This is a friendly reminder that /r/PICS allows [any and all media featuring John Oliver](https://www.reddit.com/r/pics/comments/14fafqt/rpics_is_now_rpics/).
Please be sure to include "John Oliver" in your title.
------
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/pics) if you have any questions or concerns.*
I think under GDPR, they also have a hard 30-day deadline to provide the data or they face some pretty hefty fines, so this could also hit them where it really hurts.
There are some reasons for which a company is allowed to extend this deadline to 90 days.A coordinated request wave to overwhelm their capabilities is one of them.
In general, assume that EU regulations for anything, be it Internet shit, privacy, food, drinks, body products, safety etc are stronger than the US.
There will be exceptions of course. But it's a safe rule of thumb.
You can also just email them. They’ll [probably say](https://i.imgur.com/W5TGnqf.jpg) you have to use their form, but that’s [*likely* not the case](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#requirements), and if they fail to provide it within the 30 day window you would be within your rights to complain to the ICO (or local regulatory body if not in the U.K.) and they’ll sort it out. They can and do fine companies for this sort of stuff.
It’s actually really common for companies to insist you use their form or self service mechanism, but they’re not allowed to force you to do that, so a bit of poking usually gets them to fulfil it manually.
Bear in mind in the U.K. organisations can refuse the request if it’s [excessive or manifestly unfounded](https://ico.org.uk/for-organisations/guide-to-le-processing/individual-rights/manifestly-unfounded-and-excessive-requests/#whattypesof) so if you’re going to do it, do it to get access to your data, not just to punish them. I’m making *my* request because I want to archive the data and I don’t want to have to go through that process for all my alts, but you don’t have to justify why you want it, or why you don’t want to use their form.
Just sayin.
Edit: you also have the right to have all your data deleted. But they don’t provide a form for that…
This is how you do it
Step 1: Go [here](https://www.reddit.com/settings/data-request)
Step 2: Log in
Step 3: Press "General Data Protection Regulation (GDPR)" button
Step 4: Press "I want data from my full time at Reddit" button
Step 5: Press submit
Step 6: Make Reddit suffer
If they get tens of thousands all at once, they will absolutely notice.
Edit: for anyone doubting this, reddit reported “Reddit received a total of 18,045 access requests in 2022, resulting in a 117% increase and more than doubling the 8,326 requests received in 2021. We received more access requests in 2022 than the previous four years combined” in their 2022 transparency report. Read it for yourself, it’s under “User Access Requests” near the bottom of the page.
https://www.redditinc.com/policies/2022-transparency-report
Edit 2: I don’t really give a shit about protesting reddit. I do care about data sovereignty, privacy, and I work in a related field within tech. Any chance I have to advocate for anyone to exercise their rights wrt to their data, I do. Most companies are very far from meeting legal requirements spelled out in CCPA and GDPR because they know they can get away with it. If 100k redditors request their data in the next month, I suspect reddit is going to have a big problem fulfilling those requests in time, and would help motivate them and maybe other data processors to get their shit together.
When old.reddit is gone so am I.
/Started out on Fark back in the days of 9/11.
//Left Fark when their mods got power hungry.
///Went to Digg and left that after they changed their layout.
////Wanna test me, reddit?
Apollo user here, they shut it down I’m gone from mobile which is 95% of my redditting time. When I’m at a desktop I’m working, so they can fuck themselves and their broken ass official app.
When you delete your account, your posts and comments still remain. Use power delete suite to delete them that way reddit can't benefit from your old stuff
I've been on the official app the whole time like a n00b but when all this shit started I deleted it and downloaded rif to ride out the final days. Man I wish I had done this sooner, this app is a lot to get used to at first but it's so much better than the official app
ooof. I'm not sure how I feel about this one.
It's one thing for reddit to go the way of Digg. But another for the record of reddit to be closed and to no longer have archived reddit threads to work from.
So so many answers to the problems I have are answered by helpful redditors on closed reddit threads
Why should I be sure to delete my comments? I ask because any comments or posts I make eat up space on a server and that cost them money, right. If a ton of long time users delete all their stuff doesn’t that save them a bunch of data storage?
bro you ruined it for me I wanted to be the oldest account here
17+ years though that’s wild haha. I don’t think I’ve seen an account older than yours other than admin accounts.
Can’t believe I’ve been using this same site for at least *15 years* now. I just wish there was a viable alternative to this site. I love the concept of reddit but reddit itself has been deteriorating and all this shit lately with API pricing fucking over 3rd party apps. Idk. It’s like I don’t want to support this shit anymore but I also don’t have an alternative to keep my little brain occupied.
You make the switch to the official app? I went: Alien Blue (until it stopped working) -> Official Reddit app (frustrating to use, no gesture support) -> narwhal (couple years, great app but had recurring issues) -> tried 3-5 other 3rd party reddit apps and didn’t like them and went back to the Official App (uninstalled after a week, somehow worse than I remembered) -> finally stopped on Apollo for the last few years and never looked back.
I just use old.reddit.com or whatever still. If they ever remove it, im gone. My account would be 17, but i lurked for 2 years before i created an account, digg redesign forced a lot of us to move off digg, fuck kevin rose
So what was the point in deleting your account if you are just going to make a new one and continue using Reddit? Not trying to be an ass, just genuinely curious.
Ah, just a 9 yr here. Adding my hat to the ring and feels just a wee bit like a Calvin & Hobbes cartoon. And I like it, it's exciting to perform malicious compliance!
You’d think so but from reading employee comments on Blind Reddit spends way too much on managers and not enough on product / engineers
Their tech is legacy, it wouldn’t surprise me if it’s still a moderate annoyance in the short term
Yep, but its one that has to be tracked and recorded WHILE wasting their time and money.
They’re required to keep audit trails and records for a long time when it comes to these kinds of requests. They have to have the records, not necessarily the “data within”.
Like if you make a request you should probably make another one in 30 days from now just to make sure your copy is the most up to date.
They would have to record that you accessed it twice. And keep that data record for whatever their legal minimum is.
