This is the main reason I completely ditched Reddit, if you use the new Reddit interface instead of the old one (old.reddit.com), you’ll see a constant request being made to “https://www.reddit.com/svc/shreddit/events” (open your DevTools > Network tab, can’t see on Firefox idk why).
The problem is, if you add this to your Ublock Origin filters the website won’t load properly, that’s why uBO team didn’t block it already.
You’ll notice this request isn’t only being made from a interval but also when you do basically any action in the site, like pausing or resuming a video (send timestamps of when did you pause or resumed).
It sends other kind of data like what subjects you’re seeing when closed a tab or the related subjects of a post you click, this all can be used to trace a perfect profile of you and things you like.
You can avoid that by using the old.reddit but it still has the same kind of tracker, even tho you can block it here without major issues.
By my analysis, old Reddit interface does the same but to a random URL path that always starts with “reddit.com/api/something”. Ex.: reddit.com/api/friends So you can block anything that starts with “www.reddit.com/api” in your custom filters (after all you’re using old.reddit.com), then you’re mostly free from Reddit trackers (more or less). Side effect is, you won’t be able to use the chat in the old interface.
I know old reddit is not an SPA, but that’s entirely the point. New reddit is clearly written as an SPA. Old reddit was created before SPAs were super common, so it uses a different architecture.
Yes, so when we’re talking about calls to
/api/*we’re talking about old.reddit.com, I didn’t say anything about calls to this endpoint on new reddit, the problem with new Reddit are calls made tohttps://www.reddit.com/svc/shreddit/eventswith a lot of trackers. It can’t be blocked.Right, and I explained that looks like a very common event gateway kind of architecture, which has many legitimate uses.
Now, it’s entirely possible that Reddit is also using it for tracking shit (because of who they are), but the mere fact that an event gateway exists isn’t evidence of that. Here’s the Wikipedia article on the architecture: https://en.m.wikipedia.org/wiki/Event-driven_architecture.
If you want to believe Reddit is using it merely to make their website to work properly, be my guest.
I have no doubt Reddit is doing shitty things (as evidenced by, well, everything in the last several years), but that’s entirely unrelated to what kind of architecture is involved. You can do shitty stuff with regular JS, cookies, etc. on webpages.
I simply don’t want people thinking that this is actual evidence of wrongdoing, because it isn’t.
You really can’t tell that this isn’t being used for evil practices, personal info is leaving your machine via client-side requests, end of story. You can use your judgement, but by fact, you can’t really tell anything. I wouldn’t trust Reddit, if you trust them good of your.