/r/pics employing weaponised bureaucracy in the fight against Reddit
i.imgur.com
https://www.reddit.com/settings/data-request
Having worked at a company that had a massive influx of GDPR requests we weren’t prepared for, this one could actually cause them some trouble if Reddit don’t have that process properly automated.
They do not have it automated. I put in a request 2 weeks ago and still haven’t heard back.
CCPA and GDPR lawyers
When can you complain about the slow response?
I would not at all be surprised if the GDPR dictates a set time period to respond backed up by fines.
the GDPR gives them 30 days to honor your request I think?
Yeah it’s 30 days, though they can push it up to 90 if they have a good reason. They have to inform you of that though.
And to be fair, a large influx of data requests is probably considered a good reason.
They still have to comply within the 90 day period. If they can’t comply in that timeframe a warning or a fine could be issued.
You can also request it again every 30 days... just saying.
Expect the new Reddit automated response to data requests to push it to 90 days then.
They have 30 days I believe.
Yeah same. They might be holding back until the last minute deliberately in some 4D chess move, but like you I think it’s more likely some poor soul is preparing them manually.
I don't think they want that, they have a month before they have to come back with something or you can escalate it to a supervising body. Imagine getting taken to court because redditors flooded your GDPR response process
Idk, Mr. Inspired-by-Musk might not know or care.
Reddit has not made a single 1D chess move this entire debacle, theyre defiinitely not that intelligent.
Wouldn’t both kings (along with every other chess piece in play) have to be in the same line in 1D chess? That arguably makes things worse…
That mandatory overtime.
To save everyone from having to type:
http://www.reddit.com/settings/data-request
Also if you’re feeling extra cantankerous you could try emailing them directly: redditdatarequests@reddit.com
Even though they say you have to use their form, they can’t actually force you to do that: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#requirements
You can also mail them a letter requesting your data and they have to honor it 🤣
Haha that’s worth a go - there is basically zero chance of them responding to that properly.
Wow can you imagine how much carnage a letter based subject access request onslaught could be? There’s basically no way around employing people to open letters and then do a bunch of data entry just so they can email you and say “hey fill in this form”.
Edit: Could they even email you? Would they have to respond by post?
So I already sent mine via their link but I have another 2 accounts. One is my first one since 2013 and one from 2016. I already mass edited all my comments but I found this. https://www.datarequests.org/blog/sample-letter-gdpr-access-request/
I would actually send a letter to them for the other accounts, need to find their address and see how much it costs since I would have to most likely send it in the US.
Edit Oh wow it's the same price and I can even request to have a confirmation of delivery, in total it would be under 5€. I will send it. Need to find out the address.
This is a great idea, please post if you find their address and stuff, that would make an amazing second wave of protest. Even if you’ve already made the request they’ve still got to open the letter, type your username to check - wouldn’t take more than a few hundred of those to cause problems.
I wonder if a letter sending device like this would work?
I don't see why it wouldn't work with that service but I would go and deliver it by hand to the post office, to make it more authentic.
I found this: https://opencorporates.com/companies/us_ca/3419700 https://craft.co/reddit
I would insist that they print the information out and mail it to me. 😂
Can you also request they provide the information in print?
You need to put the link to the advice for EU users.
Thank you for this.
DONE.
Thanks!
Posting pictures of Jon Oliver does nothing. A German reddit mod told me, that the admins themselves suggested that the German mods should do this kind of protest instead of keeping the sub in NSFW mode 🤡. The NSFW action + blackout was the only thing that actually hurt them.
Making popular subreddits NSFW clearly hurts them, because Reddit has been forcing them to switch it off. They've also been forcing subreddits to reopen if they've been restricted. So those two options aren't really very viable for every sub.
I suspect this one hurts them too because this post is not visible any more unless you go directly to it or via the pics subreddit - despite it being newer and having more votes than other posts in there that are on the homepage and in popular.
If even a quarter of the people that upvoted this post clicked through to the request form they're gonna have tens of thousands of these requests to deal with.
