This is the main reason I completely ditched Reddit, if you use the new Reddit interface instead of the old one (old.reddit.com), you’ll see a constant request being made to “https://www.reddit.com/svc/shreddit/events” (open your DevTools > Network tab, can’t see on Firefox idk why).

The problem is, if you add this to your Ublock Origin filters the website won’t load properly, that’s why uBO team didn’t block it already.

You’ll notice this request isn’t only being made from a interval but also when you do basically any action in the site, like pausing or resuming a video (send timestamps of when did you pause or resumed).

It sends other kind of data like what subjects you’re seeing when closed a tab or the related subjects of a post you click, this all can be used to trace a perfect profile of you and things you like.

You can avoid that by using the old.reddit but it still has the same kind of tracker, even tho you can block it here without major issues.

By my analysis, old Reddit interface does the same but to a random URL path that always starts with “reddit.com/api/something”. Ex.: reddit.com/api/friends So you can block anything that starts with “www.reddit.com/api” in your custom filters (after all you’re using old.reddit.com), then you’re mostly free from Reddit trackers (more or less). Side effect is, you won’t be able to use the chat in the old interface.

  • expr@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    1 day ago

    Reddit sucks for many reasons and I refuse to use it, but as a software engineer, this hardly looks nefarious. That looks like a pretty typical event gateway in networked applications, which is used for all kinds of things to make a platform run. We have one in our application, and it’s not used for any kind of privacy-invasive tracking. We use it for things like bulk data processing for things like userbase-level analytics (like, how many users are using this feature?), or for billing purposes for our customers (since we bill based on usage).

    And calls to /api/* routes are absolutely completely normal for any SPA (single page app), and are required for them to function. There’s certainly a technical argument to be made against SPAs in favor of more traditional server-side rendering (augmented by tools like https://htmx.org/ for dynamic content), which could be used to avoid these kinds of API calls (and, in fact, it’s a model I’m very much in favor of), but that kind of architecture is far from the norm these days. The SPA model is the current (IMO bad, from a technical perspective) standard.

    We have many reasons to shit on reddit and their behavior, but this honestly isn’t one of them.

      • expr@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 day ago

        I know old reddit is not an SPA, but that’s entirely the point. New reddit is clearly written as an SPA. Old reddit was created before SPAs were super common, so it uses a different architecture.

        • CodenameDarlen@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          1 day ago

          Yes, so when we’re talking about calls to /api/* we’re talking about old.reddit.com, I didn’t say anything about calls to this endpoint on new reddit, the problem with new Reddit are calls made to https://www.reddit.com/svc/shreddit/events with a lot of trackers. It can’t be blocked.

          • expr@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            24 hours ago

            Right, and I explained that looks like a very common event gateway kind of architecture, which has many legitimate uses.

            Now, it’s entirely possible that Reddit is also using it for tracking shit (because of who they are), but the mere fact that an event gateway exists isn’t evidence of that. Here’s the Wikipedia article on the architecture: https://en.m.wikipedia.org/wiki/Event-driven_architecture.

              • expr@programming.dev
                link
                fedilink
                arrow-up
                1
                ·
                22 hours ago

                I have no doubt Reddit is doing shitty things (as evidenced by, well, everything in the last several years), but that’s entirely unrelated to what kind of architecture is involved. You can do shitty stuff with regular JS, cookies, etc. on webpages.

                I simply don’t want people thinking that this is actual evidence of wrongdoing, because it isn’t.

                • CodenameDarlen@lemmy.worldOP
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  22 hours ago

                  You really can’t tell that this isn’t being used for evil practices, personal info is leaving your machine via client-side requests, end of story. You can use your judgement, but by fact, you can’t really tell anything. I wouldn’t trust Reddit, if you trust them good of your.