Pika
The problem with that study is that it doesn't take into account the different user types.
When I talk about Reddit I break userd down into four groups.
- lurker: no comments, just browses occasionally
- chatter: comments frequently
- poster: posts content to the site
- mod: actively moderates the site
The changes Reddit implemented only impact the last three types, which are also the types that actually generate content, the same content that the first group The majority in this case goes to the site for. If the mods are leaving the platform because they lack tools to do their job, the posters and the chatters are leaving the platform because they no longer have a decent user interface, there's no one left to provide content for the lurkers to enjoy, meaning that there's nothing else for them to do.
This happens rinse and repeat through a website's life. Chatango used to be a super popular browser based chat service, if you went on a website and it had a live chat chances are it was using to chatango.
But nowadays you hardly ever hear of the platform, because the platform had a falling out with its user base they stopped providing updates they stopped adding new features and a lot of the websites that the platform ran on stopped providing content that kept bringing the users back, with no reason to come back the only people that remained were the ones that had formed friendships with others in the chat. But that only works for so long the ones that really knew each other just added each other on at the time Skype so they ended up moving off platform
That being said I do think that they know what they're doing, I just don't think they have a real choice in the matter. They missed their IPO window and it's now devaluing, which requires drastic measures to not lose what they put in. I personally think that they're using u/spez as a scapegoat for the changes otherwise they would have pushed him out by now
"well there's a program for it but, it's super buggy, just use the command line"
Oauth 2 is an authorization standard, that's basically what it is meant for. It's intended to be used as a identification system for a client to be able to tell a first party hey I'm me through the usage of a third party without ever giving the third party to have your password.
Discord, Facebook/Meta, Google(most services), Soundcloud, all those use Auth 2 based API's, oauth 2 is used basically everywhere for the same focus that Reddit is trying to do
Like you said it can be dangerous if you authorize a third party app with more scopes then needed(scopes help restrict what the app can do on your behalf), honestly I'm willing to bet that rif and Apollo both used the oauth2 API at least in some part, otherwise I don't think it would have been able to allow you to upvote or downvote posts or post comments as you. A good way to tell if it was using it or not is if you had to login and it brought you to a page that said authorize this app with Reddit, if it showed that you were using oauth 2
I haven't personally had to use the Reddit Api I've only skimmed it myself(I was looking into it then the whole bombshell happend and I bailed), but I have to use the Discord API daily with developing my Discord bot and with the Discord API once you have the bearer token every form of authentication with that specific user goes through that token instead, it's really only used for the website settings page though anything actually on the client itself still uses a standard bot token
Also I fully agree, Reddit has shown that it has no respect for the third parties on the platform so I fully expect just going to get worse, they wern't planning on negotiating price, they set it that way to force third party out
update: removed the comment because I was looking at the Api docs again and it seems that despite using the bearer token, metrics and rate limiting still are based off the app client ID, which is super stupid. originally stated that rate limits would be by oauth client which would be per user, 100 requests a minute, but it is actually 100 requests per minute app wide, which is just unfeasible for large scale
I spend all my time here now, I actually uninstalled reddit and blocked it at the router, removed the want of using it tremendously
that's how they did it. They put a 10 request a minute on bots and a higher oauth limit (100) for individuals. large User client type apps could have somewhat easily converted over to that system but due to time constraint they didn't. I do think they extorted their third party devs sure but, honestly the individual user limit isn't super unreasonable as long as you aren't liking or disliking every post. the search api is 100 posts per Api request, it was more the no NSFW and the no advertising limits they put on it that sucked
edit: its actually 10 or 100 per minute not hour
that's super cool, almost zero use case but if you have a super sensitive string (such as a bank or wallet code) I guess it's a good layer of offline security
it's more of a the tools available to combat it are lackluster, so instead of trying they gave up. It's the sledgehammer approach but honestly it will lower growth of the instance, but that's exactally what the admins of the instance wanted
just means screw beehaw, everything else seems accessible no point in catering to a single instance
Same to be honest lol, it's been a bit to get used to
is there an ability to block your content from being submitted to a specific instance (like a user side defederation?)