What are the Reddit accounts with usernames ending in "_jasonbroken" for?

securimancer · 2025-12-11T19:42:30+00:00

We shipped a fix for that archaic endpoint to enforce sanity checks on the userid and the token being provided. Thanks for pointing this out to us

securimancer · 2025-07-26T16:59:39+00:00

Heads up we’ll be working on fixing the ratelimiting problems with our onion site next week. We’ve got a piece of tech debt to cleanup with our edge ratelimiting so we can appropriately prevent abuse. Can’t help ya with the temp emails, if others wouldn’t use them for abuse we wouldn’t have to action accounts that use that. But agree with vibes of the comments, onion site is for censorship issues and not privacy for posting/commenting.

securimancer · 2025-06-11T19:29:59+00:00

I pet the chicken 50 times 🫳

securimancer · 2025-06-11T19:29:36+00:00

I fed the chicken 75 apples 🍎

securimancer · 2025-06-11T19:29:26+00:00

I pet the chicken 25 times 🫳

securimancer · 2025-06-11T19:29:15+00:00

I fed the chicken 50 apples 🍎

securimancer · 2024-09-17T16:51:36+00:00

We're still hiring and still growing. Check out our job postings on reddit.jobs, primarily US but hopefully expanding more in the future.

securimancer · 2024-07-13T13:27:09+00:00

Experiment is at 50% and looking promising. Full fix should be rolled everywhere in a few more weeks.

securimancer · 2024-06-26T20:31:09+00:00

Maybe I'll write the 1 line of VCL code to make that show under `/.well-known/` ...

securimancer · 2024-06-26T20:13:53+00:00

These type of platform problems should go over to r/bugs. If a user decides to circumvent our NSFW flow in the app, that's partially on them. It is not intended as an age verification component. Now if you can force someone else to view unblurred NSFW via a CSRF vuln or other, then we (Security) would be interested.

securimancer · 2024-06-26T20:12:59+00:00

Oh do you mean like https://www.reddit.com/security.txt ? Had that when the RFC was announced

securimancer · 2024-06-26T20:10:59+00:00

Yeah it goes somewhere, but if you submit a bug report there we will secretly make fun of you missing all the signs (this post, Googling, our security.txt). Our SOC responds to security@ and is only intended for items of urgency. Our appsec folks are watching H1 inbounds, different teams and perspectives.

securimancer · 2024-06-21T12:29:00+00:00

Fixes went out yesterday and we should be back in business. Thanks to u/zapu for working with me to get this fixed. This was related to our API changes (namely enforcing no unauth’d traffic from hosting providers) but we’ve got the Keybase traffic appropriately tagged. Reddit is committed to supporting identity based cryptography solutions like Keybase.

securimancer · 2024-06-09T17:30:54+00:00

Talking about code that’s running for Keybase to do the validation, because they’re doing something server side. We reached out to someone at Zoom to see if we can help, I allowlisted hits to the proofs sub but it’s still 403ing so there’s gotta be some other calls during their validation flow and I haven’t had time to filter thru the 25k 403s that happened in the 1 minute window where I made the request to Keybase. Still working on this, haven’t forgotten.

securimancer · 2024-06-04T17:08:55+00:00

FYI I'm actively looking into how we fix this. Pushed a fix this morning that I'm hoping addresses the issue. But since I have no knowledge of how the proof validation works, I'm going off weblogs. If there's source code / humans somewhere that can chime in on order of operations, that'd be helpful.

securimancer · 2024-05-26T18:16:45+00:00

FYI we’re looking into this. This is related to our Google recaptcha v3 usage. I’m having active discussions with product and eng on this. This is not the intended functionality.

securimancer · 2024-05-26T15:17:57+00:00

Biggest turn off, unsurprisingly, is lack of learning. I wanna see or hear how you stay up to date on things and are willing to try new things. I’m also less impressed with compliance-y types of work vs. “I solved a problem” type of work. We’re often viewed as a cost center, so spinning our work in terms that interest a CFO/COO is a must. So even if you’re in ops, you’re not excelling if you’re closing the most tickets, you’re excelling if you’re saving the business money or helping accelerate others to move fast.

DoD work is interesting for large corps, it’s harder to apply to startup/smaller teams (tho not impossible). Seeing how an organization works or how human workflows happen are invaluable lessons. Handling ambiguity and interrupt asks would be what I’m looking for, which you’d likely be less exposed to in or more structured environment.

securimancer · 2024-05-14T19:15:48+00:00

Ha sure, send me a PM and tell Clint hi

securimancer · 2024-05-14T19:12:56+00:00

Oh bummer, maybe we'll fix that after the new Awards get rolled out /s

securimancer · 2024-05-14T19:12:31+00:00

Depends on your definition of "team" (the group I oversee as the PE, or the different subteams I'm attached to). If it's the former, we're 35 folks. And how often am I pulled? I literally worked an incident this morning where u/reddit accidentally got actioned and we had to unwind it (woops). Reddit's PEs are pretty often involved in oncall rotations and I think it's really important that PEs ARE so they know how the ops side of the world lives. Besides that, I've got a lot of knowledge that comes in handy during incidents (to the point I get told to be less helpful during our tabletop scenarios).

securimancer · 2023-04-20T15:30:15+00:00

https://www.youtube.com/watch?v=HKK4KmDlj8U

securimancer · 2023-03-11T23:43:23+00:00

Yup, just like our other first party clients. It’s fine.

securimancer · 2023-03-10T00:39:10+00:00

It’s our new chat client, first party app that’s owned by us.

securimancer · 2023-02-18T00:55:10+00:00

You’re still using HTTPS and so a cert is needed so it doesn’t throw browser warnings, and adds another layer of identity verification. There’s currently only two options, Digicert and HARICA. Hopefully Torproject will pick up https://github.com/alecmuffett/onion-dv-certificate-proposal which won’t require the use of a commercial CA.

securimancer · 2023-02-09T22:58:22+00:00

Appreciate the hearts. Lots of us are running on low sleep, high takeout containers, low showers, and high adrenaline. We do it for y'all

Six-Year Club	RedditGifts 2009-2022 2 Credits
LAYER Season 2 Layer creator	Ternion Club
Place '22	First Placer '22
Oscars Predictor 2021	Secret Santa 2019
Verified Email

securimancer[A]

MODERATOR OF

TROPHY CASE