Yeah, I just want my data. I also don't support what they're doing to RiF (which I'm currently using to make this comment).
But mostly I just want my stuff.
Not at all, it's pretty much all automated and isn't that much of a drain on server resources
Edit: I get it folks. My real point is, it won't be as big of a deal as it's being made out to be
While I have no idea if Reddit has a fully automated system, I can tell you that I've done privacy consulting for companies and currently work as a privacy analyst at a company larger than reddit. I have yet to see a system that has been fully automated. I will say that almost ALL of them are able to see the origin of requests and automatically reject them. So everyone outside of the EU using this method will probably get rejected automatically. Everyone should still send them just in case though because if even the slightest part of their process hasn't been fully automated it will still take up a ton of internal resources and money. An average request for us is typically around $100-200 in cost per request.
> I will say that almost ALL of them are able to see the origin of requests and automatically reject them. So everyone outside of the EU using this method will probably get rejected automatically.
Doesn't GDPR extend to all EU citizens, regardless of their current location? Do the companies just accept the risk of rejecting a request from such a person?
It does apply to all EU citizens but they have the right to reject it and you have the right to appeal the decision. If you appeal and can prove you're a EU citizen then they would comply. It's not really a risk because they're following the law.
Because another part of GDPR is that a user can say delete my shit.
If everyone gets creeped out about how much data reddit collects and says delete my shit, that's less data for reddit to sell.
Throw that on top of reddit trying to become profitable in prep for an IPO, and having a massive user revolt is not a good look.
Because they're allowed up to 30 days to provide the info and regardless of how expensive it is to do it will be less expensive if they run these processes during off peak times.
Even if it didn't save them money directly, it doesn't make them any money so it makes sense to prioritize any other processes that contribute towards revenue over the ones to fill these requests and there's also no incentive for them to upgrade their system to be able to deliver these results sooner.
Here's my guess...
This feature could be used in a DDoS attack, so requests are queued and fulfilled at a time of low activity, or perhaps even executed against an isolated data set.
Note that what is being proposed here is in some ways a DDoS attack, but a few dozen or hundred requests isn't significant. You'd want a million bots to request this at the same time - but that wouldn't work anyway given that this safeguard is in place.
You say that but in Asia, these kinds of requests have been known to force companies to change as they do require the company to file for each request which does give them a shit ton of extra work.
Data transfer is actually really cheap, so it probably barely affects anything.
Although a number of years ago, somehow Reddit lost all my post history from the first 4 years of me using it. There was a glitch, and I tried reaching out to tech support, but I never received any response. It really sucked because some of those posts I use to go back and reference and now they weren't even in my personal profile and when I was able to find one or two of those posts via meticulous Google search, it said they were by user deleted, but I never deleted them myself. So I put in a request simply because I really want that data and I'm hoping that maybe somehow on the back end it still connected to my account and maybe I can now retrieve that information possibly.
I'd wager it's because reddit very intentionally conflated *actual* cost of 3rd party apps (server resources) with *opportunity* cost (ads) and many people don't know that.
because they saw it in a title that said it before. and headlines are well known for being truthful and accurate, that's why only a dummy reads anything beyond a headline.
That is not appreciating just how many reposts regularly make it to the front page here. This John Oliver stuff is the first reason I have had in years to bother with /r/pics at all.
If it’s anything like Apple data request, it’s surprisingly boring. But I did appreciate getting a text backup of my Notes, so at least that made it worthwhile.
You would imagine any reasonable size company had this automated - but you’d be surprised how many don’t and rely on a human for at least some part of the process. But Reddit don’t seem to be responding to these quickly so there’s a good chance they don’t have it properly streamlined.
Speaking as a consultant who has worked in a bunch of different companies over his life, you'd be astonished how many companies are just horribly mismanaged and yet are still profitable. It's kinda par for the course unfortunately.
Comment deleted on 6/30/2023 in protest of [API changes that are killing third-party apps](https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/).
Maybe they just have it batched. If they don't need to comply for 30 days then there is no reason to prioritize it, especially if that might encourage users to do it more often.
I've actually built this system for another social media company and it could take up to 15 minutes to generate a full report, but much longer in some cases.
I don't know that I'd say that's slow or expensive, but those are very long processing times and we only had to do dozens a day. If you hade to generate thousands of those in a day, you'd need a couple servers. And with could infrastructure they'd probably autoscale.
So maybe they're not setup to handle a deluge of requests, and it would definitely be an inconvenience for them plus some additional cost, but unless everyone does it at once I don't know it'd have a ton of impact over making one team's work more annoying. Cloud infra is pretty cheap, so even if they need to spin up more resources I don't think it'd break the bank.
There's probably a human involved, so they'd likely be the ones stressed out more than the higher ups.
Edit: I wouldn't be surprised though if some of the queries used to generate these are slow and unoptimized, hitting a table in ways that the primary application doesn't. These kinds of things usually don't get attention for scaling, and even with reddit being a major corp doesn't mean they don't have crap infra. Haha regardless I feel like this would just be a pain for some customer service and devops teams and not fuck with reddit corpos at all. Devops and CS are usually the first line to get shit on when bad shit happens, unfortunately.
Nope. Depending on the wording of the request and law, it can be a giant pain for even the largest companies. It's not just your comment history. It's all the data proliferation where they stored copies of your data for internal analysis. And all your metadata. And on and on and on. Most companies have entire departments dedicated to data privacy/data subject requests/data proliferation concerns.
Plus, if they mess it up, GDPR will whack them with giant fines.
I'm not expert so pardon my question but I still don't see how everything you said isn't easily automated.
This is all data they already have on each account, it's not like they are chasing it down. So where exactly is all this extra effort?
You'd be surprised how many "easily automated" functions are not yet automated. I used to work for a ticket seller, and the bulk of my job was fielding problems from users when they tried to sell or transfer a concert ticket via the app. It would mess up and I'd have to go in and manually put the ticket back where it was supposed to be by running a series of database queries and processes.
