this post was submitted on 17 Jun 2023
1252 points (98.8% liked)

Lemmy.World Announcements

29099 readers
30 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
ruud
lwadmin
lwCET
jelloeater85
Serinus
lw_mod_notification
MrKaplan
1252
[The Guardian] There is no moral high ground for Reddit as it seeks to capitalise on user data (www.theguardian.com)
submitted 1 year ago by dimspace to c/lemmyworld
157 comments fedilink hide all child comments
 

CEO Steve Huffman says tech giants should not be able to trawl Reddit’s huge store of data for free. But that information came from users, not the company

That “corpus of data” is the content posted by millions of Reddit users over the decades. It is a fascinating and valuable record of what they were thinking and obsessing about. Not the tiniest fraction of it was created by Huffman, his fellow executives or shareholders. It can only be seen as belonging to them because of whatever skewed “consent” agreement its credulous users felt obliged to click on before they could use the service.

Ouch

you are viewing a single comment's thread
view the rest of the comments
[–] Pika 2 points 1 year ago* (last edited 1 year ago)

Oauth 2 is an authorization standard, that's basically what it is meant for. It's intended to be used as a identification system for a client to be able to tell a first party hey I'm me through the usage of a third party without ever giving the third party to have your password.

Discord, Facebook/Meta, Google(most services), Soundcloud, all those use Auth 2 based API's, oauth 2 is used basically everywhere for the same focus that Reddit is trying to do

Like you said it can be dangerous if you authorize a third party app with more scopes then needed(scopes help restrict what the app can do on your behalf), honestly I'm willing to bet that rif and Apollo both used the oauth2 API at least in some part, otherwise I don't think it would have been able to allow you to upvote or downvote posts or post comments as you. A good way to tell if it was using it or not is if you had to login and it brought you to a page that said authorize this app with Reddit, if it showed that you were using oauth 2

I haven't personally had to use the Reddit Api I've only skimmed it myself(I was looking into it then the whole bombshell happend and I bailed), but I have to use the Discord API daily with developing my Discord bot and with the Discord API once you have the bearer token every form of authentication with that specific user goes through that token instead, it's really only used for the website settings page though anything actually on the client itself still uses a standard bot token

Also I fully agree, Reddit has shown that it has no respect for the third parties on the platform so I fully expect just going to get worse, they wern't planning on negotiating price, they set it that way to force third party out