The biggest problem with Reddit is that their only source of revenue basically demands you to create a completely new ad for ONLY that platform. For everything else you can just make an iframe, drop whatever malicious blinking crap you want, send it to the wild and let ad networks sell and resell space and sometimes drop your ad in it, pay pennies for clicks and even less pennies for each time it's been served.
They haven't tried to enter any ad ecosystem, haven't tried to monetize the massive amount of creativity or anything on the platform. Granted, it's really hard to say "Hey, we've shown your news article to 10 million people, pls pay us" when the news site itself is struggling to get any revenue from those millions of clicks. Not to mention the site might have a question reddit reeeeallly doesn't want to answer "So, was it in a neo-nazi subforum or a porn subforum?"
Yeah, there's just been nothing in ten years. An IPO at this point is nothing but a cash grab awaiting the death of the platform.
What's interesting about the "they should go programmatic" argument is that programmatic ads are increasingly less lucrative thanks to low-quality traffic and the perceived ineffectiveness of cookie-based retargeting. (Yes, please, show me a hundred banner ads for that pair of pants I literally just purchased!) Programmatic ads also tend to generate more profit for the middlemen who broker transactions than they do for the publishers who display ads; once all of the ad platforms involved in the transaction have taken their cut, there's not much left.
In response to this, some people have been driving a push back to traditional/contextual ads, similar to what Reddit is currently doing. So, in theory, if Reddit is selling Guaranteed High Quality ad space, and selling it to brands with whom they have a direct partnership,[2] and not getting skimmed off the top by middlemen, they should be raking in the advertising dollars. Right?
But they're clearly not! Or not nearly enough to be profitable.
The efforts against third-party apps are clearly an attempt to drive more ad impressions (because you can't drive impressions if users aren't in an environment where you can serve impressions), but I somehow doubt that that's gonna make a big difference, even if third-party-app-users all threw up their hands and migrated, without protest, to official channels.
[1] The real cash cow among programmatic ads is video advertising, since those placements are more valuable and fetch a higher price, but I also see that as a trap for Reddit—their decision to start natively hosting video seems pretty short-sighted for a company that's already not breaking even. If they wanted to go hard on video ads, they'd have to start prioritizing more video content, which means hosting more video content....
[2] Perhaps not for nothing that half the ads on Reddit these days are for that vaguely evangelistic "He Gets Us" campaign. The buyers clearly have money to throw around, but the relative lack of other ads mixed in has to say something about the (lack of) demand for Reddit's inventory.
There's no reason they couldn't do both, really. They could have spaces for traditional ads, and they could have those direct partnerships.
Direct partnerships might be nice in theory, but it will always require a separate decision and process from the company to partner with Reddit. Considering there are hundreds of different avenues people could be advertising on, I'm guessing Reddit is kind of low on the list.
I feel that's pretty disingenuous. Like you noticed the server-side code is active, and changing server address would be a niche-of-a-niche activity. Also, what would be the point of going after Signal's servers? Even if a/the government got a hold of all the data in there, it's encrypted with client keys. I mean sure, if they took over secretly and became a malicious MITM that's different, but it's still only for any future messages, not history. Not to mention I'd be inclined to believe they'd get the word out.
Signal's research and protocol is already used in, well, basically each and every discussion/video platform. WhatsApp, Telegram, Skype, Facebook Messenger, Google Messages, Duo... so it's hard to see Signal becoming more ubiquitous. Seeing the app more will probably happen naturally when events happen (like the WhatsApp privacy change) to drive people towards more secure platforms, but honestly I don't really see a major shift anytime soon.
2018 Nov: Company breached, seems most likely database of 40,000 mental health records including PII (duh), contact information and treatment history and notes was stolen at this time.
2019 Mar: Another breach. This causes Vastaamo to increase security and close the holes the hackers used.
2019 Apr/May: Independent security company (not named) performs audit since the company was to be sold. Some improvements were suggested, no major security flaws were found.
2020 Aug/Sep: Vastaamo receives threat from hacker if they will not pay 40BTC the hacker will release the database. Until they do the hacker will release 100 records per day.
2020 Sep/Oct: Infosec company Nixu researches Vastaamo systems, reporting that the breach that stole the database was probably made in November 2018, possibly single records in subsequent breaches.
2020 Oct: Individuals whose information was not in the already-leaked records have been contacted and extorted individually.
After that, in no particular order:
* 300 records have been leaked. The hacker seems to have stopped, though.
* Single records not included in the 400 have surfaced on
TOR web
* A site on TOR was up for a while with several similarly-named files, one a 10GB tar that is rumored to be database. Partial downloads have been reported. Edit: Also program snippets etc included, with possible 'digital fingerprint' according to Mikko Hyppönen, a well-known Finnish security expert.
* An IP address related to the hack has been traced to Inkoo, Finland.
