Anil Dash responds to criticism from Alan Shimel
There are a number of recent postings on this blog about companies coping with computer problems - the theme being that the way a company handles problems tells you something that you could not otherwise learn, how reliable they are in a pinch. The TypePad story came from blogger Alan Shimel who wrote about his experience trying to recover his account after bad guys learned his password and defaced his blog.The unedited comments* below are from Anil Dash a Vice President at Six Apart, the company behind TypePad.
Michael, I work with the team at TypePad, and wanted to take a few minutes to offer some explanations and background that I think might add useful information.
First, we're sorry Mr. Shimel has gone through all of this frustration and stress, and we're happy to be helping him recover from it. It seems fairly clear that, after his email account was compromised, it was fairly easy for the malicious party here to retrieve his login information for any number of other services and wreak havoc; His TypePad account was one of those services that were affected.
That being said, the nature of the problem with the account was not immediately clear but *as soon as it was*, Mr. Shimel received a personal phone call from our Vice President of Products, who led the effort to lock down Mr. Shimel's account and prevent any further data deletions. Since that time, our team has been working diligently to restore his data, and expects to have restored all of the blog's content shortly.
It does take more time than we'd like to perform this task, however that's simply because, well, we've optimized the system to make sure that data that our users delete stays deleted. Now that our team knows it wasn't Mr. Shimel doing the deleting, the problem is being fixed.
Put simply, at Six Apart, we stand behind TypePad with the best support in the business. We were the first to offer professional support on any blogging platform anywhere, and we were the first to offer business-class support for members whose blogs are critical to their work.
At a higher level, we at Six Apart have also invested extensively in technology, inventing things like OpenID and then spending even more resources to evangelize them to the entire tech industry so that we simply won't have to use the same password on many sites, or so that a single compromised email address doesn't necessarily have to result in many accounts being compromised. We discourage the practice, which many sites require, of providing your email address and login in order to discover friends in a social network, and we've provided robust, open, free technologies that make such unsafe practices less necessary. All that is on top of having an exemplary security record for our applications, far better than other similar blogging platforms.
The bottom line: We're sorry Mr. Shimel has gone through this, and we're paying direct attention to it at all levels at Six Apart, from our senior executives on down. And we'll get his blog back to 100%. But it's irresponsible to present TypePad as having let a customer down when we're doing more than anyone else in the industry to try to prevent the entire situation in which these kinds of compromised accounts can result in a cascading series of vulnerabilities.
I strongly applaud the time you take to be an advocate for regular people on the web, Michael, and I hope when you hold companies accountable, you do so in a context that considers the many factors that go into issues like privacy, security, and reliability. Finally, we welcome and invite any future conversations of this sort to include responses or replies from our team -- if you'd like to quote us the next time you cover TypePad and Six Apart, I'm sure you'll find, as Mr. Shimel hopefully has, that we're not hard to reach.
My personal cell phone number is 646-541-5843 -- the same as the first day I joined Six Apart as its first employee, and just as back then, I'm happy to take calls and questions from our customers at any time if I can be of help.
*This originated as a reader comment to the prior posting. I verified that Mr. Dash was actually the author.
See a summary of all my Defensive Computing postings.