Well, switching to NSFW not only limits their revenue to to their self-declared restriction on advertising in those subs, but - and I think this is more important - those subs go dark for the purpose of reddit's front page. They made the change a couple years ago to exclude all nsfw subs from r/all. There was no need to; r/best was already r/all without the NSFW subs. Any sub that is excluded from r/all is invisible to the eyeballs which pay the bills because that's the default home page.
Yeah I mean it's a great idea, but the admins are literally removing moderators from subs that turn themselves nsfw - eg interestingasfuck is still unmoderated and locked.
I mean clearly the best choice for the mods is to comply with removing the nsfw tag but tell their communities that they are not going to be moderating nsfw posts, so please post maximum porn.
Tell Reddit with that action that they can make all the rules they want but it's not going to get the mods to actually follow them.
Problem is they’ll just remove the mods then. The rules around policing nsfw content are pretty well established, mods that don’t do it get quickly removed.
TBH I was originally surprised it didn’t happen more (booting mods ). Realistically, though, getting a 24/7/365 team in place to do modding costs money so I’m sure they’re trying to pick and choose where/when to switch from volunteer to paid help.
Exactly. Especially a subreddit whose entire purpose is posting pictures, why would reddit care if all those pictures are of a single celebrity.
Is there even anything that can be done at this point?
overwriting all your posts multiple times before deleting them and walking away so reddit can die seems like a pretty good option right now. I mean we're already talking about this on lemmy instead of reddit so why not? Corporations need to learn the lessons "don't crap where you eat" and "at war with
the productusers = your business is done, so respectthe productusers "This is exactly what I did one week ago when I decided to leave Reddit. They still haven't gotten back to me
This is the same for me! "A message will be sent to your reddit inbox" complete silence. Though the submission message said it could take 30 days or something.
The GDPR states, that request must be completed within a month. In case you're from Europe, you could report reddit to your local authorities if they don't respond within that time frame. A single report won't probably cause a reaction. But several reports from several individuals on the other hand...
Oh I wasn't aware of this. Very tempting. Now I lowkey wish they miss the deadline on one of the six accounts I requested the data for, so I can do some European style trolling.
Yeah I did this not to just mess with them. I did it cause I'm leaving and I want my data.
Remind me to never run a company (into the ground) and piss off the entire internet 🤣
Edit: Also, done.
Just did it for my 10yr old 150k karma account.
Thanks for posting this over here. I otherwise wouldn't have known this was going on. As I used a mostly lurker account for game day threads I wasn't going to bother with a data request. It's a whole different story if we can inundate them though. Request submitted. o7
also did my part 🫡
I put mine in today.
I did just now as well.
I loaded up Reddit and did my part. For those who still have Reddit accounts, upvote the original to keep it at the top
Kk
Also, remember the threat that Reddit presented to capitalism's status quo around the height of antiwork and GME.
If Reddit falls, it will be on purpose (by the people running/funding Reddit. Same as the 180 of Twitter as a somewhat legitimate forum - Twitter being a key organizing tool during the Arab Spring (with the Saudis being the largest investor in Twitter behind elon of course).
Billionaires do each other favors to keep the class war in balance.
This is an insightful take that I've not seen discussed as much as I think it should be. People like to make fun of billionaires for being apparently stupid, but there's more going on here when the stupid decisions of these billionaires are resulting in directly destroying tools that have become increasingly and specifically used for anticapitalist actions.
Hence also why Meta is so interested in getting in on the fediverse in whatever capacity they can; they want to influence and direct the conversations of the working people in opposition to them, and eventually they'll try to destroy this too.
Don't forget OWS
Exactly, all of it is an attack on the left.
Me and all my alts covering around 10 years have requested 😈
Just did it, fuck 'em.
Quite a longer process I think. In the end the only nice thing I got from this whole mess is to discover lemmy. I also suggest everyone to check Mastodon as Twitter alternative. Fk monopolies ✊️
Lemmy is so nice, I almost didn't feel the switch between platforms it's pretty much the same.
It's nice not feeling like there's an algorithm looming over me. I'd browse a sub more than usual one or two times, Reddit blows up my feed with that sub. Sometimes I wouldn't see anything from some other subs unless I made a point to go visit them.
