Reddit CEO admits to altering user comments that were critical of him

He changed a 'F U CEO' (upvoted by 1.6k users) comment to 'F U unpaid reddit moderator', without any indication that the comment was edited.

Very juvenile and unprofessional way of dealing with the situation, really erodes trust in the platform (simply deleting the comment would have been a better response).

Would maybe expect this from the founder of a young fledgling startup, but the 33 year old CEO of a company like Reddit ought to know better.

It's well within his power to change a comment. What's not cool is that he changed it to a lie. If he's the CEO, he's paid.

To he honest, he was one of the founders of Reddit.

One thing is to visibly edit a comment like they do in StackExchange. Impersonating a user is a very different thing.

It's an abuse of power and ethics and is a line that shouldn't be crossed.

It is much more honest and within reason to take steps like deleting posts, suspending or even outright banning users.

And here he is boasting about knowing "all your dark secrets" at TNW - https://m.youtube.com/watch?v=lALKRayDLuk - meant in jest but shows incredibly poor judgement as a CEO

Mark Zuckerberg had a similar indiscretion as a young man.

Sure, but Zuck was what, 18? Spez could conceivably have a 18-year-old kid at his age.

It generally shouldn't be. It's my understanding that once you take on the investment and corporate governance that Reddit has, you'll have "need to know" controls in place that prevent the appropriation of company resources for personal use -- so even the CEO doesn't have the kind of unrestricted database access needed to do this kind of thing.

Anybody can go through the comment history of any redditor and know their dark secrets.

I don't mind Reddit fucking up. If they were competent they would have monetized the users a long time ago and it would be an broken mess that feeds daily spam to my inbox like every other social media platform. Reddit is too valuable to take seriously.

Well, Obama joked about weaponizing the IRS and he did it through Lois Lerner and then Podesta BFF Peter J. Kadzik at the DoJ was personally responsible for clearing her of any charges.

I know someone in high school who joked about murdering someone and he's doing 25 to life for it now so I've learned to realize that someone joking about something is in no way proof that they wouldn't do it.

Also, in what way would he NOT be looking at dark secrets of people? Reddit makes money on selling packages of personally-identifiable information / and IPs so that you can pay them and be able to link reddit accounts to facebook accounts and google accounts and so on. People think they have some sort of anonymity on Reddit but if you pony up cash Reddit will strip anyone's away for you. And I'm sure he's looking at what he's willing to sell to others. If anyone posts something juicy but anonymous on Reddit, he's looking at their real name attached to their facebook account.

This is an offense worth firing someone over in a "real" company...

Not if you always post with the realization that the one day you could be doxed, no matter how anonymous you think you are being. If I can dark secrets, I don't upvote, comment on them or include them in my comments on reddit.

Spez isn't emotionally adept to handle the abuse you get as a reddit CEO. Yishan wrote before that he was good at the technical side of the job but he's neither a strong businessman nor a community leader.

But they have your upvotes, saved links, private messages, and at least some idea of which outbound links you've clicked (you can turn some of that off).

It's like an ISP knowing a significant portion of your web browsing behaviour.

Facebook, etc terminated those with power for doing things like stalking on an ex-girlfriend. This seems similar. It is an abuse of power, and frankly, we don't know if this is the first time it has happened—it simply might have been the most extreme case

While an abuse of power, I'm not sure I see the outrage.

It's Reddit. It's an Internet forum run by a private corporation. The users in question abusing spez have zero right to their speech on the platform. You have zero recourse if Reddit edits your comments.

Nuke /r/the_donald, nuke the users and hellban their IPS of those who sent abusive messages, and let's move on. Bask in the irony when I say, "Drain the swamp"

The issue is that is is hypocritical and completely against what reddit claims to stand for.

Reddit CLAIMS to be a Bastion of free speech. But in reality, is this true?

The answer seems to be NO.

There is no bastion of free speech online, anywhere. All forums are privately operated.

Free speech ends when it's become harrasment. What happened to spez calls for digitally curb stomping the offenders.

This is no different from Twitter having to cull accounts harassing others.