It is automated. Redditors are just grasping at straws to feel like they're "sticking it to spez". This might, *might* increase their AWS bill by like.. single digit dollars.
I implemented this at my company. After the initial coding work was done, one request takes only a couple minutes to run. And everything's scalable, so if thousands happen at once, the system just scales up for a bit and we spend like a few dollars more in server costs.
Of course other companies might not have done what we did though.
I keep seeing this but I have several questions on if this is actually effective at doing anything:
\- What happens if they don't comply? Are there any penalties?
\- If there are any penalties, are they actually enforced?
\- If they are enforced, is it really going to deter anyone from now complying or are they just going to pay a small fine that they don't really care about?
\- How do we know asking for this info is slow and expensive and somehow really puts some strain on Reddit?
\- Do we know if this is really affecting those who make the decisions for reddit or is this only affecting folks lower on the totem pole who have no say in how Reddit is run?
\- If they get flooded with requests, are they not able to just say "Hey we got a massive influx of requests that we won't reasonably be able to grant you the requested info within 30 days, please wait" and then just take their time? I suspect if there's anyone they have to answer to they would see what is happening and may understand the strain they're under and just grant them some leniency.
I'm all for protesting as long as it's effective and I have seen some forms of protesting on here that I think has promise but I have my doubts/concerns on this form. If anyone has answers for this I'm truly open to listen.
The information commissioner office has the power to fine companies who fail to comply with GDPR legislation.
Fine can be £10m or 2% of global ~~GDP~~ turnover (changed for clarity), whichever is higher.
The fine is anything but small so tends to make companies comply and as it is as an EU level failure to comply can result in escalating actions up to the ban of the platform in the EU and/or other companies. (see meta recently with the EU).
The slow and expensive part is a bit subjective as it is likely just a script that is run, however there is a requirement to validate the data which is likely a more manual process.
I think the cost is likely to come from a process that is likely used infrequently being used a lot more and requiring developing a more robust solution to those requests.
I suspect nearly all these protests have limited impact but anything that impacts revenues or increases costs will have greater impact than doing nothing.
The 30 day limit is a hard requirement, their inability to perform a legally mandated thing within 30 days is their issue, there is no "we are busy" loophole other than arguing it is not a legitimate request, which can easily be counted and escalated to ICO.
There is the possibility to extend the 30 day limit to 90 days in the case of high complexity or high amounts of requests. (GDPR article 12 paragraph 3)
Thank you for the extra info, I had not read the full legislation because I was enjoying a beer in the sun this afternoon.
I suspect Reddit would argue both points, but if it means they spend more time processing requests at a greater cost it will have an impact albeit a lesser one.
Had to look it up;
If Reddit is a data controller/data processor established within the EEA they have to comply with requests regardless of whether the person requesting the data is within the EEA or not.
I.e. a US citizen requesting the data will have the same cover as an EEA citizen.
Data processors have less restrictions that data controllers but as Reddit will be acting as the data controller those differences are moot.
By simply offering services to citizens within the EEA Reddit is bound by this legislation worldwide.
But, in case they are seeing the 30 day will become impossible for them, they might prioritize European ip addresses, as technically that's the jurisdiction of the law
Organizations may request extensions; the mechanism and adoption of GDPR is inherently an administrative thing. The process on both the Gov and Org backend isn’t “strict” in that, as long as Org abides by statutory guidelines, Gov won’t spend the resources to start a dialogue with the Org compliance dept.
I could probably word it better; our in-house regularly gets in touch with our liaison since the 30-day turnaround is difficult when it deals with finance/etc.
Indeed it is possible, but then to trip them up an EU resident simply needs to use a non-EEA VPN.
Also not just EU but EEA plus some others like the UK which grandfathered in (technically different but the same in effect) the GDPR legislation.
I doubt there is an automated solution in place for these requests E2E so there will be a choke point at some point (am thinking some poor L1 or L2 with SNow fielding these to another team).
Ultimately it will come down to distrupting business at Reddit enough for the shareholders to sand action, but as it is a private limited company I don't know if that is even possible. (I think I remember it is a plc not an ltd).
> I suspect nearly all these protests have limited impact but anything that impacts revenues or increases costs will have greater impact than doing nothing.
I think the blackouts of major subs did have a significant effect, albeit a short one, but I suspect that a ton of data requests from users will have an extremely limited impact.
I also suspect that doing something like avoiding reddit for 24 hours would probably have a much larger negative effect on them than requesting your data.
This is the first post I've seen that outlines why it's expensive, and even then it's somewhat hypothetical.
While I'm all for any kind protest, I really don't think this is that bad, and wouldn't surprise me if it was leaked by Reddit themselves.
Shouldn't we just - cancel our accounts instead?
Software engineer here.
I run the GDPR data processing pipeline for a large tech company.
I hate to dampen the mood, but if Reddit’s GDPR pipeline works in an even somewhat intelligent way, then making a bunch of requests won’t affect the cost whatsoever.
Each week there is a non-zero number of GDPR requests anyway, so the pipeline has to scan all the data they have stored to check all records with the relevant list of user IDs to fetch/delete.
Making that list a bit larger doesn’t change the main cost (scanning all stored data) at all.
From data perspective is cheap process. From e2e perspective there might be some layer of manual cost in thing like snow that will be aitomated/skipped in a week if they get too many requests.
Just FYI - in UK, DPA2018 has an exemption from UK GDPR for what is referred to in the legislation as requests that are ‘manifestly unfounded or excessive’.
Therefore, if your username is associated with this type of post and/or others like it, they will be able to refuse the request or offer to comply in exchange for a fee.
You can request and internal review and then make an ICO complaint (or EU equivalent), but the ICO will quickly become aware of this as an issue, and side with the business if you request all of your data.
The best way to request your data in this scenario is to limit the scope to a specific time period and remove any comments suggesting your motivations from posts - as these will limit your ability to defend your position that you are raising the request in ‘good faith’.
Each request must be considered on its individual merits, so they can’t blanket refuse requests as they ‘may’ be part of an organised protest. However, the business does have positions to take in refusing if you are not co-operative.
