The purpose of this post is not to endorse the use of Reddit (), but rather to inform users of a privacy-friendly approach in case they need to utilize the platform.
Redlib is a private front-end like Invidious but for Reddit.
- 🚀 Fast: written in Rust for blazing-fast speeds and memory safety
- ☁️ Light: no JavaScript, no ads, no tracking, no bloat
- 🕵 Private: all requests are proxied through the server, including media
- 🔒 Secure: strong Content Security Policy prevents browser requests to Reddit
- Self-hostable
Redlib currently implements most of Reddit’s (signed-out) functionalities but still lacks a few features.
Redlib Instances
(If a particular instance doesn’t work, try others to see if they work)
Comparison
This section outlines how Redlib compares to Reddit in terms of speed and privacy.
Speed
Last tested on January 12, 2024.
Results from Google PageSpeed Insights (Redlib Report, Reddit Report).
Performance metric | Redlib | |
---|---|---|
Speed Index | 0.6s | 1.9s |
Performance Score | 100% | 64% |
Time to Interactive | 2.8s | 12.4s |
Privacy
Logging: According to Reddit’s privacy policy, they “may [automatically] log information” including:
- IP address
- User-agent string
- Browser type
- Operating system
- Referral URLs
- Device information (e.g., device IDs)
- Device settings
- Pages visited
- Links clicked
- The requested URL
- Search terms
Location: The same privacy policy goes on to describe that location data may be collected through the use of:
- GPS (consensual)
- Bluetooth (consensual)
- Content associated with a location (consensual)
- Your IP Address
Cookies: Reddit’s cookie notice documents the array of cookies used by Reddit including/regarding:
- Authentication
- Functionality
- Analytics and Performance
- Advertising
- Third-Party Cookies
- Third-Party Site
Redlib
Server
-
Logging: In production (when running the binary, hosting with docker, or using the official instances), Redlib logs nothing. When debugging (running from source without
--release
), Redlib logs post IDs fetched to aid with troubleshooting. -
Cookies: Redlib uses optional cookies to store any configured settings in the settings menu. These are not cross-site cookies and the cookies hold no personal data.
Settings and subscriptions are saved in browser cookies. Clearing your cookies will reset them. You can restore your current settings and subscriptions after clearing your cookies using the link given in the settings menu.
[TIP] 🔗 Want to automatically redirect Reddit links to Redlib? Use LibRedirect or Privacy Redirect!
Note: The above text presents an abridged and modified version of information found in the developer’s documentation. Some context has been removed or altered for brevity. For the full and unmodified documentation, please see the original source.
Additional Information on Frontends from Privacy Guides
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. Frontends can allow you to get around these restrictions.
If you choose to self-host these frontends, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting, as other peoples’ usage will be linked to your hosting.
When you are using an instance run by someone else, make sure to read the privacy policy of that specific instance. They can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don’t contain PII.
It mentions limited functionality if you don’t pass it an account so likely as not it’s passing your user token along with a web browser header, scraping reddit, then yanking out whatever it’s filtering and then serving what’s left (likely just the text and vote metadata) in a locally hosted or remote hosted (not on reddit servers) site.
So it wears a mask that has your usernames face on it, knocks on reddit’s door, asks reddit your question, then comes back to you with only the relevant info that you have told it to bring back.
That’s only if my cursory reading is correct. I’d defer to a dev or someone else more interested in the project.
It looks like they’re utilizing the json versions of each page, stripping out the unwanted data, and then passing it on. Mostly just a cursory glance at the source. It’s not scraping the rendered html as that would be way slower and more resource intensive. Once that data is sanitized, their custom frontend can create the UI without ads/trackers.
I absolutely love Cunningham’s law.
Haha wasn’t trying to correct you but I did want to find out what they were doing! Most of what you said was accurate except for the browser part.
I appreciate the contribution and clarification. It’s the beauty of open source. Collaborative learning.