This type of breach of trust could be used to help educate people on what digital security really means, and to demand real security in all parts of their digital lives. It is also good to demand multiple layers of security.
Reddit is "https", and did that help here? No, in the sense that it only ensured the unaltered delivery of what Reddit was sending. It did nothing to preserve the integrity of comments that were originally written. This was not a “secure” web site for this case, yet many people would assume so due to the one layer of security that was present and prominently displayed in the browser! Now extend this to any given web site, and data that is far more important than a stupid comment. Real security is not trivial, and figuring out a good way to manage trusted parties is especially hard.
Reddit is "https", and did that help here? No, in the sense that it only ensured the unaltered delivery of what Reddit was sending. It did nothing to preserve the integrity of comments that were originally written. This was not a “secure” web site for this case, yet many people would assume so due to the one layer of security that was present and prominently displayed in the browser! Now extend this to any given web site, and data that is far more important than a stupid comment. Real security is not trivial, and figuring out a good way to manage trusted parties is especially hard.