> While an abuse of power, I'm not sure I see the outrage.

Hint: try looking at the "abuse of power" part of your comment.

How differently would you be reacting if he hadn't admitted it, apologized, explained that he was reacting impulsively under pressure and stress, and fixed the changes?

I'm worried that the answer is "not at all", which seems weird.

I met Steve several years back while going through YC. He's a much calmer and nicer person than most founders I've met, myself included.

If I read this Reddit thread without knowing him, I would have deemed him unprofessional and maybe even upvoted some of the comments.

When I read the thread knowing who he is, I'm thinking "I can't imagine how stressful it must be to run Reddit. He made one mistake in a bad day, apologized for it, and now everyone's talking about it. Steve's way nicer and more professional than I am, so I would probably have messed up big time in his shoes."

This is a mistake that has profound implications. Not just your average mistake like "I broke the build and didn't tell anyone" nonsense.

> The users in question abusing spez have zero right to their speech on the platform.

Oh God, this tired distraction again? We know they have no "right to free speech" on a private platform. We know. Everybody knows. Reddit is not the government and can do what it wants. It could replace every instance of "/u/spez sucks" with "/u/spez is great!" and be absolutely within its rights. What we're saying is that such behavior would not be in the spirit of free speech and would raise questions about Reddit's claimed commitment to that principle, not that it's actually illegal.

> Nuke /r/the_donald, nuke the users and hellban their IPS of those who sent abusive messages, and let's move on. Bask in the irony when I say, "Drain the swamp"

Try to prevent the people whose views you don't like from speaking, eh? That certainly worked out well in the last election.

Probably the most useful piece of advice I ever read (readers digest about 20 years ago) was...

"Never Ruin an Apology With an Excuse."

I read Steve's apology and to be honest it was more dismissive and excusing than it was a real apology. So, it shouldn't surprise you that he isn't being cut the same slack you would expect after a sincere apology.

> Anybody can go through the comment history of any redditor and know their dark secrets.

And since now we know that the CEO (at least?) has edited comments, users' comment history should be considered suspect..

> While an abuse of power, I'm not sure I see the outrage.

This is one of the most bizarre statements I have ever read. You don't understand why people are outraged over abuse of power? Seriously?

> It's Reddit. It's an Internet forum run by a private corporation.

A forum used by users who are pretty much famous for taking a strong dislike to censorship.

> You have zero recourse if Reddit edits your comments.

Zero legal recourse. Plenty of recourse to make a big deal out of it online and damage Reddit's reputation and make others aware when the CEO makes it clear there are additional risks that people didn't expect with using their platform.

I don't know. What if he actually buckled under prolonged stress and frustration? What could he have said differently to make that reason more .. reasonable?

Here's a better advice. Never apologize, never surrender. If you apologize the attacks don't relent. Instead they use your apology as an admission of wrongdoing and defeat and try to hang your wrong doings over your head so you succumb to their wishes for irrelevant moral bullshit.

You tell them to roundly go fuck themselves and appeal to the people that agree with you, the opposition's feelings be damned.

Hang on a second here: many people comment that murderers seem like really nice people when they met them briefly. You don't really know anything about someone just because you met him for a bit a few years ago. He can be both unprofessional and seem like a calm and nice person, while being neither if you had gotten to know him better.

You comment that he's made just one mistake on a bad day. Perhaps this is just his most visible mistake, and he's been making these kinds of bad mistakes for the past month. It didn't take him 10 seconds to do this - he had to log in with full access to the reddit database and run unprotected queries against the live running copy. That's both shocking security, operations and basic common practice. For a childish insult.

And finally, he did not actually apologize for any of this. "I fucked up" is not the same as "I'm sorry".

I am not discounting how difficult and stressful his situation might be, and I am not saying I would have acted any better...

But, This is exactly my point. His reason doesn't matter. Reasons aren't relevant to apologies.

When you are apologizing, you are admitting wrongdoing...defending yourself in the same breadth is essentially saying you didn't do anything wrong in the first place.

