Reddit charging for API access moving forward June 19th 2023

[tayjaf]

https://www.reddit.com/r/reddit/comments/12qwagm/an_update_regarding_reddits_api/

I am sure it's been made aware already, but curious to hear the plan moving forward, or if this may be the end of development as RedReader. The Apollo app developer claims the pricing is too much and requires a subscription model moving forward (https://reddit.com/r/apolloapp/comments/12ram0f/had_a_few_calls_with_reddit_today_about_the/).

[lol768]

Fuck 'em, we should reverse engineer their mobile client APIs if necessary.

[QuantumBadger]

I received an email from Reddit yesterday (below), unfortunately they haven't given any information at all on what the pricing structure, usage limits, or restrictions on NSFW content will actually be. I've emailed them back for more info, but I haven't heard back yet.

I suspect it won't be good news, otherwise they would have given some actual information in the announcement.

[themanifold]

https://old.reddit.com/r/apolloapp/comments/12ram0f/had_a_few_calls_with_reddit_today_about_the/

The Apollo Dev has more information.

[QuantumBadger]

Thanks, yeah I saw that post. I'm hoping Reddit will make an exception for free and open source apps, but I'll have to wait and see what their response is.

[coderkei]

Fuck 'em, we should reverse engineer their mobile client APIs if necessary.

My guess, most 3rd party clients will go a similar direction as Newpipe, scraping the web version instead.

[QuantumBadger]

I had a call with Reddit yesterday, I've posted the details here: https://old.reddit.com/r/RedReader/comments/132qkb8/update_2_reddits_proposed_api_changes_and_the/

[nl255]

Perhaps it would be a good idea to get together with other third party reddit client developers and make an open source scraping library similar to how NewPipeExtractor works and call it RedExtract or something like that? That would avoid quite a bit of duplication of effort.

[DIzFer]

As aware as I am that it may have been premature, I've deleted my reddit account over this. I should have done that when they first started messing with crypto bs, but ever since they announced their official client I've been waiting for them to do this same crap, like twitter did years ago. And I'm really really not interested in that, there's enough other places on the internet to be in for reddit to not be worth my time without a third party client.

For what it's worth, my interest in redreader is now exclusively about the anonymous mode (for the couple subs I may still keep tabs on). I do not expect that to keep working without heavy massaging given reddit's announcement

[tayjaf]

https://old.reddit.com/r/apolloapp/comments/13ws4w3/had_a_call_with_reddit_to_discuss_pricing_bad/

Pricing update, not looking great at all.

[lol768]

@QuantumBadger I assume there's nothing more appropriate that has been privately offered for open-source apps from reddit's management?

The announced pricing is ludicrous; I am still of the belief that there is only one answer that works around this nonsense.

[nl255]

@QuantumBadger I assume there's nothing more appropriate that has been privately offered for open-source apps from reddit's management?

The announced pricing is ludicrous; I am still of the belief that there is only one answer that works around this nonsense.

Well the revanced patcher does have support for the reddit app now, too bad to use it on Android you have to download several gigabytes worth of stuff including the full JDK (termux is using around 2.3gb of internal storage and all I have on it is the revaced patcher and the python version of yt-dlp). Otherwise you need to be running Linux on your desktop/laptop PC to use it.

[QuantumBadger]

@QuantumBadger I assume there's nothing more appropriate that has been privately offered for open-source apps from reddit's management?

I have another call with Reddit tomorrow to discuss this, I'm not expecting good news to be honest.

[nl255]

@QuantumBadger I assume there's nothing more appropriate that has been privately offered for open-source apps from reddit's management?

I have another call with Reddit tomorrow to discuss this, I'm not expecting good news to be honest.

Have you considered getting together with the Apollo dev(s) and other such developers to join together to make a reddit equivalent to NewPipeExtractor that all such apps could use?

[QuantumBadger]

@nl255 I'm hoping to avoid scraping if possible -- I'll wait a bit longer to see how things unfold with Reddit before making a decision on how to proceed.

[mcmurtryz1]

Out of curiosity, couldn't someone just create their own "app" on reddit, fork this project, and give it that client id to skirt around this? Or even more directly, have the user set their own client id on initial startup/change it in the settings. That likely wouldn't help with the NSFW content being restricted. It seems likely they may also already have some language or will put some language in their TOS to cover this.

