Reddit CEO admits to altering user comments that were critical of him

I met Steve several years back while going through YC. He's a much calmer and nicer person than most founders I've met, myself included.

If I read this Reddit thread without knowing him, I would have deemed him unprofessional and maybe even upvoted some of the comments.

When I read the thread knowing who he is, I'm thinking "I can't imagine how stressful it must be to run Reddit. He made one mistake in a bad day, apologized for it, and now everyone's talking about it. Steve's way nicer and more professional than I am, so I would probably have messed up big time in his shoes."

This is a mistake that has profound implications. Not just your average mistake like "I broke the build and didn't tell anyone" nonsense.

Hang on a second here: many people comment that murderers seem like really nice people when they met them briefly. You don't really know anything about someone just because you met him for a bit a few years ago. He can be both unprofessional and seem like a calm and nice person, while being neither if you had gotten to know him better.

You comment that he's made just one mistake on a bad day. Perhaps this is just his most visible mistake, and he's been making these kinds of bad mistakes for the past month. It didn't take him 10 seconds to do this - he had to log in with full access to the reddit database and run unprotected queries against the live running copy. That's both shocking security, operations and basic common practice. For a childish insult.

And finally, he did not actually apologize for any of this. "I fucked up" is not the same as "I'm sorry".

You're being awfully charitable. It's on the order of magnitude of royal fuck-up. How can any user expect to be safe on Reddit anymore?

This is the sort of situation that irrevocably damages trust. What's the guarantee that this won't happen again?

What bothers me more is that this sort of functionality exists in the first place. All it would take is one compromised admin account, and boom, you can rewrite somebody's entire comment history without it being logged anywhere.

the functionality is probably a UPDATE comments where id=x set content="newcontent"

Operationally, the CEO should probably not have write access to a master DB.

the CEO is one of the original developers as I understand it, which is probably why he has access to it. but you are right, he should not have it

He was also joking about it a little bit later in the IRC.

I seriously doubt he individually looked up comment ids and updated them with database commands.

And if he did this for "about an hour" as he said, he clearly didn't use ... WHERE content='fuck u/spez'

It seems likely there's code in the front end that gives him the ability to edit user's comments in his browser. That should not exist.

He probably just scripted it. There doesn't need to be any default functionality for it, if you know how the database works.

A friend proposed another theory, inappropriate as it may seem. That it's a way to draw attention to Reddit needing to make money, and Steve, being the CEO, has to find a way to do it and take blame for it.

If so, he deserves to be applauded. There are things a founder/CEO has to do you can't say.

How would what he did do that?

So since the founding of Reddit in 2005 and now—we're expected to believe that Reddit hasn't hired a single security expert, engineer or otherwise which has rightfully removed any unnecessary access to user data? This seems incredible to me.

> I can't imagine how stressful it must be to run Reddit. He made one mistake in a bad day, apologized for it, and now everyone's talking about it. Steve's way nicer and more professional than I am, so I would probably have messed up big time in his shoes.

If it was a mistake resulting from inaction one could attribute that to stress.

This was deliberate action. I assume/hope that this special mode of editing (without the "edited" asterisk signifier) isn't just the default "edit" button Spez gets for every post if he's logged in, but that he had to jump through a few hoops and "are you sure" boxes to get there (or maybe was it direct DB editing).

There's some things you just don't do with admin powers, lines you don't cross, not even for shits 'n giggles. And apparently he doesn't truly believe that, because the amounts of stress that would make one cross those lines are way beyond ability to function as a person, let alone CEO of Reddit.

I think you misjudged his professionalism.

Bad PR is still PR.

Do you honestly believe that they didn't have existing tools for this?

Instead, the CEO logged into the production DB and manually edited individual comments there?

Give them some credit, surely even Reddit staff aren't that terrible.

There is no way to defend what he did though, even if r/The_Donald is a cesspool.

totally agree. he only came clean after getting caught. Who knows how many times he's done this.

You know what I have just considered....

Recall when they were trying to sell "social media influencing" services to STRATFOR? [0] [1]

What tools did they create for that "product";

* An astroturfing account mgmt platform? Mass comment editing tool?

* Deep comment search tool?

* comment-graph showing cross /r/ posts by a user to develop a profile of the person?

* Tools to seek out what users from reddit were which users on FB, Google+, Youtube etc.

These all above are just the most obvious off the top of my head.

The schema for reddit comments is (at least when I last looked at it) is fairly simple and it would be easy to create such tools against that data.

Are there any third party services that allow for this.

Especially if you think about DLing the comment blob and then do these retroactively against all comments in the past to graph out the personal-profiles of each user....

BRB, need to head out to get more tin-foil.... for the Turkey! not, /r/conspiracy

[0] https://www.reddit.com/r/subredditcancer/comments/3818ti/nev...

[1] https://www.reddit.com/r/The_Donald/comments/5a3ofc/we_were_...

I don't know how things would work with a larger database such as reddit as I never worked on one. But I imagine if he had access to the database, he can just go in and change the comment on the database without writing any special program for it. I know reddit uses Postgre and that has a function that lets you go in and change field values.

Really, when you think about it, changing user comments would probably be a really easy undertaking for any forum administrator with access to the database.

The leaked slack chat shows him saying he went directly into the DB with DB commands.

You seem to have a pretty warped perspective. It's a internet message board, not an emergency room operating table.

Dude I didn't know this. Thank you so much for sharing. Wtf.

BTW next time add link to source instead of cancerous subreddits.

https://search.wikileaks.org/gifiles/?viewemailid=282044