CEO claims the 2020 Nixu report was the first time he heard of the breaches and that's why the new CEO or board were not informed -- which seems awfully sus, considering several breaches were made and a reactionary battering down the hatches as well as an external audit were made.
Further, people who work or used to work at Vastaamo have come out claiming toxic work environment, threats of lawsuits if they speak out against the company, bad working conditions and a large number of ethical violations (like using as advertisement names and reputation of people who don't work for them). It also appears they've been sending social security numbers in plaintext over email. Claims have also been made that the database and system were outdated and only had default passwords and no real attempt at securing the data or even servers have been made, but of course nothing is public yet. Possibly never will be.
All in all, looks like the previous owner is a bona fide scumbag with all the bells and whistles that entail. And, of course as is fashionable, when asked about these things his responses have been "I have no knowledge of that" and "I do not recall." And, of course, affected people have found out about this from the news and not Vastaamo themselves.
My heart goes out to the people affected, it takes courage and effort to start working out mental health problems and this has probably been a devastating blow to many.
Oh man, THANK YOU for this. What an amazing article!
>He grew up on Manhattan's Upper East Side, the son of a pioneering necktie manufacturer, James Lehrer
That's just hilarious. I can't think of anything more appropriate than a necktie manufacturer family.
In any case, if anyone is unfamiliar with Tom Lehrer, I encourage you to take a wiki dive and then listen to his music. This guy taught mathematics at Harvard, then accidentally sold 10,000 copies of a vinyl of his songs in a few weeks, then went on to tour the US and the world.
His works remain some of the brightest, most convivial, most haunting and poignant works of song to date. He sings clever happy songs of things like pollution, patricide, nuclear holocaust, arson, murder, racism, plagiarism, criminal boy scouts, disease and crime in Mexico and, of course, the eternal desire of the common man to poison pigeons in the park.
Like "Weird Al" Yankovic says in that article, Tom Lehrer remains the modern Tom Lehrer today. There's just no one like him and the way his songs have remained so relevant up to this day is something I find myself in awe of. He just... took a look at society, grokked it on a primordial level and wrote songs that I will end up teaching my kids and they'll go "Wait, they had these things 80 years ago?"
EDIT: Also, OP title is wrong, Lehrer simply released his LYRICS to the public domain. My copy of "Too Many Songs by Tom Lehrer" with musical notation remains relevant, yay!
Don't forget the brilliant introductions and epilogues that accompany his songs. They're just as smart and funny as the songs themselves, with not an ounce of fat on them.
> There's just no one like him and the way his songs have remained so relevant up to this day is something I find myself in awe of.
Much of Bob Newhart's comedy holds up very well today, but of course it's not music.
"...This year, for example, on the first day of the week Malcolm X was killed which gives you an idea of how effective the whole thing is.
I'm sure we all agree that we ought to love one another and I know there are people in the world that do not love their fellow human beings and I hate people like that."
Oh yeah, would love to have a go at it as well. Yet, it is an early draft so they may have some things planned. In my experience, books, presentations, really everything that tries to convey information, works better when looking "good". And "good" is prone to opinion, but some general rules doe apply. I think that the writer has chosen not to bother with styling all to much until the content is set in stone, which is smart.
I was going to make approximately this point. However, I think it's also important to have some of those "shut up and trust me" phrases codified and have them available for the layman via Google. Because sometimes those people demand "proof" or they'll go searching for it themselves and if it's right there to be found and most major sources agree... well, the discussion can then be "Is this just obscurity where security is needed?" AS IT SHOULD BE.
If you get right down to it, passwords are just obscurity. Usernames are just obscurity. In this very thread people are dismissing port knocking while it's functionally equivalent to a password.
I will personally stand by "security through obscurity is not security" forever because that way we can get to the actually interesting question -- what level is needed for this service?
Let's take a simple example from the public Internet -- you want to share something. So you put it on a server with Apache. You add TLS and PFS. You hide it in a folder structure somewhere. You add a single-use token or just htaccess.
Any of those individually would be obscurity, but put together they are most likely more than enough for... well, anyone. So is it still obscurity or actual security? That's a debate for the ages, but I think most people would agree all of those put together are fine-ish, but pick just one method and it's just obscurity.
This whole thread is basically just a philosophical debate where half the people haven't read the article, the other half disagrees with minutiae in the article, the third half disagrees with major points of the article, the 4th half is sharing anecdotes and the 5th half just wants to participate.
They haven't tried to enter any ad ecosystem, haven't tried to monetize the massive amount of creativity or anything on the platform. Granted, it's really hard to say "Hey, we've shown your news article to 10 million people, pls pay us" when the news site itself is struggling to get any revenue from those millions of clicks. Not to mention the site might have a question reddit reeeeallly doesn't want to answer "So, was it in a neo-nazi subforum or a porn subforum?"
Yeah, there's just been nothing in ten years. An IPO at this point is nothing but a cash grab awaiting the death of the platform.