[lol768]

Frankly it seems to be that the data API is already a second class citizen.

I don't know if anyone else has noticed this, but it's gotten much slower anecdotally for me in the last month or so. What you're suggesting @mcmurtryz1 will be subject to whatever restrictions they try to impose on the API in the future.

It's better to go for the jugular - whatever APIs they're reserving for their own use in their own app / website. That's where they will optimise the user experience.

[QuantumBadger]

New update here as I've just had another call with Reddit:

https://old.reddit.com/r/RedReader/comments/13ylk42/update_3_reddit_effectively_kills_off_third_party/

[lol768]

Thanks for taking the time to attend these (ultimately fruitless) meetings with Reddit and fighting the good fight @QuantumBadger - and for all of the work you've done on this project.

I've had a play with Lemmy and have been pretty impressed with what they've built over there so far. The fact it's decentralised helps to prevent history repeat itself too, so I'm finding your suggestion of pivoting away from Reddit (instead of scraping or reversing Reddit's own mobile APIs) to seem more attractive. Lemmy just needs the userbase and communities now.

[Cj-Malone]

I was literally just reading this thinking "fuck them, they don't deserve the RedReader traffic, you should switch to Lemmy". And your post mentions that possibility! :p

I've not actually used Lemmy, I can't help with the conversion and honestly I gave up on Reddit a while ago. (Them actively destroying the website experience made it uncomfortable to share urls with none techie friends, was the straw)

So just my opinion. Fuck them, they burnt the bridge, not you. Jump ship, keep the name and package id just to rub salt in the wound.

[nl255]

Well there is always the revanced patcher which supports the reddit app and while the current patches are few that might be a better thing to focus on than having to constantly reverse their API or set up scraping.

Though if you do decide to go the scraping route then it would probably be best to get together with the Apollo developer and other developers so the work and effort can be shared.

[maltfield]

FYI, @homoludens first requested support for Lemmy in RedReader early last year

• https://github.com/QuantumBadger/RedReader/issues/952

[edgar-vincent]

I don't know whether you are aware of the existence of this, or if it is indeed pertinent, but https://api.reddiw.com/ provides an API which does not depend on Reddit's official API.

[maltfield]

Looks like the free reddiw API is read-only. I think participating in the link aggregator community is very important. Open-source users shouldn't be lurk-only or second-class citizens in any way.

[moocow1452]

I'm not adverse to a read only version of a Reddit as a serial lurker. If it requires me to make a developer account, that's a bit a bit of a bummer, and then you might as well just build in a developer key support for every app.

On Tue, Jun 6, 2023, 10:03 AM Michael Altfield @.***> wrote:

Looks like the free reddiw API is read-only. I think participating in the link aggregator community is very important. Open-source users shouldn't be lurk-only or second-class citizens in any way.

— Reply to this email directly, view it on GitHub https://github.com/QuantumBadger/RedReader/issues/1059#issuecomment-1578830095, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKRYGDNV4MELQJ337EL5HLXJ42C7ANCNFSM6AAAAAAXDQLQAM . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[ixfd64]

I suspect Reddit took action against Reddiw as the latter now gives a 404 error. Furthermore, /r/Reddiw has been banned and the creator suspended.

[tayjaf]

What a shitshow.

Apollo, RIF, Sync, and practically all other apps have officially announced they are shutting down.

https://www.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/

Is there an active community within the developer space that has decided what direction they want to go?

It might be more reasonable to take some collective action with other app developers if the majority decides migrating to Lemmy or Hacker News or Mastodon or etc. is worthwhile, or even the read-only approach.

Badger and others ultimately have the final say as to what to do with RedReader. I wish I had more experience to contribute in a meaningful way.

P.S.

Reddit is opening up a complaints form here: https://www.reddit.com/r/reddit/comments/144ho2x/join_our_ceo_tomorrow_to_discuss_the_api/

[QuantumBadger]

Thank you for the comments all! I'm hoping to make an announcement within the next couple of days.

[ixfd64]

I think the most efficient solution would be to reverse engineer the private API from the official app. However, there are legal risks associated with this.

[nl255]

I think the most efficient solution would be to reverse engineer the private API from the official app. However, there are legal risks associated with this.

Would that be more efficient than joining the revanced team and making patches to turn the official app into something that works reasonably well? Because helping revanced, reversing the official api, or scraping are the only real options. I believe both newpipe and yt-dl/yt-dlp rely on a combination of scraping and reversing/emulating the official Android api.