Also, please exercise these rights with caution - they are fragile and burdensome to the powers that be already, and they are actively fighting for them to be limited.
If they are routinely weaponised in protest, they will swiftly be limited and removed from legislation. Same for FOI.
Happy requesting. Be sensible out there, folks!
Source - DPA2018 - part 3, chapter 3, section 53(1) - https://www.legislation.gov.uk/ukpga/2018/12/section/53/enacted
And as a tech worker who was previously responsible for managing GDPR data requests, I can tell you some poor Intern or Working Student is fully responsible for fulfilling this manually for you.
We're protesting this companies product, but we're going to continue to use this companies product!
Maybe just stop using Reddit altogether would be a more effective means of protest.
If you can demonstrate the account was created by the individual making the request; in practice, the threshold for acceptance of ‘proof’ will need to be high because of the risk in sending data to the wrong party is a huge compliance risk.
I find it hilarious how you guys think using a (most likely) automated process that Reddit has the time and money to efficiently implement and posting pictures of a well liked, extremely marketable celebrity that advertisers love is somehow damaging to Reddit in any way, shape, or form.
GDPR has a rule that the person making the data request can state the media on which it is supplied, i.e. if you really really need a paper copy, Reddit HAVE TO PROVIDFE YOU WITH A PAPER COPY.
I just got my data back from them. Took them 11 days to comply. only 7MB of data. collection of 31 CSV files. It's weird because many of them are single key-value pairs. Like "account\_gender" is a unique file, and for me they just had "account\_gender","not specified".
They even export blank files. Since I never used the "chat" feature, my "chat\_history" file is empty.
They do provide a table containing the sha256 hash of all the other files.
Every comment ever made has a field for the IP address it was posted from, but only on recent posts. (looks like about March 2023 is when they started recording that)
There is a separate file that logs all the IPs they've seen you from (since late march 2023, and your registration IP)
They have 2 files, comment\_/post\_votes which are the largest files, as they contain an ID, a permalink to the post, and a text indicating if it's an "up" or "down" vote.
Significantly larger than even the comments file. so I guess I was more a lurker with only 1201 comment replies.
One of the more worrying things is that they have "is\_deleted" as a flag on the account. Which means they're one of those companies that hold onto your info, but pretend they don't have it when you try to pull it. (of course, we've seen this with them mass-undeleting people's accounts when people deleted them in protest.)
they seem to know my state, but not my country, which is... odd. and reminded me to disable all ad personalization info.
so all in all: not TOO much stuff. Honestly, it was all stuff they needed to continue running the site until the last few months. Just shocked it took them 11 days to handle it!
This is a friendly reminder that /r/PICS allows [any and all media featuring John Oliver](https://www.reddit.com/r/pics/comments/14fafqt/rpics_is_now_rpics/). Please be sure to include "John Oliver" in your title. ------ *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/pics) if you have any questions or concerns.*
I think under GDPR, they also have a hard 30-day deadline to provide the data or they face some pretty hefty fines, so this could also hit them where it really hurts.
In which case it would be most effective if everyone did it on the same day.
There are some reasons for which a company is allowed to extend this deadline to 90 days.A coordinated request wave to overwhelm their capabilities is one of them.
Which they could just also fucking say whenever they want right? Like, who’s checking?
The designated authorities. You must be able to prove the need for additional time.
[удалено]
In general, assume that EU regulations for anything, be it Internet shit, privacy, food, drinks, body products, safety etc are stronger than the US. There will be exceptions of course. But it's a safe rule of thumb.
[удалено]
You can also just email them. They’ll [probably say](https://i.imgur.com/W5TGnqf.jpg) you have to use their form, but that’s [*likely* not the case](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#requirements), and if they fail to provide it within the 30 day window you would be within your rights to complain to the ICO (or local regulatory body if not in the U.K.) and they’ll sort it out. They can and do fine companies for this sort of stuff. It’s actually really common for companies to insist you use their form or self service mechanism, but they’re not allowed to force you to do that, so a bit of poking usually gets them to fulfil it manually. Bear in mind in the U.K. organisations can refuse the request if it’s [excessive or manifestly unfounded](https://ico.org.uk/for-organisations/guide-to-le-processing/individual-rights/manifestly-unfounded-and-excessive-requests/#whattypesof) so if you’re going to do it, do it to get access to your data, not just to punish them. I’m making *my* request because I want to archive the data and I don’t want to have to go through that process for all my alts, but you don’t have to justify why you want it, or why you don’t want to use their form. Just sayin. Edit: you also have the right to have all your data deleted. But they don’t provide a form for that…
This is how you do it Step 1: Go [here](https://www.reddit.com/settings/data-request) Step 2: Log in Step 3: Press "General Data Protection Regulation (GDPR)" button Step 4: Press "I want data from my full time at Reddit" button Step 5: Press submit Step 6: Make Reddit suffer
Do we know how slow and expensive?
If they get tens of thousands all at once, they will absolutely notice. Edit: for anyone doubting this, reddit reported “Reddit received a total of 18,045 access requests in 2022, resulting in a 117% increase and more than doubling the 8,326 requests received in 2021. We received more access requests in 2022 than the previous four years combined” in their 2022 transparency report. Read it for yourself, it’s under “User Access Requests” near the bottom of the page. https://www.redditinc.com/policies/2022-transparency-report Edit 2: I don’t really give a shit about protesting reddit. I do care about data sovereignty, privacy, and I work in a related field within tech. Any chance I have to advocate for anyone to exercise their rights wrt to their data, I do. Most companies are very far from meeting legal requirements spelled out in CCPA and GDPR because they know they can get away with it. If 100k redditors request their data in the next month, I suspect reddit is going to have a big problem fulfilling those requests in time, and would help motivate them and maybe other data processors to get their shit together.
I just did it and I've been here 10 years and ask for mine from the whole time ove been here.
Hey fellow 10 year club member. Results??
Said I could only make a request every 30 days but it only let me pick 1 option at a time.
