Tumblr users who have been reveling in its ability to share content—and block trolls via the plug-in Disqus—got a rude shock today when due to code problems, users found their custom themes disabled and their comment boards wiped out. Among the missing—DC Women Kicking Ass’s lively comments section. DCWKA’s Sue took to Twitter to mourn the loss, and just as I write this it looks like she may have found the missing posts, but others were still searching.
Tumblr is great for sharing but, amazingly, lacks a built in commenting section. Disqus enabled not only comments, but a sophisticated blocking system which enabled many diverse communities to flourish without the chilling effect of trolling endemic to most of the internet.
However, Tumblr has also never been that friendly to plug-ins. While Tumblr hadn’t responded to an inquiry as I write this, it’s mostly likely the changes had to do with Heartbleed, the terrifying vulnerability that affects 2 out of 3 websites via the ubiquitous OpenSSL interface. This weakness, discoevred just yesterday, allows hackers to access passwords, sources, cookies, emails, passwords, you name it. (Is Heartbleed another name for I Killed The Watcher?)
My ISP already closed down open SSL and fixed one of my servers…but the vulnerability was there for two years—meaning its time to change those passwords YET AGAIN. The internet is NOT a safe place.
Tumblr has long been seen as a fairyland free for all of content and anonymity…even though last May it was purchased by Yahoo, which is notorious for bungling acquisitions under its previous ownership. While the current problems showcase the weakness of specific HTTPS vulnerabilities, it’s also a reminder that unless you have access to backing up your content, it can be removed in a heartbeat.