[maltfield]

Not sure if @QuantumBadger saw this yet, but it looks like @derivator is writing a proxy API (tafkars-lemmy) that translates reddit-like API queries to Lemmy.

• https://github.com/derivator/tafkars/tree/main/tafkars-lemmy

This middle-layer would allow allow apps like RedReader and others to switch from Reddit to Lemmy (the federated reddit alternative) with minimal code changes. He already has some demos up (including RedReader) that look pretty sweet:

• https://imgur.com/a/AsRYMrI

[derivator]

Not sure if @QuantumBadger saw this yet

Indeed he has. I would try to make a pull request myself to make the API url configurable, but my Android experience is very limited and I won't have time this weekend. Would be stoked to see someone else make one so I can focus on developing the proxy further.

[QuantumBadger]

Discussions with Reddit have finally concluded and I've posted another update here:

https://old.reddit.com/r/RedReader/comments/145du4j/update_4_redreader_granted_noncommercial/

To summarize:

• RedReader can continue to operate as a free and open source app.

• There will be no ads, monetization, etc.

• I still have concerns about Reddit's current trajectory, and plan to expand the range of sites RedReader is able to access in future (including Lemmy and probably others).

[lol768]

This sounds like good news but the justification is a slightly concerning one to me - will the exemption be removed when some of Reddit's in-house developers make some slight improvements to the Reddit app in the area of accessibility?

And it sounds like the policy on NSFW subreddits is unchanged - last I checked, being blind or visually impaired or finding RedReader more accessible for any other reason didn't imply asexuality....

[jameshilliard]

• RedReader can continue to operate as a free and open source app.

Will it still be licensed under GPLv3? If that's the case it would appear that based on the GPLv3 license other apps will also be able to use the same API keys as well from my understanding(it's somewhat unclear if the other apps would also need to be GPLv3 licensed but I'm not seeing anything that would specifically disallow that).

Developers other than me who compile RedReader from source will need to provide their own API keys.

This approach appears to be incompatible with the GPLv3 license which requires one provide the "authorization keys" that enable anyone to reproduce an app with the same functionality as the compiled binary.

[lol768]

The provision that you're referring to in the GPL is designed to ensure that if someone modifies GPL-licensed software and then distributes their modified version, the recipient should also be able to install and run that modified version. This requires the modifying party to provide "installation information" such as the methods and procedures for installation, but would typically not extend to providing their own API keys or other secrets.

The point of this part of section 6 of the GPL is to ensure that the modifications themselves don't become a means to prevent users from exercising their rights under the GPL to run, study, and further modify the software. Indeed - it has its roots in the FSF's reaction to the so-called practice of "TiVoization" and was specifically designed to deal with hardware that checks software for a digital signature during boot-up and only runs if the signature check succeeds.

Requiring an API key to interact with a third-party service is a different issue - it's not a restriction imposed by the person who modified the software, but rather a requirement imposed by the third-party service (Reddit) that the app connects to.

---

If your interpretation of the GPL was correct, it'd effectively mean no software could exist that had the ability for end-users to log-in or authenticate against remote network services without the author distributing their own credentials with the source code, which is clearly absurd.

[jameshilliard]

The point of this part of section 6 of the GPL is to ensure that the modifications themselves don't become a means to prevent users from exercising their rights under the GPL to run, study, and further modify the software. Indeed - it has its roots in the FSF's reaction to the so-called practice of "TiVoization" and was specifically designed to deal with hardware that checks software for a digital signature during boot-up and only runs if the signature check succeeds.

The purpose of these restrictions is so that one may recompile the application code from source and run it without losing functionality present in the compiled application, if an API key is needed to not lose functionality then I think it would be required based on my reading of the GPLv3 license text.

The license text does not seem to distinguish between different types of authentication keys. It simply states that "The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made.".

From my understanding this means for an application like this that the API key(either the exact same key as that in the distributed compiled binary or one with equivalent permissions) would need to be provided with the source code.

Requiring an API key to interact with a third-party service is a different issue - it's not a restriction imposed by the person who modified the software, but rather a requirement imposed by the third-party service (Reddit) that the app connects to.

From my understanding a third-party network service requirement would not change the GPLv3 license requirements for an application binary. I assume reddit is aware the API key would be embedded in a GPLv3 licensed application?

