt", said "I'm also not so confident in HP's leadership/judgement anymore" and said "we're all pretty pissed the fuck off at him".
2) The admins don't get any respect because they don't deserve any. Admins are supposed to be the grownups. It shocks me that site as large as Reddit has admins telling users things like:
[11:35] Umm. I'm kind of technologically retarded.
[12:22] time for lunch. gotta run. have fun, FAGS!
No wonder it is mayhem over there.
This is an excellent blog. I've been using Reddit for a year, and I'm shocked at how stupid and aggressive the community has become. It's nice to see somebody step up and rightfully criticize Reddit for the shit hole that it is.
I find it weird that Reddit admins cannot find the identity and location of malicious users by tracking their IP addresses. How hard is blocking IPs and contacting ISPs?
It is weird that reddit makes it so easy for them to hack the site. Now that they have had problems wouldn't you think they would fix their policy so it won't happen again.
Post a Comment
<< Home