Every time I have to apologize I am tempted to throw in a reason/excuse and everytime I remind myself of that quote and stick with just "I'm sorry" I end up with a better result than when I tag on a reason...

That being said, if you read his post...he actually doesn't apologize at all. He even goes so far as to say he wont do it again (only) because it upset the community team, not because it was wrong to do. He also claims he fixed it. He might of changed back the comments...but he certainly didn't fix anything.

This is not similar to stalking.

You're being awfully charitable. It's on the order of magnitude of royal fuck-up. How can any user expect to be safe on Reddit anymore?

This is the sort of situation that irrevocably damages trust. What's the guarantee that this won't happen again?

What bothers me more is that this sort of functionality exists in the first place. All it would take is one compromised admin account, and boom, you can rewrite somebody's entire comment history without it being logged anywhere.

There is a massive difference between Twitter banning accounts, and Twitter transparently editing accounts to harass someone else.

It would be like you posting a Twitter message that says "I hate Donald Trump" and Twitter transparently changing that message to "I hate Tim Cook" so that anybody reading your timeline thinks you're someone you aren't. See the problem now? Now imagine if Twitter's management was taken over tomorrow and this actually happens.

Would you not be a little bit outraged?

Yeah it's worse. Using a privileged position to discredit opposition under the cover of "lolz."

Ok. How would you feel if Zuckerberg secretly edited your Facebook status, and swapped his name out with someone else's, because what you said about him was kind of mean?

I wouldn't want to have anything to do with person with this kind of mindset. Can i say this is very close to being psychopat?

the functionality is probably a UPDATE comments where id=x set content="newcontent"

Have you ever considered piracy? You'd make a wonderful Dread Pirate Roberts.

Operationally, the CEO should probably not have write access to a master DB.

> While an abuse of power, I'm not sure I see the outrage.

I don't see it either when something happens on reality TV (direct analog). It's fine and dandy that reddit mods post about liberal values, which is purely political posturing, not technical or legal limitation. That kind of lip-service doesn't mean anything to me...insofar as I'm not counting on it being true any more than a politician making promises about their platform. I'm certainly not surprised (or outraged?) when there are cries for forgiveness after acting against those political statements.

No... it really isn't. This is abusing power to attempt to manipulate public opinion on a message board. Stalking is a horrible invasion of privacy that has a tendency to escalate into violence. And even when it doesn't, it results in drastically increased anxiety and fear for the person being stalked if they find out.

Did you forget the /s? Otherwise, what you said is simply irrational.

I wouldn't put it above Zuckerberg himself to do it.

http://www.theweek.co.uk/facebook/14625/are-users-dumb-fucks...

From that article:

During the conversation, Zuckerberg writes: "Yeah so if you ever need info about anyone at Harvard, just ask. I have over 4,000 emails, pictures, addresses, SNS."

When the friend asks him how he got the information, Zuckerberg replies: "People just submitted it. I don't know why. They 'trust me'. Dumb fucks."

Both advices have merit, however it entirely depends on the context.

The perceived sincerity of apology delivered to someone who is receptive to an apology can indeed be diminished by accompanying it with an excuse.

On the other hand, an apology delivered to someone who is categorically unreceptive to any apology can only be entirely futile. Since there is nothing to gain yet possibly something to lose, the rational course of action would be to not apologize.

Edit: since the latter example seems to be the controversial one, here is a popular scenario in which a significant number of individuals can always be characterized as being "categorically unreceptive to an apology": partisan politics.

the CEO is one of the original developers as I understand it, which is probably why he has access to it. but you are right, he should not have it

He's almost certainly still the asshole he was then, but there's a pretty large gap between abusing access to a website you run in college and abusing access to a website you're payed to be the CEO of in your 30s.

He was also joking about it a little bit later in the IRC.

Do you think he might have changed in 13 years? I don't really feel quite the same as I did 13 years ago.

based on his public appearances, no

Maybe,

But publicly denying your platform[0] did not affect the recent election; After research have confirmed prior to the election that Facebook have a fake news problem.

Does not do his credibility any good.

[0]: https://www.washingtonpost.com/news/the-intersect/wp/2016/11...

