I’m still in awe of what’s happening here and wish I had a crystal ball to see the change this type of community will drive in broader social discourse. If that goal is realized, there will be very sophisticated folks looking to disrupt that progress.

As a security guy (especially in light of Reddit’s recent announcement) I had a few questions!

1.) How open are we to integrating some type of optional 2FA for users? Maybe a simple TOTP integration?
2.) Are the admins of the site implementing the right amount of fundamental controls for the backend? I’m 100% happy to provide thoughts on this if necessary! The decisions you make now, could impact us 5-6 years from now. And they’re oh-so-easy to change this early :-D.

I hope I’m posting this in the correct place. I’ve been having a disagreement with someone over the abilities of hackers. I kinda hope Deimorz pops in because he wrote automod.

I said that the only way for someone to gain access to a subreddit to make changes is if they steal a moderator’s account password or they are added to the mod team. The person I’m having a disagreement with believes that adding text to the wiki for users to view (like the extensive wiki r/skincareaddiction has) would make it easier for hackers to insert malicious code in order to gain access to the sub. This person also mentioned being able to change the subreddit through browser tools. She insists the sidebar and wiki are potential access points for scripting attacks. Automod just so happens to be enabled which is why I mentioned Deimorz.

I’m not an IT professional. My brothers currently are which helped me learn most of what I know. I’ve supplemented that over the years with whatever info I came across online. What she’s saying sounds like crazy town to me. But since I’m not a hacker, is there a way to use the sidebar or wiki area to hack into a subreddit?

Thanks in advance to anyone who pities me by providing a detailed answer to this thinly veiled request to help me win an internet argument 🙇🏾‍♀️.