87 upvotes, 1 direct replies (showing 1)
View submission: An Update Regarding Reddit’s API
The Data API is oauth authenticated
My understanding is you *already* don’t serve explicit content unless the owner of the oauth account logs in on desktop, visits account settings, and checks a box affirming that they are of legal age and consent to view said material.
I am not sure where the safety concern is with that process.
Comment by Bardfinn at 18/04/2023 at 19:11 UTC
14 upvotes, 2 direct replies
The safety concern is that there are “heavy API users” who are themselves oauth’d who then pass along firehose feeds to others who aren’t, and the others who aren’t had the ability to retrieve https://i.redd.it/arbitrary.png.
The same issue applies to the scenario of “there’s a private subreddit with 100 people as authorised users, one user, UserA publishes a gallery in that private subreddit, another user wants to exfiltrate the contents of that gallery from the site while avoiding the lawful consequences of that act, that user copies the https://i.redd.it/arbitrary.png URLs and hands them over to an anonymous proxy hosted in Russia who then holds copies of the photos for 20 years while simultaneously resisting all law enforcement investigations into the matter of exactly who committed sexual assault of UserA by non-consensually publishing intimate media of UserA.”
Reddit has been improving how they handle authenticated access to user content in order to improve how they handle non-consensual intimate media. This is part of that process.