If your interpretation of the GPL was correct, it'd effectively mean no software could exist that had the ability for end-users to log-in or authenticate against remote network services without the author distributing their own credentials with the source code, which is clearly absurd.

The API key in question from my understanding would be distributed to any users that download the app(inside the compiled binary), it's not a security sensitive or secret user account specific credential but rather is more like an application user agent in terms of how it gets used.

From my understanding only the equivalent to the credentials distributed in the application binary is what is needed for the GPLv3 requirement, not the credentials that users may enter when running said application binary(which would be a problem).

[QuantumBadger]

I can confirm that I have a plan for the API keys already, and the app will be remaining fully GPL compliant (I'm not planning to relicense).

I don't want to get drawn into a long debate about licensing, but regarding the passage above, RedReader is not shipped as part of a "User Product" as defined on line 297.

[jameshilliard]

RedReader is not shipped as part of a "User Product" as defined on line 297.

Hmm, yeah, I guess if RedReader is never installed on a "User Product" like a phone when sold it might be exempt from that requirement.

[jameshilliard]

Indeed - it has its roots in the FSF's reaction to the so-called practice of "TiVoization" and was specifically designed to deal with hardware that checks software for a digital signature during boot-up and only runs if the signature check succeeds.

So the strange thing here is that GPLv3 wouldn't actually appear to prevent "TiVoization" as long the product is sold without the GPLv3 application installed at the time of purchase. You could simply have the device install the software(with digital signature restrictions still present) over the internet to bypass the "Installation Information" provision. Weird that the "TiVoization" clause would effectively do nothing to prevent "TiVoization" in practice.

Interestingly this apparently would even mean GPLv3 licensed software can be distributed on the iphone app store which I had assumed was not allowed since it would not be possible to provide the "Installation Information".

[Ferk]

Bringing back the topic to the technical aspects:

I would try to make a pull request myself to make the API url configurable, but my Android experience is very limited and I won't have time this weekend. Would be stoked to see someone else make one so I can focus on developing the proxy further.

Imho, this would make a lot of sense. Not only for interfacing with lemmy through that proxy, but with any other website or service that might want to expose a reddit-compatible API.

Just offering the possibility of customizing the API url would already be interesting, even if there was not (yet) a way to add multiple sources with different urls / APIs.

[cc18dd]

Fuck 'em, we should reverse engineer their mobile client APIs if necessary.

Great idea

[ixfd64]

Someone has forked Infinity and modified it to use the API keys from the official app: https://github.com/KhoalaS/Infinity-For-Reddit

For many Infinity RedReader users, this isn't necessary because Infinity RedReader has been granted a non-commercial exception. However, using the private API would allow access to NSFW posts.

[KaKi87]

Infinity has been granted a non-commercial exception.

That's interesting but I can't find any evidence of that on their subreddit nor in their README. Could you please link us a source ?

I also suggested myself to request getting that exemption in a Reddit comment but didn't get replied that it has been done.

Thanks

[ixfd64]

Infinity has been granted a non-commercial exception.

That's interesting but I can't find any evidence of that on their subreddit nor in their README. Could you please link us a source ?

I also suggested myself to request getting that exemption in a Reddit comment but didn't get replied that it has been done.

Thanks

Oops, I meant RedReader, not Infinity. Apologies!

[tp0]

I also suggested myself to request getting that exemption in a Reddit comment but didn't get replied that it has been done.

Note that it is not just a non-commercial exception, it is an exception for non-commercial accessibility app. Accessiblity for blind/visually impaired.

[KaKi87]

it is an exception for non-commercial accessibility app. Accessiblity for blind/visually impaired.

Oh, I see now.

When I first read the post, there was no update 4, so I thought of non-commercial accessibility as free access. 😅

[steel101]

Could just have each user create there own API key and when you open the app you use the key they paste in the field and the free API gives 100 requests a minute

[KaKi87]

it sounds like the policy on NSFW subreddits is unchanged

So the exemption doesn't give RedReader access to NSFW content ?

being blind or visually impaired or finding RedReader more accessible for any other reason didn't imply asexuality

Also :

• viewing NSFW content doesn't imply viewing porn ;
• being asexual doesn't imply not viewing porn.

[QuantumBadger]

Closing this issue as we have the exemption and there's nothing left to do here for now :)