Reddit’s PRISM strategy: Don’t collect what the government wants
If there’s anything the past month has taught us about the Internet, it’s that your privacy is never guaranteed. The National Security Agency’s PRISM program, revealed by whistleblower Edward Snowden in June, gives the government backdoor access to private information from nine major companies, including Microsoft, Google, Yahoo, Facebook, and Apple. Internet users are left with one lingering question: Is there anywhere my information can be safe?
Well, technically, no.
But social news site Reddit is a pretty good bet.
How has Reddit come to lead the way in protecting user privacy online?
It’s simple. “We don’t have that much personal information,” said Erik Martin, the site’s general manager. “We don’t get contacted by law enforcement that much because it is not like Facebook where they know just about everything.”
What information does Reddit collect?
To create a Reddit account, the only information you need to provide is a username and password. You can hand over an email address too, but it’s not required—a stark difference from websites like Facebook that require an email address, name, birthday, and even a telephone number for account verification. (Don’t even get us started on shadow profiles, which may exist even if you don’t have a Facebook account.)
While other companies, like Facebook and Google, have lengthy sections on how the company sells user information for advertisements, Reddit’s policy is straightforward: They do not sell user information. Ads featured on Reddit may pertain to the topic of a given community, or subreddit, but not the user’s browsing history.
Reddit does store some information, like the IP addresses (the unique number that identifies your computer on a network) of comments, posts, and messages. And it also collects log data, including your browser, the address of the external or internal page that referred you, and your IP address. But all of this information is permanently deleted after a 90-day period.
If you delete a Reddit account, the same rule applies: Reddit will dump your info. Your username will also disappear from the site. Your old comments are still viewable for practical purposes, but no one will know you wrote them.
Marta Gossage, Reddit’s head of community operations, said that the main reasons this data is collected is to fight spam and because of the limitations of the current site architecture. Both issues the site hopes to address in future changes to the policy.
Sometimes, however, Reddit’s strict adherence to user privacy causes conflict, and not necessarily with the government. The site bans doxing, or revealing identifying information of its users, to protect them from harassment. But what happens when the doxing happens in a work of journalism, which redditors then link to? That was the uncomfortable situation Reddit found itself in last October, when Gawker’s Adrian Chen revealed the identity of Violentacrez, Reddit’s most notorious troll who specialized in posting sexually suggestive images of teens.
The company banned links to the story, before backtracking about a day later. Community moderators, however, blocked the entire Gawker domain from many top forums, including r/politics. Yishan Wong, Reddit’s CEO later condemned that behavior, while suggesting that legitimate journalism, as a form of free speech, should never be banned sitewide, even if it breaks Reddit’s own rules.
“We stand for freedom of speech,” Wong wrote in a message intended for Reddit’s top moderators. “We will uphold existing rules against posting dox on reddit. But the reality is those rules end at our platform, and we will respect journalism as a form of speech that we don't ban."
In what cases would Reddit turn over your information?
Gossage said that Reddit will only turn over user information when someone’s life is in imminent danger or in cases of child pornography. In all other cases, the company will notify a user if law enforcement is seeking their information.
“Unless we have a judge-signed legal gag order, we notify the user in enough time for them to get a lawyer and fight back,” she said.
In the case of PRISM, and other secret programs we may not even know about, if a company receives a notice to turn over information, it’s completely defenseless. There is no appeals process. It can’t even reveal such a request even exists.
Gossage assured the Daily Dot that to date, Reddit has not yet received an information request from the government.
But legally, there isn’t much the government can do with the scant data Reddit does collect.
“There is not even a way for a company to challenge it, no way to say anything publicly or even to make an appeal,” Martin said. “This puts companies in a really difficult situation.”
With only 28 employees, Reddit is small compared to Facebook and Apple. And Gossage credits a shared, pro-privacy culture for the company’s success in protecting user’s information. Moving forward, she said, the company hopes to continue with the strategy of only collecting crucial information.
Privacy policies can have a profound effect on the way users interact within an online community. Sites like Reddit give users the freedom to speak openly and honestly in ways they might never feel comfortable in the real world. There’s a tradeoff here, of course: All that freedom also enables vicious trolls, racists, and misogynists to spread nastiness wherever they see fit.
Still, the Internet as we knew it was built on this kind of anonymity. Reddit, thanks to its strict privacy policies, may be the last truly influential outpost of the Internet as it used to be—a messy, bustling, antithesis to everything PRISM represents.
Photo via TylerGriffin/Flickr