>3 days ago, a commit (github.com/ryanbr/fanboy-adblock/commit/60a4a73cf177b26ab54f746e992d40d3ba867c5e) was made to Fanboy's Enhanced Tracking List to ensure ALL requests to reddit.com/api are NOT blocked, since it provides extensive functionality to use Reddits website on the desktop. >Today, I discovered that Reddit is now using their API to collect user events from users. >Previously, they used e.reddit.com, events.reddit.com, d.reddit.com and so on - all of these subdomains got added to adblock blacklists (and reddit tracks whether you use adblock). >Now, as you can see here (i.imgur.com/JfZytEE.png) they are using share.json to collect information. >Now let's block that URL and refresh the page. >Now we get a request to comment.json (i.imgur.com/JjcZiD5.png) >Let's block that and refresh. >Now we get a request to api/submit (i.imgur.com/LvjT5AR.png) - oops, more data trying to be sent away to the mothership. >This change is fairly recent, and I have never seen Reddit attempt to use their API as a backdoor to collecting information. >For those more technically inclined, you can refer to redditstatic.com/reddit.en.fTMK7jltQ3I.js line 9426 to see this in action. Create a breakpoint and look at the variables, the one of note is: events_collector_url: "reddit.com/api/vote.json" which is seemingly set when the page loads. >Also see line 9751 of the same file with e.analyticsV2.sendEvent - there are so many of those. >They're also POSTing data directly to reddit.com and if you block reddits tracking, it literally cries at you (i.imgur.com/8T54rze.png) >Also, if you block /api you can't do anything like submit posts or whatever. Great times. >Each time you block a URL it picks a new one randomly from their api endpoint to try and send the tracking data too, here's a sample of what's sent (i.imgur.com/ORcHFi0.png)
1) I don't have a reddit account even though I visit the site for various things (downloading videos, programming).
2) You don't need to load the JS to use the site (NoScript blocks it).
I would be very disappointed if the site required me to run their javascript. But they don't so I don't care. If you don't want them tracking you then don't create/use an account and don't allow their scripts to run.
I'm not saying you shouldn't be concerned, I'm saying there are solutions that exist.
Gavin Fisher
you're right you only need js to post but you can browse it no problem
>they now use the API to track everything you do on reddit but... they don't, based on the evidence you quoted. did you even bother reading this shit before parroting it?
I bet our alphabet agencies think Sup Forums is fucking hilarious. Constantly bitching about botnets even though we know damn well our gov is not just lurking, but working directly with Sup Forums. I bet they send these threads around in emails and have a good hearty chuckle.
Jason Wood
Didn't you see the CIA leaks from last year? There were some comments that were included in the dump and all the government employees sound like redditors. I don't think they would enjoy anything here.
Kayden Young
Idk what you're trying to say, our government agencies have straight up come out and said that they lurk here to keep an eye on us, and I can guarantee that they are having laughs at our expense. I'd fish for links but I'm at work.
Hudson Sanders
I haven't seen anything about that but I am interested in finding a source. I'll try to look for something and post it if anyone else is interested.
Parker Stewart
>some lowly IT user gets caught at work browsing Sup Forums >"uhh, just keeping track of these guys, looks like they're planning on crashing a plane or something" >bluff works too well >ends up heading the Four Chan monitoring team
Hudson Walker
>Implying it's a bluff
Jaxson Thomas
If we were a successful botnet, gookmoot would be raising capital from investors, not scraping by with passes and sex toy adverts.
Austin Butler
Nice shop
Logan Reyes
>bigger trump internet lover >commie site
Jacob Young
Go for it.
Blake Long
...so how exactly is this tracking people? What information are they gathering that wouldn't be gathered normally by your interaction with any website? On the reddit thread I'm seeing people list things like your votes and what thread/subreddit you're posting on, which is information that needs to be sent to the server in order for functionality like voting or posting to even work. Seriously, how the fuck else do they expect to be able to make a post if they don't want the site to know what thread/board they're trying to post to?
Xavier Lewis
>Not reading the post >Scrolling data is essential to use the website
Bentley Edwards
Web related work isn't my specialty. Simply giving a link to a screenshot with parts of it blurred out and descriptions like "oops, more data trying to be sent away to the mothership." doesn't tell me what data is being sent, and my attention gets drawn to the parts of the screenshot they took the time to edit rather than the parts that are apparently relevant.
Aiden Sanchez
>going on R*ddit in the first place
Levi Long
...
Nathaniel Harris
>our government agencies Sorry, not a burgershit.
Benjamin Stewart
Reddit made an achievement, by being bigger shit than cuckchan.