Comment by thinkingemote
5 days ago
"Hi I noticed you weren't that online as recently as you were are you ok?"
Wow that must be a lot of work
Wow I feel for you, friend
Yea id be happy to help out from time to time.
--- But needs to happen with other things.
Quite often seen in GitHub where an attacker can contribute to build trust. With Reddit, mini modding, regular submissions, good comments etc
Defense includes not being shamed or pressured when life seems more important.
The simplest thing is probably just to ask for it. I'm sure if you went now and asked to be moderator for a hundred different mid-sized subs, you'd get yes from a few. If you "seem trustworthy", probably more than a few.
This was exactly the playbook that led to the xz backdoor.
Just the quotes:
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
Yes, I had that in mind too.
Its worth any maintainer to be familiar with these methods to build up defences. With a few sock puppet accounts a single person could do it on their spare time. A nation state or criminal full time enterprise could do several attacks.
It's scary and immoral but I find it fascinating too. Like the dark side of the how to win friends books.
Security.
But can any mod remove other mods? How does that work in reddit?
Seniority. Older mods can remove younger mods.
So just try to buy or steal the most senior mod's account and then you have the mod for yourself? Ouch.
1 reply →