Traffic flow analysis would probably work quite well on reddit. They could confirm/deny with high confidence whether certain subreddits/posts are accessed without any need to decrypt, just by how big the responses are.
I was initially sceptical that traffic analysis would be enough, but it appears that mainstream TLS does indeed leak a lot of metadata, especially with the typical structure of splitting resources across distinct servers (eg: static.example.com for images). I wonder if the security of something the size of Reddit might not be improved by simply having a large fleet of dns round-robin app servers that all deliver all content from one domain.
I found:
"Identifying Website Users by TLS Traffic Analysis: New Attacks and Effective Countermeasures"
"It should be noted that AEADs, such as ChaCha20-Poly1305, are not intended to hide the lengths of plaintexts. When this document speaks of side-channel attacks, it is not considering traffic analysis, but rather timing and cache side-channels. Traffic analysis, while a valid concern, is outside the scope of the AEAD and is being addressed elsewhere in future versions of TLS."
Since all the posts on Reddit are timestamped, someone sniffing traffic could probably do a decent job tying HTTPS requests (and the IP addresses they came from) to new posts that show up, and the users who posted them.
Or anybody monitoring their traffic. coughNSAcough