It can absolutely be a valid strategy. I have used both, the true apology without excuses, and the FU one.

It depends. Do i really regret what i did? Was it the wrong thing to do? Then i'll apologise, and try to get rid of all the excuses.

Was someone offended and want me to apologise, but when i look at it, i stick to my guns? Then FU strategy, no apology, i'll fight for my point all the way.

I seriously doubt he individually looked up comment ids and updated them with database commands.

And if he did this for "about an hour" as he said, he clearly didn't use ... WHERE content='fuck u/spez'

It seems likely there's code in the front end that gives him the ability to edit user's comments in his browser. That should not exist.

Of course they have that data - you have chosen to send it to their website. It would be physically impossible for that website to run if the data could not be read. Obviously, it's preferable if only 'the right people' can read it, but it's much safer to assume that isn't the case.

If you're concerned about the outbound link issue, disable javascript. A cursory look at the page source should convince you that that's the only way they can track outbound clicks.

Abuses of power happen, and are bad, but changing a comment on an internet forum is about as low down on the scale of seriousness as you can get.

The only real problem I can see is that people (at least, here in the UK) have been charged with crimes relating to something they've posted on reddit. Clearly, that's ridiculous if there can be no expectation of proof of authorship.

He probably just scripted it. There doesn't need to be any default functionality for it, if you know how the database works.

A friend proposed another theory, inappropriate as it may seem. That it's a way to draw attention to Reddit needing to make money, and Steve, being the CEO, has to find a way to do it and take blame for it.

If so, he deserves to be applauded. There are things a founder/CEO has to do you can't say.

How would what he did do that?

So since the founding of Reddit in 2005 and now—we're expected to believe that Reddit hasn't hired a single security expert, engineer or otherwise which has rightfully removed any unnecessary access to user data? This seems incredible to me.

Here's better advice. Apologise swiftly for your errors if they impact other people. Don't apologise for anything else

> I can't imagine how stressful it must be to run Reddit. He made one mistake in a bad day, apologized for it, and now everyone's talking about it. Steve's way nicer and more professional than I am, so I would probably have messed up big time in his shoes.

If it was a mistake resulting from inaction one could attribute that to stress.

This was deliberate action. I assume/hope that this special mode of editing (without the "edited" asterisk signifier) isn't just the default "edit" button Spez gets for every post if he's logged in, but that he had to jump through a few hoops and "are you sure" boxes to get there (or maybe was it direct DB editing).

There's some things you just don't do with admin powers, lines you don't cross, not even for shits 'n giggles. And apparently he doesn't truly believe that, because the amounts of stress that would make one cross those lines are way beyond ability to function as a person, let alone CEO of Reddit.

I think you misjudged his professionalism.

I'm absolutely fine with it. It's Facebook, nothing of value.

Abuse of power happens all the time. Doesn't mean outrage over it is called for.

Go speak somewhere else. Reddit source code is open. The Donald subreddit can go run their own site. There is no right to speak somewhere online.

But he didn't "buckle under" anything, he went out of his way and "buckled into" directly modifying Reddit's DB.

It wasn't something you accidentally do when the stress gets too much all the while you really know and believe how wrong it is. They have rules about this.

He obviously didn't believe that. Or that the rules don't apply to him.

> What could he have said differently to make that reason more .. reasonable?

Nothing, probably. He done fucked up, that's it. This is firing-on-the-spot material if he weren't CEO. If they have to keep him for being important as CEO in other ways maybe, at the very least they should take away all his toys and admin powers and uh oh yeah, BAN his reddit account. He can talk announcements through some communication team, but I don't think he should be really touching or modifying anything on the site any more.

Excuses and reasons are pretty irrelevant here. The last part is forgiveness, a dish best served cold :)

If you feel "I'm sorry" is too short, the only reason you can give, is the reasons why it was wrong what you did. As long as you don't leave out major important ones, it can strengthen the apology, showing sincereness and that you really understand.

Bad PR is still PR.

You're conflating legal rights with moral rights.

Do you honestly believe that they didn't have existing tools for this?