Well, i'm still getting the hang of it, but so far is quite good. Btw I suggest to any Android user the app Jerboa, way better of the alternative I've find in the store 👌
Yeah stuff that, additionally saved my one Frontpage post and then deleted all comments and posts and finally my account
They've been bringing post back after they were deleted, so this might not be a foolproof solution
I deleted my posts but not my account so that I can keep deleting them.
I deleted my accounts, so I can't do anything about it anymore
Still, it's a scummy behavior in the first place so I honestly didn't expect it (even though that never stopped them before)
Makes me wish I wasn't so quick to delete my account.
Methinks you can also do that request for a deleted account? You'd have to do it by email then I guess (redditdatarequests@reddit.com).
You can still do it. Email them! They’ll insist you use their form but keep pushing.
Oh ya? Ok I'll try thanks!
Just put the request, now I only have to wait a geological era to have my data back
They haven't responded to requests from weeks ago when everyone was backing up their content
I would be really surprised if it isn't automated. I would think they just delay as long as possible to provide the info back.
You’d be surprised. I’ve worked with some even pretty large companies that just don’t have a good process for this and rely on people doing some semi-manual process to prepare a response. My current employer got swamped with requests unexpectedly and had a hard time dealing with them all.
Interestingly finding them was the hardest part because requests can come in to any part of your business, even via social media: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#socialmedia
Not that easy, it's not a simple SQL query: https://gdpr.eu/checklist/
If they give you some data under that framework, then it implicitly means that legally they acknowledge that they have checked all of those boxes. So before they give you the data there are probably lots of "are we incriminating ourselves by giving this guy this piece of data?" questions that they're asking themselves.
shh... some developers in my team would take that as a challenge and cook up a 3000 lines long stored procedure
Is June 30th specifically the best time to do this… so they know why? Or should I just do it now?
Don’t think it matters, but they’ll certainly get a lot today from this post in r/pics, it’s on like 15k votes. Today is probably as good a time as any.
Do it now to give them less time to respond to it
That's genius! I just did it myself.
You could consider making a data request first and after they respond, make a deletion request when you’d like your account removed. This will use even more resources.
If they do not respond to either the data request or deletion request (or do not fulfil these requests fully), you can make a complaint with your local data protection office or the one Reddit is based in (maybe Ireland?). Make sure you invoke GDPR using the correct language for your request.
Here’s a template letter of how to do so under GDPR. You must request your data or the deletion of you data using the correct legal framework (quoting the correct legislation) and these templates make this easy. Plus they cover more types of data than just your posts and comments.
https://www.datarequests.org/sample-letters/
Whenever I do this with other companies I do a SAR to get a copy of the data, then a RTBF request to get the data removed, then another SAR to see what they retained.
A significant number say they delete your data and then happily send it back to you a coupla months later when you make an SAR. The ICO loves those ones.
That's a great idea, I'll do this too.
Having also worked somewhere that was under GDPR, weaponised bureaucracy like this can really be used to consume staff resources.
Edit: it looks like Reddit have changed their data request form. To make a full GDPR request, with the additional data in the template, you'll need to email your request to Reddit (redditdatarequests@reddit.com).
You can not only request your data, but also request information regarding how your data is processed and also about psudo-anonymised data. These are much harder to automate a response to.
See here for examples from the template:
I've done this, but how much time is needed to automate it? If it's 1-2 week they can just automate and then process all the past and future requests in buk
Still means that they have a problem to resolve which is a w
Done
Request submitted
Done!
Well my account is not that old, but i did my part.
Done as well
Awesome idea! Just threw in my request.
I was a redditor for 15 fucking years before they suspended all of my accounts after a mod permabanned me from /politics and I accidentally posted from another account weeks later.
I posted A LOT over those years, from a ton of various accounts. (One of my biggest fears was getting doxxed so I had a bunch of burners and accounts for specific niche interests and such.)
Just requested full data history for all ~10 of my accounts. Fuck reddit.
Kk going hard.
I did it on all my alts lol.
Done and done!
Already nuking my account, and im not in the eu/us region
Can still participate?
Yes 100%. They have an EU presence so this applies to all the data they hold about anyone.
Quite a longer process I think. In the end the only nice thing I got from this whole mess is to discover lemmy. I also suggest everyone to check Mastodon as Twitter alternative. Fk monopolies ✊️
I did my part