Fun Size Bytes

(TL;DR summary: pitchforks down. I am willing to accept Tumblr’s eventual explanation of why this happened, even if the timing is suspiciously unfortunate.)

At 3:45pm today, the script which updates SoundOfTheBeep and SoundOfTheBeep (UTC) reported an error:

HTTP/1.1 403 Forbidden
Date: Thu, 29 Sep 2011 19:45:01 GMT
Server: Apache
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Vary: Accept-Encoding
X-Tumblr-Usec: D=28551
Content-Length: 20
Connection: close
Content-Type: text/plain; charset=utf-8

I assumed that this was just Tumblr’s API having “technical difficulties” again, but one thing struck me as odd… usually when Tumblr’s API fails, the HTTP/1.1 line will show error code 500, not 403.

“Forbidden.”

Hrm.

Well, I was busy with other things at the time, so I hoped that it would sort itself out, and I mostly ignored it.

An hour later, Jeremy Cutler (of Missing E fame) emailed to say that he noticed SOTB was offline, and he hoped it wasn’t something Tumblr did because of a tip he posted the Missing e Tumblr about something you could do with Missing e and SOTB together.

That post had gone live around 12:30 p.m. (Eastern Time/USA).

In about 20 minutes, SOTB had acquired about 50 new followers (according to the email notifications).

By 12:50 p.m. I received no new emails notifying me of any new followers.

At 4:46 p.m. I emailed Tumblr:

Out of nowhere my http://soundofthebeep.tumblr.com/ Tumblr was shutdown.

No message to me, no warning, no contact, nothing.

Just all of a sudden you decided to deactivate it.

Why?

And received a prompt reply:

We’ve suspended your http://redirector.tumblr.com/ for Spam. Per the policies you agreed to when creating your account, Tumblr prohibits such activity.

Aside: I setup the “redirector” Tumblr to create sub-Tumblrs for people whose Twitter and Tumblr names were different and which I kept getting confused about. For example, I made http://abigvictory.tumblr.com/ to point me to http://inthefade.tumblr.com/ (although now Michele changed her Twitter name, so that’s even more confusing, but anyway). I put a bunch of “sub-Tumblrs” on the redirector account so it wouldn’t clutter up my main account. Eventually I put both SoundOfTheBeep accounts on there too.

It is important to note, however, that if one of your Tumblrs is considered to be spam, Tumblr will shut down your entire account and all of the Tumblrs associated with it.

~ And now, back to our story… ~

My first reaction was “Oh no, someone has gotten my password for the redirector account!”

But the password is 20 characters long, a random string of letters (upper and lowercase) and numbers, generated by 1Password. The chances that someone figured that out seemed remarkably slim… and towards what end? None of the Tumblrs on that account have very many followers (SoundOfTheBeep has about 300, which is more than all of the others combined). I checked the server where the SOTB script runs, to make sure that it was not compromised there, and I could not find any evidence that someone could have gotten it that way.

It just did not make sense.

So I replied to Tumblr:

I would like a more specific answer.

The account has existed for probably a year, and never “spammed” anyone.

It never re-blogged anyone. It never sent any “ask box” messages.

I did notice that there were a bunch of spammy followers to the account today (I can provide the emails if you’d like).

[aside: that turned out to be an inaccurate perception on my part; as I later learned that several of those “spammy-sounding” account names were very legit accounts, just with weird names, imo… which is a reminder that I am old.]

What, specifically, was the account activity that got it suspended? (I suppose it is possible that someone gained unauthorized access to the account.)

TjL

Fifteen minutes later, I received this reply:

We’ve restored your content. We’re sorry that this problem occurred, we’ll do our best to make sure that it doesn’t happen again.

I sent back an email asking for a better explanation, and said that I didn’t think that spam was a legitimate reason. Obviously they didn’t think the account had been hacked because they restored the same password I had been using before.

It was long, and it was unhappy. If you’ve been following my site for any length of time, you can probably guess that much. I asked for a better explanation and some sort of better reassurance that it won’t happen again.

Quite frankly, I didn’t expect a reply, but I did get one. My message was sent at 5:43 p.m. and the reply came in at 6:57 p.m.

(I have omitted names from the previous Tumblr support messages, but I do want to mention that this came from “Marc” who many folks will know as the original “Tumblr support guy”. He wrote:

Hi, TJ. I run the Support group at Tumblr. As you probably know, as Tumblr has grown the number of spammers targeting Tumblr has grown greatly. In order to combat the spam, we have put a system in place that try to identify spam blogs and remove them. We do this so the spam blogs won’t annoy or harm our users.

http://soundofthebeep.tumblr.com/ has over 47,000 posts and the posts are all of a repetitive nature. So, that is why the blog was identified as spam by the system. The spam detection system we have in place works correctly the vast, vast majority of the time. But, it is not perfect and so your blog was suspended as spam.

We too consider you our customer.

[Note: I had mentioned in my message that I considered myself Tumblr’s “customer” even though they won’t let me pay them.]

I am very sorry that misidentification occurred and that we didn’t understand what you were trying to do with the blog when you wrote in.

I will make sure that your account is notated so this this will not occur again. We will also use this experience to tweak our detection logic and hopefully do a better job at spam detection moving forward. Again, my apologies that this occurred.

Marc

That was a very good message. It was clear and direct, and helped me see the issue from their perspective.

At this point I am willing to accept that this was a case of bad timing with regard to the “Missing e” blog post. Yes, the timing seems suspiciously odd, but I am willing to apply Hanlon’s razor.