Instead, the CEO logged into the production DB and manually edited individual comments there?

Give them some credit, surely even Reddit staff aren't that terrible.

Well then maybe reddit should stop lying about what it stands for?

If it doesn't care about the principles of free speech (principles, not the amendment) then it should stop giving fake lip service to it.

Also, what you say isn't really true. 4chan does a good job of not censoring anything that isn't obviously illegal.

Any chat system built on top of the blockchain for that matter would actually be impossible to censor.

Or even just a simple email list, is in some sense an uncensored chat room.

Or text messages. Or phone calls.

All of these are in some sense, technology assisted chat services, run by private parties. And I'd describe them all as "bastions of free speech".

What if, to prevent harassment, your phone company listened to all of its customers phone calls and selective moderated them whenever you said a bad word? That is the equivalent.

There is no way to defend what he did though, even if r/The_Donald is a cesspool.

Did you even read my comment? Like, the bit where I stated repeatedly that there is no right to speak somewhere online?

What I am pointing out is that the let's strategy in this election was suppression and abuse, and it resulted in President Trump. Maybe try a different approach next time!

totally agree. he only came clean after getting caught. Who knows how many times he's done this.

You know what I have just considered....

Recall when they were trying to sell "social media influencing" services to STRATFOR? [0] [1]

What tools did they create for that "product";

* An astroturfing account mgmt platform? Mass comment editing tool?

* Deep comment search tool?

* comment-graph showing cross /r/ posts by a user to develop a profile of the person?

* Tools to seek out what users from reddit were which users on FB, Google+, Youtube etc.

These all above are just the most obvious off the top of my head.

The schema for reddit comments is (at least when I last looked at it) is fairly simple and it would be easy to create such tools against that data.

Are there any third party services that allow for this.

Especially if you think about DLing the comment blob and then do these retroactively against all comments in the past to graph out the personal-profiles of each user....

BRB, need to head out to get more tin-foil.... for the Turkey! not, /r/conspiracy

[0] https://www.reddit.com/r/subredditcancer/comments/3818ti/nev...

[1] https://www.reddit.com/r/The_Donald/comments/5a3ofc/we_were_...

Oddly, I find juvenile-ness of this rather reassuring. Anyone who is using mod powers for surreptitious reasons (swaying public opinion, or discrediting opponents) has too much to hide to also use them for a silly prank.

Of course it was still dumb and he shouldn't have done it. But it's hard to credit the people saying this is evidence of more sinister revelations yet to come.

I don't know how things would work with a larger database such as reddit as I never worked on one. But I imagine if he had access to the database, he can just go in and change the comment on the database without writing any special program for it. I know reddit uses Postgre and that has a function that lets you go in and change field values.

Really, when you think about it, changing user comments would probably be a really easy undertaking for any forum administrator with access to the database.

Zuck bragged about access, but there is no proof (or even indication) that he actually shared that info.

The parent commenter was saying anybody can go through your comment history, and by extension admins have no special access to 'dark secrets'. I was pointing out that that's just not true.

The leaked slack chat shows him saying he went directly into the DB with DB commands.

You seem to have a pretty warped perspective. It's a internet message board, not an emergency room operating table.

Dude I didn't know this. Thank you so much for sharing. Wtf.

BTW next time add link to source instead of cancerous subreddits.

https://search.wikileaks.org/gifiles/?viewemailid=282044

Yes. Twitter gets shit for borderline bans, but can you imagine if they went in and edited the person's tweets instead? There'd be a riot.

These platforms are not just a playground anymore. Politicians come on and make on-the-record statements on them, the news sources stories off them, etc. Integrity of the record is critical. Reddit jeopardizing that platform is very bad for them and erodes their credibility enormously. I can see major figures declining to perform AMAs anymore based on the uncertainty that someone at the company will get triggered, jump in, and change their stuff.

Someone could certainly suffer anxiety and fear if their public messages were altered in the appropriate manner. And it could escalate.

"in the appropriate manner"

But if we focus on the manner that actually occurred, the only additional harm vs. a reply of "no u" is to reddit's reputation.