If you had a language model (say, trained on existing comments from Reddit), you could encode the data in the comments in English, and make the abuse a little more subtle.

There should be a contest: Who can find the most implausible data storage medium? (Rated according to various criteria such as ingenuity, reliability, max. data read/write rates, latency, storage size, costs…)

Well there's some pretty amusing abuse. I recall there was a botnet a while back that got it's commands from a subreddit as well. Quite brilliant actually- who would suspect reddit as a command server?

If this idea appeals to you, you may also be interested in the 2009 paper Graffiti Networks: A Subversive, Internet-Scale File Sharing Model [0] by Andrew Pavlo.

tl;dr: the researchers discovered that MediaWiki instances were good soft targets.

[0] https://www.cs.cmu.edu/~pavlo/static/slides/graffiti-dc401-o...

An expected reaction from the reddit admins...

http://www.reddit.com/r/programming/comments/38kn2g/redditst...

One of the co-creators here; as a disclaimer, we didn't mean to threaten to break reddit at all. We're amazed that someone even found this repo since we abandoned it back in January, and that it's even gotten any amount of attention. Honestly we just built this in a week over winter break cause we were bored

This is pretty much exactly how binary newsgroups got started. Not to be all "I thought of it first" but I had thought it would be funny to do something similar on Twitter.

I like the proof of concept, but I hate that anyone would abuse Reddit this way.

Can anyone do a rough cryptoanalysis of the code? It uses AES block cipher in CBC mode with a random iv. Which attacks is this open to?

First, I suspect it's lacking a secure integrity check (MAC), so is weak against chosen ciphertext attacks.

    def encrypt(self, plaintext):
        plaintext = self.pad(plaintext)
        iv = Random.new().read(AES.block_size)
        cipher = AES.new(self.key, AES.MODE_CBC, iv)
        return iv + cipher.encrypt(plaintext)

I'm also not sure about his padding of zeros to attain the AES block size - was there a more secure padding?

    def pad(self, s):
        return s + b"\0" * (AES.block_size - len(s) % AES.block_size)

Wouldn't it be funny if reddit just randomly edited the comments to break the encoding...

Shame an encryption key is REQUIRED, could be a useful way to transfer files between Reddit users. Of course the file has to be encoded, but the encryption should be an optional extra.

Don't use this for anything important, and certainly not with a non-unique password.

Key is derived from a single SHA256 (can be brute-forced very rapidly), cyphertext isn't authenticated (can be tampered with or corrupted without anything noticing), and the padding function is broken (strips trailing NULLs, so no good for binary files).

Interesting idea... Since image formats already store a huge BLOB, how much more would it take to make ImgurStorage?

(Ideally, it would be slightly more elegant than just renaming a zip file.)

Pretty clever. If it was stored in reddit's wiki system instead of comments, it could have a revision history!

I think this will break your ToS with reddit and result in a ban on the account. That said, I don't know. It's kinda cool though.

Presumably something like this is what's happening in /r/A858DE45F56D9BC9/

Welp. This won't last very long. :-)

I've been preaching the similarities of reddit to newsgroups and IRC forever so this seems like a natural evolution to me. Probably fairly easy for reddit to shut down though unfortunately.

Now if ISP's would start offering their own cached usable versions of reddit we would be getting somewhere :)

I had the same idea few months ago, I've even coded simple POC in Java which mapped submissions in subreddit to files. You could use FUSE to create virtual device and map files in mounted folder to comments. For Java I was using fuse-jna - there should be binding for Python.

Lol, I've thought of doing this so many times on Facebook, Google+, Twitter and reddit. Seeing the amount of points this gets, I guess I should have done it. I didn't because it seemed so pointless: they'll just block accounts using this.

Somewhat related project i had going... https://github.com/meesterdude/reddit-rust-servers (http://ruru.name/reddit-rust-servers/ show/hide columns to see more options)

I used to run the rust servers sub. I would have people post JSON posts, which i would then spider and generate a JSON DB from, and created a UI (see the gh-pages branch) to grab the JSON and present a searchable/filterable way of finding servers that are relevant to you.

I thought about creating an anonymous peer-to-peer network like BitMessage but over Twitter instead of over TCP/IP. The main benefit is that for the watching government hardware your traffic will flow to twitter, not to some suspicious computers. Of course if government can talk to Twitter, it might find out that activity, but not all governments can talk to Twitter.

Another improvement might be not to send base64 abracadabra, but instead send some readable texts (autogenerated or fragments from wikipedia) and encode message as a slight deviations (typos, etc) using steganography. But it would require a lot of messages to transmit enough data.

Perhaps something like this could explain http://www.reddit.com/r/A858DE45F56D9BC9

You could randomly spread this over various subs, that and add erasure coding. This way if a chunk or two goes missing you can reconstruct the original blob.

A nice new example of what's called "parasitic storage." This kind should be easy enough to detect on Reddit's end: encrypted and binary data look very different from text. Further, if a site allows binary, it's different from crypto. The only type that's hard to filter is custom stego whose patterns look similar to normally accepted traffic. Extra true if it's a high volume site.

From 2010: https://nealpoole.com/blog/2010/12/bit-ly-file-storage-cleve...

Reminds me of: https://twitter.com/manzoor_e/status/604072602114605056/phot...

how do you get a Mac OS X GUI around this if it is written in python? Can you do the same with perl, php, and other languages? Interface Builder has always been a stumbling block for me to even begin to learn Obj-C or Swift.

Please don't do this . . .

I remember once briefly thinking how fun it'd be to do something like this, before realizing with the spam filters the way they are it'd probably be the last thing I ever did on the site.

Neat proof-of-concept though

RedditStorage reminds me of a couple business models we tried out that tanked..

The first was a new business where we would go to trade shows, conventions, hell even fast food places, and just collect as many free beverages, condiments, napkins et cetera as possible. Then we'd sell them online.

The other one didn't do much better. We'd go to a Lowes Tool Rental, and just rent a bunch of tools and then re-rent them out of our truck in the parking lot. They had to have them back an hour before Lowes closed for the night.

Our current business model is, we go to bars and hit on people, and if we get their phone numbers, we add it to a subscription service where other people can have access to it.

Honestly, I feel we're no more in the wrong than RedditStorage is.. /s

> RedditStorage uses an AES encryption algorithm which requires you to choose a password (e.g. "bunny")

Some people still don't know what a password is? =D

What happens when someone uses this to pollute popular subreddits? People will get pissed off...

that is awesome in its complete disregard of reddit :) and a death sentence to itself if it gains popularity as reddit-admins will have to ban the accounts/discard the content :) so it's not that secure a storage idea...

nice little engineering work though. kudos.

Yeah, it can be done, but who the fuck needs that ?

does reddit not have some sort of posting throughput limit?