Monthly Archives: June 2012

Catching up with Melissa and Chris on Twitter

Posted on by

There is a belief, widely accepted, that the Internet is drawing audiences away from television as people refocus their time to active engagement with social media. But for television shows with social media savvy, the best of both worlds can be theirs: top shelf video production with an audience that is engaged in the conversation via Twitter.

Two new(ish) shows on MSNBC have shot out of the starting gate with a strong social media component: the Melissa Harris-Perry Show and Up with Chris Hayes, which are broadcast Saturday and Sunday mornings.  I looked at their Twitter engagement shortly after their launches (here are the older posts on Melissa Harris-Perry Show and Up With Chris Hayes).  A few months have passed since I wrote those posts; in the interim, the shows have had a chance to hit their stride.  I thought now would be a good time to revisit them and see how they’re doing!

Continue reading

Twitter Secrets of the Obama Campaign: #6 – First Master the Fundamentals

Posted on by

[For the background on this series, please see the Introduction]

So far in this series I’ve talked about many of the tricks the Obama campaign is using to get the most out of Twitter, such as tracking links, using multiple accounts, and integrating Twitter into an overall marketing campaign. While the advanced techniques are the most interesting, it still pays to heed Larry Bird’s dictum “first master the fundamentals”.  Let’s see how the Obama campaign has followed that advice and mastered Twitter fundamentals.

I’ve talked a bit about some of the Obama basics before: in the second installment of this series I talked about the diverse subjects the campaign tweets about and how and when they include links.  That post covers the content of the tweets thoroughly and is worth a review.

But even more basic than that are issues of when to tweet, how frequently to tweet, and how to use the limited space of a tweet.  These issues are driven by the unique nature of Twitter: tweets are fairly ephemeral, scrolling quickly off a feed as they’re pushed down by new ones, and tweets are tightly constrained in length and content.

Continue reading

Password Perversity and LinkedIn’s Lost List

Posted on by

Yesterday, we all awoke to discover the urgent need to change our LinkedIn passwords.  A file containing millions of “hashed” passwords was stolen by hackers and then posted on the Internet.

At this point, the real extent of the damage is unclear.  The file which was posted contains passwords, but no user names, so it is useless as-is for any nefarious purpose.  It was also not a complete list of passwords.  Those two omissions leave us wondering what more, if anything, the hackers have: do they have the complete list of all passwords with associated users?  Or did they just find something embarrassing to LinkedIn but with no real value to wrongdoers?

Perhaps those questions will be answered over time, but it was clear that everyone needed to change their LinkedIn password immediately.  That much is common knowledge.

Because the list has “hashed” password (more about that in a minute), it’s not possible to see the actual passwords people used:

But it is nonetheless possible to check to see if a password you know is in the file.

A quick technical diversion: LinkedIn, like most web applications, does not store your actual password on their system.  So then, the question is, how can they tell if you’ve entered it correctly? The answer is that they compute a sort of score for your password, called a hash, and store that.  If the score they saved of your password matches the score of the password you are entering, they let you in.

For a very simple hash function, consider the following.  let’s say you assign every letter of the alphabet a number, starting at 1 for A and ending at 26 for Z.  When someone enters a password, you add up the numbers for the letters.  A password of ABC gets a score of 1+2+3=6.  So they store 6 in their database.  Now, if you enter ABD as your password later, the software adds the letters up, and since 1+2+4=7, there’s no match.  

Now, imagine you, like the hackers, have stolen this file containing all the scores. Just by knowing the saved password is 6 it doesn’t automatically give you ABC.  However — and this is the important part — if you know the score is 6, you can invent a password — for example “EA” — that has the same score (since 5+1=6).  If you were to use EA as a password in this (fictional) scenario, LinkedIn would say your password matches and let you in!

The actual formula used is far more sophisticated, and, as you can see by the sample printout of the leaked passwords, the results are far more complicated.  But, in theory, the two approaches are exactly the same. And, so, with some effort, if the hackers wanted to break into an account, they could generate a fake password that gets the same score as yours without ever knowing your real password.  It doesn’t matter, the fake one will work as well.

As an alternative, the hackers could try a list of common words.  Some people have very simple passwords, and a list of words (called a “dictionary attack”) will uncover some significant number of passwords.  Some hackers even keep a list of pre-hashed dictionary words around (called a “rainbow table”, in non-obvious naming), so it’s faster for them to check common passwords.

Still, how do you know if your LinkedIn password was in the file — when all you know is your actual password? You will have to score your password (or “hash” it as it is really known) and look for that value in the file.  Two big obstacles for most people: figuring out how to compute the hash of their password and then getting a copy of the leaked file to see if your hashed password is in it.

