Most active commenters

    ←back to thread

    Reddit CEO admits to altering user comments that were critical of him

    (www.reddit.com)
    668 points wildmusings | 11 comments | 24 Nov 16 00:50 UTC | HN request time: 0s | source | bottom
    Show context
    JorgeGT ◴[24 Nov 16 01:04 UTC] No.13027099[source]
    And without an "edited" mark, which means that any comment of any user can be covertly modified by an admin. Very concerning since Reddit comments have provoked even Congress hearings: http://thehill.com/policy/national-security/296680-house-pan...
    replies(7): >>13027119 #>>13027125 #>>13027136 #>>13027240 #>>13027734 #>>13028391 #>>13033721 #
    dhruval ◴[24 Nov 16 01:29 UTC] No.13027240[source]
    He changed a 'F U CEO' (upvoted by 1.6k users) comment to 'F U unpaid reddit moderator', without any indication that the comment was edited.

    Very juvenile and unprofessional way of dealing with the situation, really erodes trust in the platform (simply deleting the comment would have been a better response).

    Would maybe expect this from the founder of a young fledgling startup, but the 33 year old CEO of a company like Reddit ought to know better.

    replies(7): >>13027341 #>>13027345 #>>13027894 #>>13028550 #>>13028557 #>>13031901 #>>13032509 #
    ozgune ◴[24 Nov 16 06:13 UTC] No.13028557[source]
    I met Steve several years back while going through YC. He's a much calmer and nicer person than most founders I've met, myself included.

    If I read this Reddit thread without knowing him, I would have deemed him unprofessional and maybe even upvoted some of the comments.

    When I read the thread knowing who he is, I'm thinking "I can't imagine how stressful it must be to run Reddit. He made one mistake in a bad day, apologized for it, and now everyone's talking about it. Steve's way nicer and more professional than I am, so I would probably have messed up big time in his shoes."

    replies(5): >>13028602 #>>13028796 #>>13030391 #>>13030533 #>>13031284 #
    icelancer ◴[24 Nov 16 06:25 UTC] No.13028602[source]
    This is a mistake that has profound implications. Not just your average mistake like "I broke the build and didn't tell anyone" nonsense.
    replies(1): >>13028820 #
    yarou ◴[24 Nov 16 07:24 UTC] No.13028820[source]
    You're being awfully charitable. It's on the order of magnitude of royal fuck-up. How can any user expect to be safe on Reddit anymore?

    This is the sort of situation that irrevocably damages trust. What's the guarantee that this won't happen again?

    What bothers me more is that this sort of functionality exists in the first place. All it would take is one compromised admin account, and boom, you can rewrite somebody's entire comment history without it being logged anywhere.

    replies(2): >>13029014 #>>13033681 #
    1. thecatspaw ◴[24 Nov 16 08:20 UTC] No.13029014{3}[source]
    the functionality is probably a UPDATE comments where id=x set content="newcontent"
    replies(2): >>13029097 #>>13030030 #
    2. iguana ◴[24 Nov 16 08:42 UTC] No.13029097[source]
    Operationally, the CEO should probably not have write access to a master DB.
    replies(1): >>13029348 #
    3. thecatspaw ◴[24 Nov 16 09:44 UTC] No.13029348[source]
    the CEO is one of the original developers as I understand it, which is probably why he has access to it. but you are right, he should not have it
    replies(1): >>13030470 #
    4. leereeves ◴[24 Nov 16 12:48 UTC] No.13030030[source]
    I seriously doubt he individually looked up comment ids and updated them with database commands.

    And if he did this for "about an hour" as he said, he clearly didn't use ... WHERE content='fuck u/spez'

    It seems likely there's code in the front end that gives him the ability to edit user's comments in his browser. That should not exist.

    replies(2): >>13030361 #>>13033391 #
    5. Natanael_L ◴[24 Nov 16 14:07 UTC] No.13030361[source]
    He probably just scripted it. There doesn't need to be any default functionality for it, if you know how the database works.
    replies(1): >>13031230 #
    6. ryanSrich ◴[24 Nov 16 14:32 UTC] No.13030470{3}[source]
    So since the founding of Reddit in 2005 and now—we're expected to believe that Reddit hasn't hired a single security expert, engineer or otherwise which has rightfully removed any unnecessary access to user data? This seems incredible to me.
    7. ryanlol ◴[24 Nov 16 16:46 UTC] No.13031230{3}[source]
    Do you honestly believe that they didn't have existing tools for this?

    Instead, the CEO logged into the production DB and manually edited individual comments there?

    Give them some credit, surely even Reddit staff aren't that terrible.

    replies(2): >>13031898 #>>13032539 #
    8. samstave ◴[24 Nov 16 18:30 UTC] No.13031898{4}[source]
    You know what I have just considered....

    Recall when they were trying to sell "social media influencing" services to STRATFOR? [0] [1]

    What tools did they create for that "product";

    * An astroturfing account mgmt platform? Mass comment editing tool?

    * Deep comment search tool?

    * comment-graph showing cross /r/ posts by a user to develop a profile of the person?

    * Tools to seek out what users from reddit were which users on FB, Google+, Youtube etc.

    These all above are just the most obvious off the top of my head.

    The schema for reddit comments is (at least when I last looked at it) is fairly simple and it would be easy to create such tools against that data.

    Are there any third party services that allow for this.

    Especially if you think about DLing the comment blob and then do these retroactively against all comments in the past to graph out the personal-profiles of each user....

    BRB, need to head out to get more tin-foil.... for the Turkey! not, /r/conspiracy

    [0] https://www.reddit.com/r/subredditcancer/comments/3818ti/nev...

    [1] https://www.reddit.com/r/The_Donald/comments/5a3ofc/we_were_...

    replies(1): >>13035859 #
    9. vivekd ◴[24 Nov 16 20:23 UTC] No.13032539{4}[source]
    I don't know how things would work with a larger database such as reddit as I never worked on one. But I imagine if he had access to the database, he can just go in and change the comment on the database without writing any special program for it. I know reddit uses Postgre and that has a function that lets you go in and change field values.

    Really, when you think about it, changing user comments would probably be a really easy undertaking for any forum administrator with access to the database.

    10. daodedickinson ◴[24 Nov 16 23:15 UTC] No.13033391[source]
    The leaked slack chat shows him saying he went directly into the DB with DB commands.
    11. rahrahrah ◴[25 Nov 16 11:06 UTC] No.13035859{5}[source]
    Dude I didn't know this. Thank you so much for sharing. Wtf.

    BTW next time add link to source instead of cancerous subreddits.

    https://search.wikileaks.org/gifiles/?viewemailid=282044