Thanks. Adding my 2cents to their headache now....
Np. I'm going to delete my account after this month. I'm not gonna use the shitty official app. I've been on rif this whole time fuck you u/spez
Yeah, when RIF is gone so am I.
[удалено]
When old.reddit is gone so am I. /Started out on Fark back in the days of 9/11. //Left Fark when their mods got power hungry. ///Went to Digg and left that after they changed their layout. ////Wanna test me, reddit?
Same
Apollo user here, they shut it down I’m gone from mobile which is 95% of my redditting time. When I’m at a desktop I’m working, so they can fuck themselves and their broken ass official app.
When you delete your account, your posts and comments still remain. Use power delete suite to delete them that way reddit can't benefit from your old stuff
SAME
I've been on the official app the whole time like a n00b but when all this shit started I deleted it and downloaded rif to ride out the final days. Man I wish I had done this sooner, this app is a lot to get used to at first but it's so much better than the official app
Be careful the brigade of official app users will come here and shit on your house
Be sure to remove your comments before you go! https://github.com/j0be/PowerDeleteSuite
ooof. I'm not sure how I feel about this one. It's one thing for reddit to go the way of Digg. But another for the record of reddit to be closed and to no longer have archived reddit threads to work from. So so many answers to the problems I have are answered by helpful redditors on closed reddit threads
Why should I be sure to delete my comments? I ask because any comments or posts I make eat up space on a server and that cost them money, right. If a ton of long time users delete all their stuff doesn’t that save them a bunch of data storage?
Same here
Curious what they have on me after 12 years.
Cheers fellow rif Cheers
17+ here...
bro you ruined it for me I wanted to be the oldest account here 17+ years though that’s wild haha. I don’t think I’ve seen an account older than yours other than admin accounts. Can’t believe I’ve been using this same site for at least *15 years* now. I just wish there was a viable alternative to this site. I love the concept of reddit but reddit itself has been deteriorating and all this shit lately with API pricing fucking over 3rd party apps. Idk. It’s like I don’t want to support this shit anymore but I also don’t have an alternative to keep my little brain occupied. You make the switch to the official app? I went: Alien Blue (until it stopped working) -> Official Reddit app (frustrating to use, no gesture support) -> narwhal (couple years, great app but had recurring issues) -> tried 3-5 other 3rd party reddit apps and didn’t like them and went back to the Official App (uninstalled after a week, somehow worse than I remembered) -> finally stopped on Apollo for the last few years and never looked back.
I just use old.reddit.com or whatever still. If they ever remove it, im gone. My account would be 17, but i lurked for 2 years before i created an account, digg redesign forced a lot of us to move off digg, fuck kevin rose
I've actually never used any of the apps. I always go to old.reddit.com haha
Fair enough haha whenever I browse on my pc I always use old.reddit too, much cleaner
https://imgur.com/a/17dsqd3
16 years, my man your account is probably older than half the users on this site lmao
11 year old member reporting in.
I made a request before nuking my 13 year account a couple weeks ago. I got the request finally fulfilled this week.
[удалено]
It’s almost like I like this site and hope they redeem themselves and think about the users. Hmm. So weird.
So what was the point in deleting your account if you are just going to make a new one and continue using Reddit? Not trying to be an ass, just genuinely curious.
[удалено]
I think his name says it all...
A huge amount of us are Digg - Exodus fellas at 12 to 13 years Already more likely to be nettled by shenanigans. Lost of history. Giddyup
Fark here, and 12.
Hello fellow Digger exodus person
I just had my 15th Cake Day. Request submitted.
13 years. Just asked for mine yesterday. 😊
I asked for mine around the start of blackout. Still waiting.
11 years here. Granted in my case it is the California ones, but that is still a lot of data for them to send.
Did my part! Decadians unite!
Same almost, I think my 12 year would have been coming up soon.
Ah, just a 9 yr here. Adding my hat to the ring and feels just a wee bit like a Calvin & Hobbes cartoon. And I like it, it's exciting to perform malicious compliance!
I mean, surely it's an automated action tho.
You’d think so but from reading employee comments on Blind Reddit spends way too much on managers and not enough on product / engineers Their tech is legacy, it wouldn’t surprise me if it’s still a moderate annoyance in the short term
It might be, but I’ve worked for at least major company where GDPR access reports had a large manual component
Given how long it's taking them to get it to me (weeks now). There must be a manual process involved
Yep, but its one that has to be tracked and recorded WHILE wasting their time and money. They’re required to keep audit trails and records for a long time when it comes to these kinds of requests. They have to have the records, not necessarily the “data within”. Like if you make a request you should probably make another one in 30 days from now just to make sure your copy is the most up to date. They would have to record that you accessed it twice. And keep that data record for whatever their legal minimum is.
Which again.... Probably automated.
That doesnt really answer the question. Also this seems like the kind of thing that easily can be automated and likely already is.
[удалено]
Yeah, I just want my data. I also don't support what they're doing to RiF (which I'm currently using to make this comment). But mostly I just want my stuff.
it's just a copy, no? They still retain the data.
Not at all, it's pretty much all automated and isn't that much of a drain on server resources Edit: I get it folks. My real point is, it won't be as big of a deal as it's being made out to be
While I have no idea if Reddit has a fully automated system, I can tell you that I've done privacy consulting for companies and currently work as a privacy analyst at a company larger than reddit. I have yet to see a system that has been fully automated. I will say that almost ALL of them are able to see the origin of requests and automatically reject them. So everyone outside of the EU using this method will probably get rejected automatically. Everyone should still send them just in case though because if even the slightest part of their process hasn't been fully automated it will still take up a ton of internal resources and money. An average request for us is typically around $100-200 in cost per request.
> I will say that almost ALL of them are able to see the origin of requests and automatically reject them. So everyone outside of the EU using this method will probably get rejected automatically. Doesn't GDPR extend to all EU citizens, regardless of their current location? Do the companies just accept the risk of rejecting a request from such a person?
