Dear @Klout – A note about #security

Dear Klout,

Just because it’s on Schneier’s blog doesn’t mean it’s about security.  At least not directly.  You see, every Friday, Bruce links to something about squid.  The actual squishy kind that live in water.

The Schneier post to which you linked and suggested I share with my followers who are interested in security isn’t about securing squid, squid hacking into the network, government regulation of digital squid, anonymous squid, Schrodinger’s Squid, squid by obscurity, perfect-forward-secret squid, 2-factor authentication of squid, squid driving, dead-drop squid, Diffie and Hellman exchanging squid, proxy squid, TSA squid checkpoints, zero-knowledge proof of squid, the endian-ness of squid, algorithms for factoring large prime squid, the ethics of pirating Sponge Bob episodes featuring Squidly, hardware squid modules, whitelists of squid, BYOS, Fire Squid browser extensions, encryption of squid at rest, one-time squid, how to root your squid, squid-in-the-middle attacks, squid-based access control, 1st or 3rd party squid blocking, the Department of Homeland Squid, 4096 bits of squid, asymmetric pairs of squid, or even the nightmare of [shudder] advanced persistent squid.

It’s a post about cephalopods. Not Information Security.2014-02-16_11-34-45

If, as you say, “10% of your Twitter audience are interested in this topic,” which topic would that be?  Squid or security?  Because Bruce doesn’t actually provide any content in the post other than a link to a Ted Talk about giant squid.  If I thought my audience were interested in squid, I’d link directly to the Ted Talk rather than link to a security blog which links to the Ted Talk. Not everyone processes 2- and 3-order indirect references.

Squid blogging is a Friday tradition of Bruce’s.  By way of explanation, he advises readers that “As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.”  This is even captured in the preview that you show me.


Assuming I share this recommended content, what my readers will find is Bruce’s minimal post, plus comments. If there is any value whatsoever in linking to this post, it would be among the comments where readers are sharing actual security news.  But if I were going to do that, I’d link to the individual comment and that precludes any use of this Klout content.

On the other hand, there may be some Klout users who would share the recommended content without reading it.  to do so would signal to the rest of us that their interest in Klout is more about raising their social media ranking rather than to help them to find and curate valuable content.  Ironically, if their brand is about integrity and value – pretty much the core of any brand focused on security, including my own professional persona – blindly sharing this Klout suggested content would reduce their influence and diminish their reputation.

This is why whenever I share Klout-recommended content, I always read it first.  Once I’m on the content page I usually share from Buffer rather than from the Klout dashboard.  Somehow, I do not think these outcomes are what Klout intends.  My intuition tells me that the content recommendations feature of Klout was designed with the assumption that it would at worst do no harm to the user’s social media standing.  I would also guess that making it 1-click easy to share using the Klout dashboard is part of a strategy to spread Klout branding via the domain.

If in fact there were among the design goals, then please consider the possibility that you’re doing it wrong.  There’s enough potential negative impact from using the “Create” dashboard that nobody should blindly share from there.  But the analytics are valuable and Klout does help me find content of interest.  That part you got right and for that I thank you.  Perhaps you should let users rate the content presented to them and provide feedback as to why they chose not to share.  In this case I’d look for a radio button with text like “Content does not match topic” or similar.  Then bad content would drop off and you might eventually get the service to the level of “first, do no harm.”

About T.Rob

Computer security nerd. WebSphere MQ expert. Autist. Advocate. Author. Humanist. Text-based life form. Find me on Facebook, Twitter, G+, or LinkedIn.
This entry was posted in Clue train, Rant, Tech and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.