Fortunately, a reputable software vendor who sells password management software (which is a really good idea to use) has built a web site where you can see if your password is in the LinkedIn file.  Their web site is at:

https://lastpass.com/linkedin/

Just because your password is not in the file, should you not find it, does not mean you are safe.  You should assume the hackers have more than they have given out publicly and that they really do have your hashed password.

Once you’ve checked for your password, you could call it a day and move on.

Or, if you have a strange curiosity like I do, you can see that this password file presents an interesting opportunity for a little research into what people use for passwords.  

First, a word about ethics: the file has passwords, but no users.  There is no way you can break into someone’s account using this file (but we presume the hackers know more and could break into people’s accounts, so that’s not a reason to be complacent).  The passwords are completely anonymous.  We have no way of knowing whose passwords these are.  Also, the password file is now out in the open, so looking at it does not represent a subsequent unethical hacking.

With that observation, let me point out that when you visit that web site to check your password, you can invent any password you want and see if it was used.

For example, those of you with a political bent will find that “romney” was used by somebody as a password, but “obama” never was.  “clinton” was used, but “bush” wasn’t.  There’s nothing you can really conclude from that, however.  This is just password voyeurism.

Where it does show some insights into humanity, perhaps, is when you try out phrases that are more personal nature.  Just about anything you can think of (or, I should be more precise, anything I can think of — perhaps my horizons are not broad enough) is in there as a password.  On the plus side, there are plenty of inspiring religious terms I found. “jesussaves” and “john316” (Tebow? That you?). That makes me feel some faith in humanity. On the minus side, well,  I don’t want to repeat some of the more salacious passwords I tried, but HL Mencken was right.  Whatever level of depravity I have, LinkedIn users showed me I’m just an amateur.  I’m pretty sure that I’m out of my depth here and that my imagination pales in comparison to the collective perversity of 6.5 million people.

So give it a whirl if you like.  It’s a kind of “hot or not” of passwords. Again, I want to point out the ethics of this are pretty clear — you are not hacking anyone’s account by doing this.  You are not decrypting everyone’s passwords.  You are not discovering something private about a person.  You are just looking at anonymous information and seeing if passwords you can concoct have been used.  

If you can draw any conclusions from the password file, it is only that a lot of people hate their passwords.  And, yes, somebody used “ihatepasswords” a password.

Twitter Secrets of the Obama Campaign: #5 – Turn Twitter into a Telephone Tree

Posted on by

[For the background on this series, please see the Introduction]

When you look at how effective someone is on Twitter, one of the key metrics is their retweet percentage: how often do their tweets get re-sent by others?  Being retweeted has two important benefits: it furthers the message along to new people and it gives a kind of third-party approval to the original message. (And it’s good for your ego…)

Normally, retweets happen when a user stumbles across a tweet she1 finds interesting.  But actually getting the user to retweet takes a fortuitous combination of her seeing the original tweet and then thinking it is worthy of sending it on to her followers.  This is why it is so hard to initially get traction on Twitter: the odds of a tweet catching on are brutal2.  

As a purely hypothetical example, suppose the chance that a follower reads any given tweet of yours is 1 in 100.  She just may not see it at all because she’s not online at the time.  She may kind of see it, but not read it; perhaps something else is more interesting.  And if she does read it, odds are against her pushing the retweet button. Let’s say (for example’s sake) those odds are 1 in 100.  That means, then, the odds of any given follower retweeting one of your tweets is 1 in 10,000.  If you only have 50 followers, well, 1 in every 200 tweets of yours will be retweeted. That’s a lot of tweeting for not much action.  Of course, the odds aren’t fixed — the content of the tweet and the timing of it have a lot to do with it (I’ll have a post on that subject later).  But over the long run, the odds of getting a retweet are disappointingly small.

Of course, if you’re @BarackObama with 16 million followers, even those disappointing odds turn into a huge number of retweets.  That’s why when you compare @BarackObama to @MittRomney, you’ll see that Obama is way ahead of Romney in terms of retweets — because Romney has only a bit over 500 thousand followers.  Maybe, if Romney can acquire the same number of followers as Obama has and starts tweeting as often as Obama does, Romney can catch up.  But given how hard it will be to do both of those, we can expect the @BarackObama Twitter account will continue to have far more engagement than the @MittRomney one.

But as I described in my previous post, the Obama campaign is more than just the national organization: each state has its own campaign with its own Twitter account.  And the state organizations, like the national campaign, look to retweets as a way to spread their message.  But without the massive follower counts that @BarackObama has, the state Twitter accounts struggle against the poor odds for retweets like the rest of us do.