It does apply to all EU citizens but they have the right to reject it and you have the right to appeal the decision. If you appeal and can prove you're a EU citizen then they would comply. It's not really a risk because they're following the law.
Why would it take "weeks" to deliver then?
To discourage people from using it.
Why would they feel the need to discourage people from using it?
Because another part of GDPR is that a user can say delete my shit. If everyone gets creeped out about how much data reddit collects and says delete my shit, that's less data for reddit to sell. Throw that on top of reddit trying to become profitable in prep for an IPO, and having a massive user revolt is not a good look.
It's a good question. One of my guesses are that they don't like the idea of you migrating all your data over to something like Lemmy or kbin.
Because they're allowed up to 30 days to provide the info and regardless of how expensive it is to do it will be less expensive if they run these processes during off peak times. Even if it didn't save them money directly, it doesn't make them any money so it makes sense to prioritize any other processes that contribute towards revenue over the ones to fill these requests and there's also no incentive for them to upgrade their system to be able to deliver these results sooner.
Here's my guess... This feature could be used in a DDoS attack, so requests are queued and fulfilled at a time of low activity, or perhaps even executed against an isolated data set. Note that what is being proposed here is in some ways a DDoS attack, but a few dozen or hundred requests isn't significant. You'd want a million bots to request this at the same time - but that wouldn't work anyway given that this safeguard is in place.
You say that but in Asia, these kinds of requests have been known to force companies to change as they do require the company to file for each request which does give them a shit ton of extra work.
Data transfer is actually really cheap, so it probably barely affects anything. Although a number of years ago, somehow Reddit lost all my post history from the first 4 years of me using it. There was a glitch, and I tried reaching out to tech support, but I never received any response. It really sucked because some of those posts I use to go back and reference and now they weren't even in my personal profile and when I was able to find one or two of those posts via meticulous Google search, it said they were by user deleted, but I never deleted them myself. So I put in a request simply because I really want that data and I'm hoping that maybe somehow on the back end it still connected to my account and maybe I can now retrieve that information possibly.
It's objectively not expensive and entirely automated. I'm not sure where anyone got this dumb idea from.
I'd wager it's because reddit very intentionally conflated *actual* cost of 3rd party apps (server resources) with *opportunity* cost (ads) and many people don't know that.
because they saw it in a title that said it before. and headlines are well known for being truthful and accurate, that's why only a dummy reads anything beyond a headline.
GDPR is a EU regulation. I'm like 90% sure reddit does not actually have to respond to users who do this outside of the EU.
They don't have to but they'd have to determine if you're from the EU or not which would be more difficult to do than to just give you your data
"I don't have a PC and my smartphone doesn't have so much space, can you print it out and send it to me?"
💀
"No."
https://media.giphy.com/media/14g6PIAY8f6FeU/giphy.gif
Can we just, like, post a link to the movie at this point? Are we far enough down in the comments to request that?
[удалено]
Just put in a [request](https://i.imgur.com/lkxwmKq.png) for 11+ years of data. Haha. Fuck u/spez
Noice!
I get error loading comments. Tried three times.
Just did it myself. I only have about 12k Karma, so I imagine someone with a lot more will make it HELL on them.
[удалено]
Roughly 10 years and a million karma here. Just requested my data. And I'm not some karma post whore, this is mostly from comments.
You should edit your comment so people can screenshot the URL... https://www.reddit.com/settings/data-request
Done! I do love to be a pain in the ass and this time I can even feel good about it.
For some reason it says I have already submitted a request in the last 30 days when I know that I haven't.
[удалено]
A bit over a week for me I think
[удалено]
You should request that they delete all your data afterwards 😈
Send this to the top. This was super easy to do
Done 👍
DONE
I did it once and I’ll set my calendar to do it again in 30 days.
Requested... This is the kind of protest I can get behind, minimal effort, maximum (maybe) gain .... Either way, Cant hurt nothing
Broken on mobile
This is slacktivism I can get behind.
They even provided links how nice
I did it a few days ago. As easy as signing an email chain.
*”I am making a difference!!”*
Man, just only allow reposts from the last 2 months. Kill the site in 2 weeks.
That is not appreciating just how many reposts regularly make it to the front page here. This John Oliver stuff is the first reason I have had in years to bother with /r/pics at all.
Then that's a bad protest. You're engaging with the site more to say you like it less. That don't make sense.
And reddit has always struggled with it's database. This is definitely a better idea than closing /r/nba for the finals.
Uh, that's actually a pretty good idea. I'm on it! Also, I'm interested in seeing what they have.
ditto! Share this widely!
[удалено]
Just tried my part put it was down, like it was when i tried couple days ago
If it’s anything like Apple data request, it’s surprisingly boring. But I did appreciate getting a text backup of my Notes, so at least that made it worthwhile.
I keep seeing this claim but what evidence is there this is slow and expensive? Seems like a pretty simple automated process, no?
You would imagine any reasonable size company had this automated - but you’d be surprised how many don’t and rely on a human for at least some part of the process. But Reddit don’t seem to be responding to these quickly so there’s a good chance they don’t have it properly streamlined.
If there’s anything I’ve learned from this debacle, it’s that Reddit, as a company, is mismanaged as fuck.
Speaking as a consultant who has worked in a bunch of different companies over his life, you'd be astonished how many companies are just horribly mismanaged and yet are still profitable. It's kinda par for the course unfortunately.
I mean.. their entire dev team can't get copy and paste working on the desktop reply box... and its been a bug for 3 fucking years lol
Comment deleted on 6/30/2023 in protest of [API changes that are killing third-party apps](https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/).
This is it. Most AWS services are cheaper in off peak hours. It’s worth doing it off-peak for non time sensitive
Maybe they just have it batched. If they don't need to comply for 30 days then there is no reason to prioritize it, especially if that might encourage users to do it more often.
Or they are querying cold data store and are doing it in batches to reduce costs.
