10 upvotes, 1 direct replies (showing 1)
View submission: [reddit change] Click events on Outbound Links
Specifically, we've added some logic to allow our event tracking to be accessible for only a certain amount of time to combat its possible use for spam.
I don't follow. Why would spammers have access to this at all?
Comment by umbrae at 08/03/2016 at 18:28 UTC*
7 upvotes, 1 direct replies
Spammers might use the "out.reddit.com" link that is generated for spamming, so we want to make sure that's not a good avenue for them. (This is known as an open redirect vulnerability[1]).