Smyte users not smitten with Twitter: APIs killed minutes after biz gobble

Updated Twitter, known for its rather rocky relationship with developers, cemented its reputation for missteps on Thursday – by announcing the acquisition of content cleansing and security biz Smyte and almost immediately disconnecting the firm's existing customers.

The deal, for an undisclosed sum, will allow Twitter to apply Smyte's fraud-busting tech to improve "the health of conversation" on the social network, a service that has long struggled with abuse and incivility.

Twitter's gain comes at the cost of Smyte's clients, a group that included npm, Task Rabbit, and Zendesk among others. With 30 minutes of the acquisition was announced at about 6am US West Coast time on Thursday, Smyte's API was disabled, cutting off its customers.

Via Twitter, npm co-founder and COO Laurie Voss laid into Smyte and Twitter. "We bust our asses to provide five nines uptime and then we get shafted by a service we pay for creating totally unnecessary downtime because they couldn't be bothered to give us a heads-up," he said. "I don't feel shabbily treated, I feel publicly and royally screwed."

Smyte provided customers with a machine-learning-based API by which they could submit data from a backend analytics system or app (e.g., a credit card purchase, a user sign-up event or social media interaction) and receive back a verdict about whether the action should be allowed or blocked.

Details of the API have disappeared from the web but can be found in in the Internet Wayback Machine, at least in part.

According to Voss, npm had a pre-paid one-year contract at $2,000 a month, and, despite this, the API was shutdown with almost no notice.

"It is irresponsible, as a SaaS company, to fail to provide a migration path to your customers and adequate time to migrate if you are shutting down," Voss said. "npm gives months of notice before we shut down totally free endpoints that are years old. It's just what you do."

Possible sueballs on the way

In a statement emailed to The Register, npm CTO CJ Silverio explained that npm used Smyte to handle some spam and new user account screening on npmjs.com, the Node.js package management service.

"We were surprised by the announcement and the service shutdown, and it led to a brief interruption of new package publishing and new account creation for about an hour, but our core service infrastructure was never affected and no npm user info or data were put at risk," she said. "We have multiple layers of defense and we’re taking the necessary steps to address this situation."

The Register asked whether npm is considering litigation for breach of contract. A company spokesperson declined to go into details beyond noting, "At this time we are evaluating all available commercial and legal remedies to protect our community."

Other Smyte customers took the service shutdown in stride.

"Yesterday, a service Zendesk uses to prevent the creation of fraudulent accounts was acquired by Twitter," a Zendesk spokesperson told The Register via email. "The vendor ceased all business operations immediately. At Zendesk we do not rely on a single vendor. We also have our own tools built in-house to ensure the safety of our customers. As of yesterday we also began enforcing email validation for all trial registrations. We do not expect any negative impact on our customers."

The Register asked Twitter, and Smyte CEO Pete Hunt, whether anyone cared to comment. We've not heard back.

Twitter users were not so shy, and many slammed the two companies for abandoning Smyte customers without warning. Jeremy Ashkenas, a software engineer at Observable who created CoffeeScript and Backbone.js, among other projects, proposed an alternate definition for the word Smyte... ®

smyte | smīt |
verb
(past participle smytten | ˈsmītn |)

1. to expose (one’s customers and friends) to danger by withdrawing support without warning.

2. a betrayal of one’s stated mission, esp. when the mission revolves around trust and security.

ex: “Don’t smyte me, bro!”

— Jeremy Ashkenas (@jashkenas) June 22, 2018

Updated to add

On Friday afternoon, Mike Montano, Twitter’s veep of its consumer engineering team, publicly posted an internal email discussing the situation, and offered acknowledgment that the acquisition had been handled poorly.

“There have been concerns around how we’re transitioning Smyte’s customers,” he wrote. “We could have done better and are learning from this experience.”

The missive explained that during the due diligence process, Twitter determined that it could not continue collecting data from Smyte customers in a way that’s consistent with its obligations as a global company.

“With that in mind, we made the difficult decision to wind things down right away,” the letter read. “We feel terribly that this caused confusion and disruption for Smyte’s customers and their employees and we’re working to help them through this transition.”