CEO Steve Huffman says tech giants should not be able to trawl Reddit’s huge store of data for free. But that information came from users, not the company

That “corpus of data” is the content posted by millions of Reddit users over the decades. It is a fascinating and valuable record of what they were thinking and obsessing about. Not the tiniest fraction of it was created by Huffman, his fellow executives or shareholders. It can only be seen as belonging to them because of whatever skewed “consent” agreement its credulous users felt obliged to click on before they could use the service.

Ouch

  • Pika@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    update: removed the comment because I was looking at the Api docs again and it seems that despite using the bearer token, metrics and rate limiting still are based off the app client ID, which is super stupid. originally stated that rate limits would be by oauth client which would be per user, 100 requests a minute, but it is actually 100 requests per minute app wide, which is just unfeasible for large scale

    • Sparking@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Well, I don’t know how the Reddit API works, but what you described is generally bad practice, as is my understanding. The Oauth token’s allow the app to perform actions on the behalf of authenticated users, but they still need to use the reddit API, and I imagine an API key, to perform those actions. You generally aren’t supposed to use Oauth as a access authentication mechanism.

      At least pricing is per Oauth key, but still, the pricing burden is still going to fall on the developers for these apps who reddit now views as their “competitors”, despite making a product that supported reddit’s business for years.

      • Pika@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Oauth 2 is an authorization standard, that’s basically what it is meant for. It’s intended to be used as a identification system for a client to be able to tell a first party hey I’m me through the usage of a third party without ever giving the third party to have your password.

        Discord, Facebook/Meta, Google(most services), Soundcloud, all those use Auth 2 based API’s, oauth 2 is used basically everywhere for the same focus that Reddit is trying to do

        Like you said it can be dangerous if you authorize a third party app with more scopes then needed(scopes help restrictcwhatvthe app can do on your behalf), honestly I’m willing to bet that rif and Apollo both used the oauth2 API at least in some part, otherwise I don’t think it would have been able to allow you to upvote or downvote posts or post comments as you. A good way to tell if it was using it or not is if you had to login and it brought you to a page that said authorize this app with Reddit, if it showed that you were using oauth 2