Is Tumblr facing a growing spam problem? For many regular users of the blogging platform, the answer is “yes.” Although Tumblr hasn’t taken to its own blog to provide a public update on its progress in fighting spam, it did recently address the concerns of a high-profile Tumblr user – the associate producer of NPR’s Fresh Air, Melody Kramer, who maintains a blog for the popular program hosted on the Tumblr platform.
To Kramer, Tumblr acknowledged that it’s aware of a recent increase in spam blogs and is “doing everything we can to quickly suspend these blogs and to keep more of them from being created.”
Last week, a post by Croatian blogger Sven Duplić about the percentage of Tumblr users that are spam bots sparked a discussion both in the comments section as well as on Hacker News. (BetaBeat has a good summary of this). The takeaway is that for some Tumblr users, the issue is worse than it is for others.
But for NPR’s Fresh Air, the problem was bad enough to prompt Kramer to post a snarky message to Tumblr spammers earlier this month, perhaps as a way to get Tumblr itself to step in and address the problem:
Dear Tumblr Spammers,
If you’re going to follow Fresh Air and then like 30 of the posts, why not like the most recent posts? If you’re simply trying to get people to find their way to your page, liking posts from last February — all in a row — probably won’t help.
Tumblr has now replied to the issue, essentially confirming it’s aware of the growing spam problem and is doing everything it can to fight it.
Hello, Melody. Please know that we’re aware of a recent increase in blogs with odd URLs that are following large numbers of users. We’re doing everything we can to quickly suspend these blogs and to keep more of them from being created.
As Tumblr finds and suspends these blogs, you may see that your Followers count seems incorrect for a period of time. Our Follower indexing system time to recognize that a given blog has been suspended and to then not count that suspended blog in your Followers count. We’ll update your Followers count correctly after a period of time.
The fact that one or more of these blogs has Followed you, Reblogged your content, or Liked your content will not compromise the security of your Tumblr account or the security of your computer in any way.
If you’d like, you can Block any blogs that are causing you concern. Blocking does not prevent someone from showing up as Follower or prevent them from viewing a public blog’s web pages or RSS feed. But you can use http://tumblr.com/block so that they can’t see your posts on their Dashboard, you don’t see them listed in post notes or in Dashboard notifications, and you don’t get Messages from them.
We are sorry that this issue has occurred and are doing everything that we can to address it quickly. Please let us know if you have further questions or concerns.
Unfortunately, for Kramer and the rest of Tumblr’s user base, the issue may not be as simple as spammers just sneaking in links to their sites via the platform’s liking system, although that’s the most visible problem.
Spammers typically use the Tumblr “like” button to create backlinks to their sites by creating hundreds or thousands of fake Tumblr accounts that go around “liking” other people’s Tumblr posts. It’s not all that different from the problem where spammers infiltrate blog commenting systems to link to their sites, or the now nearly discarded system of using Trackbacks to indicate when someone else has linked to your post from theirs. (Trackbacks, popular in the early days of blogging, became so overrun by spammers, that today, most bloggers just shut them off.)
Tumblr’s growth, certainly, has been remarkable. In September, it raised $85 million in new funding, bringing its total funding to over $125 million. But it’s unclear when the company talks about its “30 million blogs” with “40 million posts per day,” what percentage of those are being created by spammers.
Even more importantly, perhaps, is that spammers on Tumblr aren’t just using the platform to build backlinks – it some cases, their Tumblr profiles even contain a payload, like a link to a malicious piece of malware. Here’s one example, uncovered by shortformblog, who found bit.ly links hidden in the source code of a suspect Tumblr profile which pointed to a rogue Flash file download.
If clicking through to Tumblr profiles could lead to malware infections on your PC, then Tumblr has a serious problem on its hands, much worse than the annoyance of likespam and shady SEO tactics.
Of course, uncovering how widespread the malware problem may be requires source code checks and analysis best left up to security researchers. That being said, it goes to follow that where there’s spam, there’s malware.
Hopefully, Tumblr will use its new funding to quickly and efficiently address this issue before it becomes much worse.
Update: As a part of the crackdown, it looks like Tumblr is adding ref=nofollow on its like links now. (Note: this is not an official confirmation from the company).
Image credits: shortformblog