The people who's "trust" was broken are paranoid conspiracy-mongers who are provably nasty actors who use any opportunity to spread anti-establishment vitriol.
Their paranoia is not justified, not to the extent of the conspiracy that they so routinely engage in.
Just this week a man brought a rifle into a restaurant a fired a shot because of the conspiracy and vitriol of that side of reddit.
I agree. I am absolutely shocked at how many simply do not get the ramifications of that simple action. In some countries you can go to jail for your post history.
So you're a media dsitribution contractor in Washington, DC and you don't see how covert editing of social media posts is upsetting, overreach, abuse, or illegitimate? And you're making fun of expectations of the integrity of social media posts?
I think editing critical Reddit comments as part of a prank or maybe as a jokey form of retribution is an extremely ill-advised and boneheaded move. I don't know if it was abusive and it was hardly covert, but it was definitely not cool. I doubt Spez will make that mistake again.
But did it tell us anything new? Are we surprised that Reddit admins have the technical ability to edit records in their own database? (As do the admins of other social media sites...)
It seems Reddit admins don't have that ability, if I read the thread correctly. Rather, Spez helped build the system and just knew how to manage the prank. It wasn't even really a backdoor thing, he just had the know-how to do it (like being able to log into the database and update a row).
That's the confusing bit about the outrage to me: I think people expected it to be secure and tight, and ... well... I'm not sure what led to that conclusion. I can easily imaging that until Spez pulled that stunt, they just figured it was too hard to screw with and that the databases were sufficiently secure. After all, the techs have full access to the machines*. It's like being surprised that your ActiveDirectory admin can change your password at will.
But you can bet your booties they'll try to lock it down a bit better now. Wouldn't expect it to be the TarSnap of forums, though. Reddit's not exactly a bastion of authenticity :P
EDIT: What I mean here is that someone has physical access to the machines, right? Or at least some amount of root? Or can log in? I guess to me it's like being outraged that the guy who targets the Hubble telescope abuses his position and points it at Earth or something as a joke; huge amount of time and money on the line and it would be a dumb thing, but it's also pretty harmless. Might still get fired for it, though.
If someone else edited your post, the signature would no longer be valid. So the attacker could remove the signature or sign it with a different key or leave it alone and hope no one notices, but they couldn't re-sign with your key since they wouldn't have access to your private key file.
Public key cryptography is really neat if you haven't played around with it before.
I was being half-facetious, but if you want to be able to prove that a post is actually written by you, you probably want something like PGP.
You don't just post your public key next to your comment, you use your private key to create a cryptographic signature of the contents of your post. Anyone with your public key can check that the signature is valid. Altering the text will cause that signature check to fail.
The issue here is that almost nobody actually checks the signature. Some people edit their messages to invalidate them just to see if they'll get called out on it - they almost never are.
So in theory, yes. But in practice - people are too lazy to validate or check the key (if the attacker replaces it with their own signed message) for every single post. This is a bigger issue the more users you have signing messages - as users begin getting lazier with checking each and every signed message.
Unless they are under a lot of eyeballs from people who do care. If Wikileaks "signs" a message and it doesn't verify or wasn't with their key - a lot of people will call it out. If I "sign" a message or use a different private key (very possible that I sign with the wrong key when I have multiples) - I doubt anyone would call me out on it.
Reddit is a content management system for stupidity and spam. Let's not pretend it's some pristine, important institution. Trolling the_donald could only have been a step in the right direction.
You raise a lot of good points here for sure. My main beef with reddit has been the lack of uniformity in application of the rules. It's better for everyone if there are clear rules, and the enforcement isn't capricious.
Their paranoia is not justified, not to the extent of the conspiracy that they so routinely engage in.
Just this week a man brought a rifle into a restaurant a fired a shot because of the conspiracy and vitriol of that side of reddit.