Skip to main content

Get the Reddit app

Scan this QR code to download the app now
Or check it out in the app stores

r/redditsecurity

members
online
Feed About
Hot
Open sort options
Change post view
Reddit & HackerOne Bug Bounty Announcement
u/__tony-stark__
ADMIN Reddit & HackerOne Bug Bounty Announcement

Hello, Redditors!

We are thrilled to announce some significant updates to our HackerOne public bug bounty program, which encourages hackers and researchers to find (and get paid for finding) vulnerabilities and bugs on Reddit’s platform. We are rolling out a new bug bounty policy and upping the rewards across all severity levels, with our highest bounty now topping out at $15,000.  Reddit is excited to make this investment into our bug bounty community!

These changes will take effect starting today, June 26, 2024. Check out our official program page on HackerOne to see all the updates and submit your findings. 

We’ll stick around for a bit to answer any questions you have about the updates. Please also feel free to cross-post this news into your communities and spread the word.

Q1 2024 Safety & Security Report
u/jkohhey
ADMIN Q1 2024 Safety & Security Report

Hi redditors,

I can’t believe it’s summer already. As we look back at Q1 2024, we wanted to dig a little deeper into some of the work we’ve been doing on the safety side. Below, we discuss how we’ve been addressing affiliate spam, give some data on our harassment filter, and look ahead to how we’re preparing for elections this year. But first: the numbers.

Q1 By The Numbers

Category Volume (October - December 2023) Volume (January - March 2024)
Reports for content manipulation 543,997 533,455
Admin content removals for content manipulation 23,283,164 25,683,306
Admin imposed account sanctions for content manipulation 2,534,109 2,682,007
Admin imposed subreddit sanctions for content manipulation 232,114 309,480
Reports for abuse 2,813,686 3,037,701
Admin content removals for abuse 452,952 548,764
Admin imposed account sanctions for abuse 311,560 365,914
Admin imposed subreddit sanctions for abuse 3,017 2,827
Reports for ban evasion 13,402 15,215
Admin imposed account sanctions for ban evasion 301,139 367,959
Protective account security actions 864,974 764,664

Combating SEO spam

Spam is an issue we’ve dealt with for as long as Reddit has existed, and we have sophisticated tools and processes to address it. However, spammers can be creative, so we often work to evolve our approach as we see new kinds of spammy behavior on the platform. One recent trend we’ve seen is an influx of affiliate spam-related content (i.e., spam used to promote products or services) where spammers will comment with product recommendations on older posts to increase visibility in search engines.

While much of this content is being caught via our existing spam processes, we updated our scaled, automated detection tools to better target the new behavioral patterns we’re seeing with this activity specifically — and our internal data shows that our approach is effectively removing this content. Between April and June 2024, we actioned 20,000 spammers, preventing them from infiltrating search results via Reddit. We’ve also taken down more than 950 subreddits, banned 5,400 domains dedicated to this behavior, and averaged 17k violating comment removals per week.

Empowering communities with LLMs

Since launching the Harassment Filter in Q1, communities across Reddit have adopted the tool to flag potentially abusive comments in their communities. Feedback from mods was positive, with many highlighting that the filter surfaces content inappropriate for their communities that might have gone unnoticed — helping keep conversations healthy without adding additional moderation overhead.

Currently, the Harassment filter is flagging more than 75,000 comments per day in almost 9,000 communities.

We shared more on the Harassment Filter and the LLM that powers it in this Mod News post. We’re continuing to build our portfolio of community tools and are looking forward to launching the Reputation Filter, a tool to flag content from potentially inauthentic users, in the coming months.

On the horizon: Elections

We’ve been focused on preparing for the many elections happening around the world this year–including the U.S. presidential election–for a while now. Our approach includes promoting high-quality, substantiated resources on Reddit (check out our Voter Education AMA Series) as well as working to protect our platform from harmful content. We remain focused on enforcing our rules against content manipulation (in particular, coordinated inauthentic behavior and AI-generated content presented to mislead), hateful content, and threats of violence, and are always investing in new and expanded tools to assess potential threats and enforce against violating content. For example, we are currently testing a new tool to help detect AI-generated media, including political content (such as AI-generated images featuring sitting politicians and candidates for office). We’ve also introduced a number of new mod tools to help moderators enforce their subreddit-level rules.

We’re constantly evolving how we handle potential threats and will share more information on our approach as the year unfolds. In the meantime, you can see our blog post for more details on how we’re preparing for this election year as well as our Transparency Report for the latest data on handling content moderation and legal requests.

Edit: formatting

Edit: formatting again

Edit: Typo

Sharing our Public Content Policy and a New Subreddit for Researchers
u/Chtorrr
ADMIN Sharing our Public Content Policy and a New Subreddit for Researchers
r/reddit
Sharing our Public Content Policy and a New Subreddit for Researchers

TL;DR (this is a lengthy post, but stay with us until the end: as a lawyer, I am not allowed to be brief):

We are, unfortunately, seeing more and more commercial entities collecting public data, including Reddit content, in bulk with no regard for user rights or privacy. We believe in preserving public access to Reddit content, but in distributing Reddit content, we need to work with trusted partners that will agree in writing to reasonable protections for redditors. They should respect user decisions to delete their content as well as anything Reddit removes for violating our Content Policy, and they cannot abuse their access by using Reddit content to identify or surveil users.