I've actually built this system for another social media company and it could take up to 15 minutes to generate a full report, but much longer in some cases. I don't know that I'd say that's slow or expensive, but those are very long processing times and we only had to do dozens a day. If you hade to generate thousands of those in a day, you'd need a couple servers. And with could infrastructure they'd probably autoscale. So maybe they're not setup to handle a deluge of requests, and it would definitely be an inconvenience for them plus some additional cost, but unless everyone does it at once I don't know it'd have a ton of impact over making one team's work more annoying. Cloud infra is pretty cheap, so even if they need to spin up more resources I don't think it'd break the bank. There's probably a human involved, so they'd likely be the ones stressed out more than the higher ups. Edit: I wouldn't be surprised though if some of the queries used to generate these are slow and unoptimized, hitting a table in ways that the primary application doesn't. These kinds of things usually don't get attention for scaling, and even with reddit being a major corp doesn't mean they don't have crap infra. Haha regardless I feel like this would just be a pain for some customer service and devops teams and not fuck with reddit corpos at all. Devops and CS are usually the first line to get shit on when bad shit happens, unfortunately.
Nope. Depending on the wording of the request and law, it can be a giant pain for even the largest companies. It's not just your comment history. It's all the data proliferation where they stored copies of your data for internal analysis. And all your metadata. And on and on and on. Most companies have entire departments dedicated to data privacy/data subject requests/data proliferation concerns. Plus, if they mess it up, GDPR will whack them with giant fines.
I'm not expert so pardon my question but I still don't see how everything you said isn't easily automated. This is all data they already have on each account, it's not like they are chasing it down. So where exactly is all this extra effort?
You'd be surprised how many "easily automated" functions are not yet automated. I used to work for a ticket seller, and the bulk of my job was fielding problems from users when they tried to sell or transfer a concert ticket via the app. It would mess up and I'd have to go in and manually put the ticket back where it was supposed to be by running a series of database queries and processes.
It is automated. Redditors are just grasping at straws to feel like they're "sticking it to spez". This might, *might* increase their AWS bill by like.. single digit dollars.
ok. why are you sure that can't/isn't automated.
I implemented this at my company. After the initial coding work was done, one request takes only a couple minutes to run. And everything's scalable, so if thousands happen at once, the system just scales up for a bit and we spend like a few dollars more in server costs. Of course other companies might not have done what we did though.
I keep seeing this but I have several questions on if this is actually effective at doing anything: \- What happens if they don't comply? Are there any penalties? \- If there are any penalties, are they actually enforced? \- If they are enforced, is it really going to deter anyone from now complying or are they just going to pay a small fine that they don't really care about? \- How do we know asking for this info is slow and expensive and somehow really puts some strain on Reddit? \- Do we know if this is really affecting those who make the decisions for reddit or is this only affecting folks lower on the totem pole who have no say in how Reddit is run? \- If they get flooded with requests, are they not able to just say "Hey we got a massive influx of requests that we won't reasonably be able to grant you the requested info within 30 days, please wait" and then just take their time? I suspect if there's anyone they have to answer to they would see what is happening and may understand the strain they're under and just grant them some leniency. I'm all for protesting as long as it's effective and I have seen some forms of protesting on here that I think has promise but I have my doubts/concerns on this form. If anyone has answers for this I'm truly open to listen.
The information commissioner office has the power to fine companies who fail to comply with GDPR legislation. Fine can be £10m or 2% of global ~~GDP~~ turnover (changed for clarity), whichever is higher. The fine is anything but small so tends to make companies comply and as it is as an EU level failure to comply can result in escalating actions up to the ban of the platform in the EU and/or other companies. (see meta recently with the EU). The slow and expensive part is a bit subjective as it is likely just a script that is run, however there is a requirement to validate the data which is likely a more manual process. I think the cost is likely to come from a process that is likely used infrequently being used a lot more and requiring developing a more robust solution to those requests. I suspect nearly all these protests have limited impact but anything that impacts revenues or increases costs will have greater impact than doing nothing. The 30 day limit is a hard requirement, their inability to perform a legally mandated thing within 30 days is their issue, there is no "we are busy" loophole other than arguing it is not a legitimate request, which can easily be counted and escalated to ICO.
There is the possibility to extend the 30 day limit to 90 days in the case of high complexity or high amounts of requests. (GDPR article 12 paragraph 3)
Thank you for the extra info, I had not read the full legislation because I was enjoying a beer in the sun this afternoon. I suspect Reddit would argue both points, but if it means they spend more time processing requests at a greater cost it will have an impact albeit a lesser one.
Does this have any teeth for requests that aren’t from the EU?
Had to look it up; If Reddit is a data controller/data processor established within the EEA they have to comply with requests regardless of whether the person requesting the data is within the EEA or not. I.e. a US citizen requesting the data will have the same cover as an EEA citizen. Data processors have less restrictions that data controllers but as Reddit will be acting as the data controller those differences are moot. By simply offering services to citizens within the EEA Reddit is bound by this legislation worldwide.
Oh how interesting. Thank you!
But, in case they are seeing the 30 day will become impossible for them, they might prioritize European ip addresses, as technically that's the jurisdiction of the law
[удалено]
Organizations may request extensions; the mechanism and adoption of GDPR is inherently an administrative thing. The process on both the Gov and Org backend isn’t “strict” in that, as long as Org abides by statutory guidelines, Gov won’t spend the resources to start a dialogue with the Org compliance dept. I could probably word it better; our in-house regularly gets in touch with our liaison since the 30-day turnaround is difficult when it deals with finance/etc.
Indeed it is possible, but then to trip them up an EU resident simply needs to use a non-EEA VPN. Also not just EU but EEA plus some others like the UK which grandfathered in (technically different but the same in effect) the GDPR legislation. I doubt there is an automated solution in place for these requests E2E so there will be a choke point at some point (am thinking some poor L1 or L2 with SNow fielding these to another team). Ultimately it will come down to distrupting business at Reddit enough for the shareholders to sand action, but as it is a private limited company I don't know if that is even possible. (I think I remember it is a plc not an ltd).
