
Reddit DMs will not reach their destination if they contain certain text - ValentineC
https://www.reddit.com/r/privacy/comments/8ps94a/it_appears_reddit_direct_messages_are_being/
======
sotojuan
From that thread:

> Reddit's new "private" chat system is powered by send bird without any
> additional end to end encryption.

> This means send bird provides a searchable plaintext database of all of
> these "private" chats.

> [https://sendbird.com/features](https://sendbird.com/features)

> I like the (public) chat feature but to introduce "private" chats a feature
> that is clearly intended to increase interactivity and thus use of the
> feature without making this clear is just wrong IMO.

~~~
beefhash
I think that's backwards. You cannot assume that a "private" message is
actually private unless end-to-end encryption is advertised. You still cannot
safely assume so unless you've checked the code yourself. Privacy is never the
default.

Hence the move to call things "direct" messages, rather than "private" as it
used to be.

~~~
Ninn
You cant even be sure when you have checked the source code of the project --
whos to say that is actually what is deployed?

~~~
Boulth
Reproducible builds.

~~~
aserafini
But how do you know that the build you verified yourself is the one that is
running on their server? It would be amazing to solve this problem - are there
any solutions?

~~~
megous
End-to-end yousually means client to client. So all you need to verify is
client code.

------
Operyl
A bit ago there was a mass spam wave of malware being spread via PM hosted on
mega. It could just as likely be an anti spam measure gone wrong.

~~~
duxup
I still get hit with DM spam on Reddit every once in a while.

I'm kinda surprised, if some new account tosses out 100 DMs ... you'd think
they'd be able to automatically cut them off.

Then again they don't cut off accounts that just spam their blog or news site
all the time either...

~~~
Operyl
It’s a never ending battle.

~~~
slig
It yes, but there are a handful of very simple heuristics that Reddit (and
Twitter) never cared to implement properly.

~~~
apatters
This is probably a sign that the situation is more complicated than it appears
to be.

I mean if they have hundreds or thousands of engineers, billions of dollars
etc. they have surely considered these heuristics before, and there's probably
a reason they haven't done them "right," we just are not privy to that reason.

~~~
kuschku
It’s not really.

You can throw the SpamAssassin detection engine at the PMs, and you’ll already
get a much higher detection ratio than what Reddit gets today.

------
Fnoord
Yeah, and MSN and Facebook block messages containing ThePirateBay.org. You can
argue both ThePirateBay.org and Mega.co.nz are _very_ likely copyright
infringement material.

Also, these are not _private_ messages. That's why Tweakers.net calls private
messages "direct messages" (DMs) and not "private messages" (PMs). They scan
them, they read them back in case of a dispute, but apart from the moderator
team _other users_ cannot read them.

The title of this subject seems to call it DM whereas Reddit appears to call
their system PMs. Either way, Reddit falls under a different jurisdiction than
Tweakers.

A simple solution could be using GPG, or a different method of communication
e.g. using JS over a less censoring platform. By using GPG (or some other form
of public key cryptography), the messages are private, and the integrity of
the data can be guaranteed.

~~~
flatline
Boy, if you think getting people to use encrypted email is hard, I can only
imagine trying to convince reddit users. Why would you even use reddit to send
an actual, private communique? If you know the person through some other
channel, why prefer a pseudonymous platform controlled by a third party, that
is notoriously unreliable? If you don’t know them outside of Reddit, I find
the odds of wanting or needing truly private communications very small, and a
DM could easily be used to establish a more secure connection elsewhere.

~~~
chatmasta
You don’t need to know them outside of Reddit, just outside of the DM. I can
easily imagine a situation where members of a subreddit might want to DM each
other securely. For example users of a marketplace subreddit might want to DM
each other to negotiate transactions. In that case I could imagine the OP
providing a GPG public key in a post and asking anyone who sends a DM to send
it GPG encrypted with that key.

Also, convincing reddit users to use GPG is definitely easier than convincing
email users, because it only needs to happen for specific subsets of them, and
many already use it (eg in the old /r/DarkNetMarkets).

------
klodolph
It seems like Reddit, Facebook, YouTube and others are "converging", partly
due to the economic forces behind delivering good engagement metrics to
advertisers and not placing ads next to undesirable content.

~~~
rarec
It is a strange blessing and mercy that websites unattractive to advertisers,
like 4chan, are seemingly spared the worst of it.

------
SquareWheel
Reddit's blocked Mega links for years. I'd have been surprised if their new
chat platform _didn 't_ use the same filters.

I bet URL shorteners don't work either, for the same reason.

------
IIAOPSW
first the redesign now this.

reddit is really starting to go downhill.

~~~
stochastic_monk
Whenever I open reddit without logging in, I’m filled with abject horror by
the abomination before me.

Sure, it’s fixed after logging in, as I’ve opted for the “classic” look, but
how long will they support both displays?

~~~
technofiend
I can't read Reddit without logging in because that's what applies all my
filters. It's a much more agreeable site once you strip off all the politics
subreddits. Now I just need a way to filter off the karma whores like
gallowboob.

------
ggg9990
I don’t see what’s in this for Reddit. They can’t possibly get sued for not
doing this.

------
exikyut
I've had the same experience with imgur "private" messages. At least imgur are
honest enough to not concretely state that they don't look.

------
randyrand
Mega is the best implementation of large file downloading on the web.

Shame.

------
qrbLPHiKpiux
Nothing is private if someone else controls the channel.

~~~
jerezzprime
That's not true. Private/Public key encryption is just one example of secure
communication over an unsecured channel.

------
kirykl
"It's a little insurance policy...You're our product. And we can't very well
have our products turning against us, can we?"