In line with this, and to be more transparent about how we protect data on Reddit, today we published our Public Content Policy, which outlines how we manage access to public content on our platform at scale.

At the same time, we continue to believe in supporting public access to Reddit content for researchers and those who believe in responsible non-commercial use of public data. This is why we’re building new tools for researchers and introducing a new subreddit, r/reddit4researchers. Our goal is for this sub to evolve into a place to better support researchers and academics and improve their access to Reddit data.

Hi, redditors - I’m u/Traceroo, Reddit’s Chief Legal Officer, and today I’m sharing more about how we protect content on Reddit.

Our Public Content Policy

Reddit is an inherently public platform, and we want to keep it that way. Although we’ve shared our POV before, we’re publishing this policy to give you all (whether you are a redditor, moderator, researcher, or developer) a better sense of how we think about access to public content and the protections that should exist for users against misuse of public content.

This is distinct from our Privacy Policy, which covers how we handle the minimal private/personal information users provide to us (such as email). It’s not our Content Policy, which sets out our rules for what content and behavior is allowed on the platform.

What we consider public content on Reddit

Public content includes all of the content – like posts and comments, usernames and profiles, public karma scores, etc. (for a longer list, you can check out our public API) – that Reddit distributes and makes publicly available to redditors, visitors who use the service, and developers, e.g. to be extra clear, it doesn’t include stuff we don’t make public, such as private messages or mod mail, or non-public account information, such as email address, browsing history, IP address, etc. (this is stuff we don’t and would never license or distribute, because we believe Privacy is a Right).

Preventing the misuse and abuse of public content

Unfortunately, we see more and more commercial entities using unauthorized access or misusing authorized access to collect public data in bulk, including Reddit public content. Worse, these entities perceive they have no limitation on their usage of that data, and they do so with no regard for user rights or privacy, ignoring reasonable legal, safety, and user removal requests. While we will continue our efforts to block known bad actors, we can’t continue to assume good intentions. We need to do more to restrict access to Reddit public content at scale to trusted actors who have agreed to abide by our policies. But we also need to continue to ensure that users, mods, researchers, and other good-faith, non-commercial actors have access.

The policy, at-a-glance

Our policy outlines the information partners can access via any public-content licensing agreements. It also outlines the commitments we make to users about usage of this content, explaining how:

  • We require our partners to uphold the privacy of redditors and their communities. This includes respecting users’ decisions to delete their content and any content we remove for violating our Content Policy.

  • Partners are not allowed to use content to identify individuals or their personal information, including for ad targeting purposes.

  • Partners cannot use Reddit content to spam or harass redditors.

  • Partners are not allowed to use Reddit content to conduct background checks, facial recognition, government surveillance, or help law enforcement do any of the above.

  • Partners cannot access public content that includes adult media.

  • And, as always, we don’t sell the personal information of redditors.

What’s a policy without enforcement?

Anyone accessing Reddit content must abide by our policies, and we are selective about who we work with and trust with large-scale access to Reddit content. We will block access to those that don’t agree to our policies, and we will continue to enhance our capabilities to hunt down and catch bad actors. We don’t want to but, if necessary, we’ll also take legal action.

What changes for me as a user?

Nothing changes for redditors. You can continue using Reddit logged in, logged out, on mobile, etc.

What do users get out of these agreements?

Users get protections against misuse of public content. Also, commercial agreements allow us to invest more in making Reddit better as a platform and product.

Who can access public content on Reddit?

In addition to those we have agreements with, Reddit Data API access remains free for non-commercial researchers and academics under our published usage threshold. It also remains accessible for organizations like the Internet Archive.

Reddit for Research

It’s important to us that we continue to preserve public access to Reddit content for researchers and those who believe in responsible non-commercial use of public data. We believe in and recognize the value that public Reddit content provides to researchers and academics. Academics contribute meaningful and important research that helps shape our understanding of how people interact online. To continue studying the impacts of how behavioral patterns evolve online, access to public data is essential.

That’s why we’re building tools and an environment to help researchers access Reddit content. If you're an academic or researcher, and interested in learning more, head over to r/reddit4researchers and check out u/KeyserSosa’s first post.

Thank you to the users and mods who gave us feedback in developing this Public Content Policy, including u/abrownn, u/AkaashMaharaj, u/Full_Stall_Indicator, u/Georgy_K_Zhukov, u/Khytau/Kindapuffy, u/lil_spazjoekp, u/Pedantichrist, u/shiruken, u/SQLwitch, and u/yellowmix, among others.

EDIT: Formatting and fighting markdown.

comments