44 upvotes, 2 direct replies (showing 2)
View submission: Safety update on Reddit’s follow feature
We want to first apologize that this system has been misused by bad actors.
Here's a question- have your Dev and Safety/Security teams gone in to the development processes with the assumption that users *will* use features to harass others? History has shown that users will use this (or any social media platform) to harass others, particularly based on the basis race, gender, and sexual orientation. They will get very creative, they'll use coded language, they'll hide it in any manner that they can to evade detection. This isn't unexpected to people who get harassed.
With that in mind, it would seem that part of the development process for the platform should assume that this harassment will happen, and resources should be spent up front trying to find that. Did anyone ask "if I were a bigoted douche or a kid trying to aggressively troll, how would I use this to attack people" during the process? With the fact of the notification process and the fact that username is a user-generated field, I think it's hard to miss that users would put the message they want to use for harassment in the username field. I'd also argue that any part of the platform that hasn't taken advance steps to prevent harassment from before the first implementation hasn't actually met the standard of "minimum viable product" if you're using Agile to build and deploy.
To me, this whole thing begs the question of "how was this missed in the first place and why wasn't it addressed before implementation?"
Comment by Hubris2 at 14/07/2021 at 19:52 UTC
34 upvotes, 1 direct replies
What you're describing is how development would work if the safety/security of users was a top priority. When rolling out features expected to increase 'stickyness' and time spent on site introduces privacy issues, then they start the process of considering how the existing design can be tweaked to minimise the harm caused - but without any willingness to roll back the feature (and decrease the stickyness).
To me this suggests that the privacy and safety of Reddit users is at best a secondary or tertiary priority - and why we continue to see the same cycle happen over and over.
Comment by CedarWolf at 14/07/2021 at 19:53 UTC
3 upvotes, 1 direct replies
Penetration testing and exploit review *is* part of a good design process. I agree; this should have been caught earlier on, but it wasn't, and now we're in this situation and doing the best we can with it.