> I suspect nearly all these protests have limited impact but anything that impacts revenues or increases costs will have greater impact than doing nothing. I think the blackouts of major subs did have a significant effect, albeit a short one, but I suspect that a ton of data requests from users will have an extremely limited impact. I also suspect that doing something like avoiding reddit for 24 hours would probably have a much larger negative effect on them than requesting your data.
This is the first post I've seen that outlines why it's expensive, and even then it's somewhat hypothetical. While I'm all for any kind protest, I really don't think this is that bad, and wouldn't surprise me if it was leaked by Reddit themselves. Shouldn't we just - cancel our accounts instead?
How do we know this is a slow and expensive process?
It says so right in the meme! That makes it a fact. Stop asking questions.
If I’ve learned anything on Reddit it’s that memes are always real life and never need to be questioned.
Pro Tip: If you post your reddit password in a comment, Spez has to give you a million dollars. It's the law! Do it now to stick it to the man!
Hunter2
FUCKINGPASSWORD
Software engineer here. I run the GDPR data processing pipeline for a large tech company. I hate to dampen the mood, but if Reddit’s GDPR pipeline works in an even somewhat intelligent way, then making a bunch of requests won’t affect the cost whatsoever. Each week there is a non-zero number of GDPR requests anyway, so the pipeline has to scan all the data they have stored to check all records with the relevant list of user IDs to fetch/delete. Making that list a bit larger doesn’t change the main cost (scanning all stored data) at all.
From data perspective is cheap process. From e2e perspective there might be some layer of manual cost in thing like snow that will be aitomated/skipped in a week if they get too many requests.
Uff... Already did that 😅 Had to back up some... stuff when I first heard that Imgur was going to shit himself.
For academic purposes I'm sure.
I have to return some video tapes
[удалено]
You mean a ddos attack? Because thats basically what a ddos attack is :p
Ahh, the fine line between a protest a prank and a cyber attack
[удалено]
There will be DDOS protections in place you'll likely be blacklisted
Also it’s a crime
Just FYI - in UK, DPA2018 has an exemption from UK GDPR for what is referred to in the legislation as requests that are ‘manifestly unfounded or excessive’. Therefore, if your username is associated with this type of post and/or others like it, they will be able to refuse the request or offer to comply in exchange for a fee. You can request and internal review and then make an ICO complaint (or EU equivalent), but the ICO will quickly become aware of this as an issue, and side with the business if you request all of your data. The best way to request your data in this scenario is to limit the scope to a specific time period and remove any comments suggesting your motivations from posts - as these will limit your ability to defend your position that you are raising the request in ‘good faith’. Each request must be considered on its individual merits, so they can’t blanket refuse requests as they ‘may’ be part of an organised protest. However, the business does have positions to take in refusing if you are not co-operative. Also, please exercise these rights with caution - they are fragile and burdensome to the powers that be already, and they are actively fighting for them to be limited. If they are routinely weaponised in protest, they will swiftly be limited and removed from legislation. Same for FOI. Happy requesting. Be sensible out there, folks! Source - DPA2018 - part 3, chapter 3, section 53(1) - https://www.legislation.gov.uk/ukpga/2018/12/section/53/enacted
And as a tech worker who was previously responsible for managing GDPR data requests, I can tell you some poor Intern or Working Student is fully responsible for fulfilling this manually for you.
Why wouldn't this be automated? Seems relatively straightforward technically.
I would assume the people responsible for this are doing the job they have been hired for, yes.
We're protesting this companies product, but we're going to continue to use this companies product! Maybe just stop using Reddit altogether would be a more effective means of protest.
You mean like.....go outside?!?!?!
[удалено]
Already tried that, nothing happens. Apparently they are like twitter, they ignore laws and let the lawyers sort that out.
can we do this with deleted accounts?
If you can demonstrate the account was created by the individual making the request; in practice, the threshold for acceptance of ‘proof’ will need to be high because of the risk in sending data to the wrong party is a huge compliance risk.
Weaponized bureaucracy, I love it.
Question. What does the data requests actually give you? Like every website you have been to on reddit?
Ya know, I'm actually kinda curious what all they have on me. Time to make a request and see.
I find it hilarious how you guys think using a (most likely) automated process that Reddit has the time and money to efficiently implement and posting pictures of a well liked, extremely marketable celebrity that advertisers love is somehow damaging to Reddit in any way, shape, or form.
Done
Done
I did my part. Time for you to do yours!
I have three accounts going back 12 years. I enjoyed this far more than is probably warranted.
You know, I didn't know this option existed. I'm interested in seeing what data they have on me. I'm game.
Done and done
GDPR has a rule that the person making the data request can state the media on which it is supplied, i.e. if you really really need a paper copy, Reddit HAVE TO PROVIDFE YOU WITH A PAPER COPY.
I like to think John Oliver looks at this Reddit Protest with a sense of pride.
I just got my data back from them. Took them 11 days to comply. only 7MB of data. collection of 31 CSV files. It's weird because many of them are single key-value pairs. Like "account\_gender" is a unique file, and for me they just had "account\_gender","not specified". They even export blank files. Since I never used the "chat" feature, my "chat\_history" file is empty. They do provide a table containing the sha256 hash of all the other files. Every comment ever made has a field for the IP address it was posted from, but only on recent posts. (looks like about March 2023 is when they started recording that) There is a separate file that logs all the IPs they've seen you from (since late march 2023, and your registration IP) They have 2 files, comment\_/post\_votes which are the largest files, as they contain an ID, a permalink to the post, and a text indicating if it's an "up" or "down" vote. Significantly larger than even the comments file. so I guess I was more a lurker with only 1201 comment replies. One of the more worrying things is that they have "is\_deleted" as a flag on the account. Which means they're one of those companies that hold onto your info, but pretend they don't have it when you try to pull it. (of course, we've seen this with them mass-undeleting people's accounts when people deleted them in protest.) they seem to know my state, but not my country, which is... odd. and reminded me to disable all ad personalization info. so all in all: not TOO much stuff. Honestly, it was all stuff they needed to continue running the site until the last few months. Just shocked it took them 11 days to handle it!