But what if there was a way to change the odds?  What if you could increase the retweet frequency by several orders of magnitude? Seems unlikely, does’t it?  Short of writing incredibly witty or provocative tweets (or, I sometimes suspect, always including pictures of adorable kittens), there’s not much it seems you can do.  It might seem that way, but you might be wrong…

A clever developer named Kyle Shank came up with a web application called Donate Your Account.  If you are supporter of the Obama Florida campaign (who uses this application), you can use Donate Your Account to give OFA Florida permission to automatically send out tweets on your behalf:

You can also give them permission to make posts to your Facebook wall.  So now you don’t have to read through all the @OFA_FL (Obama For America Florida) tweets to find one to retweet.  Instead, the campaign can pick one tweet a day and use Donate Your Account to send it out, automatically, under your Twitter account.  To everyone else on Twitter, it appears you had manually retweeted it yourself.  Brilliant!

Suddenly, the odds of retweets improve dramatically, and the volume of retweets will grow.  In many ways, it’s like a Twitter manifestation of an old fashioned telephone tree, where the person with the message passes it on to a couple of people, and they in turn pass it on to more people — again and again until the message has travelled to everyone it needs to reach.

So far, at least 8 of the Obama state organizations are set up to do this. Is this working for them?  There’s been quite a few sign ups:

State Twitter Sign Ups Facebook Signups
FL 149 26
OH 75 8
NV 80 0
SC 13 0
CA 27 0
CO 16 0
MT 8 0
VA 23 0

I picked one of the user accounts at random (so, to be clear, this is not statistically valid) and here’s what I saw:

Wow! It really works.

If all those hundreds of accounts that signed up were retweeting once a day, the total reach of these state accounts would be substantially magnified.  But “If” is the operative word: while the users have done their part and signed up, the follow through by the state campaign organizations has been spotty so far.  Everything is on autopilot for the users, but the campaigns still have to manually designate a tweet a day to be retweeted. A couple of the state campaigns are fairly active in pushing out regular messages, but a lot of them are not.  To be clear: if a campaign doesn’t get around to pushing tweets through its DonateYourAccount volunteers, they’ve missed an opportunity.

It’s unfortunate (for them) that there’s a potential here that’s not being tapped.  I’m surprised that the Obama national campaign is not recruiting retweeters too, even with their massive follower counts.  They could easily build their own automatic retweet application into their barackobama.com website.  This would give them the ability to sign up a large, nationwide cadre of retweeters3.  The Obama campaign could then unleash an overwhelming Twitter barrage in the closing days of the campaign.  Such a move — if it worked, of course — would leave people in further awe of the Obama campaign’s social media prowess.

The great thing is that kind of prowess is available to anyone today:  Donate Your Account is free for everyone to use, and so there’s a great opportunity for other candidates to give it a try.  A tool like this could be very helpful to down ballot candidates who have a hard time getting attention on social media; even a small handful of supporters who retweet a message of the day can dramatically extend the campaign’s social media reach. The tool is wonderful in that it allows these volunteers to participate in a way that costs them no money and requires no time beyond a quick initial set up.  That overcomes another problem small campaigns have, motivating supporters. It’s win-win!

For other, more long lasting organizations, the same approach will work.  Charities, social groups, or schools could easily use this technology to get the word out.  Businesses that have partner channels could try something similar with their partners.  Even governments could use this in a variety of ways.

You can sign up for the service here: http://donateyouraccount.com/ .  Let me know if you try it and if it works out for you!

Keep up to date with future updates to this series by following me on Twitter and/or subscribing to updates to this website. To see all posts in this series, visit the overview page.

Notes:

1) Twitter is thought to have more female users than male users.

2) This is why it’s so hard to get started on Twitter: No followers = no retweets = no new followers…

3) There’s just no hope of having a happy spell checker when writing about social media…

Twitter Secrets of the Obama Campaign: #4 – All Politics is Local

Posted on by

[For the background on this series, please see the Introduction]

For most of us, it’s hard enough to keep up with just one Twitter account.  But if you’re trying to engage a diverse group of people — or trying to engage multiple, distinct constituencies — you may need more than one.

Many candidates running for national office have two official Twitter accounts, the candidate’s and their staff’s. The candidate’s account is meant to be the official voice of the person running for office.  Depending upon the candidate’s time and inclination, the account can be used mostly by the candidate his/herself or mostly managed by staffers.  Like with the President:

It’s mostly tweets from his campaign team, with the occasional “-bo” tweet from the President. Still, if you want to follow just one account to read what the President is thinking and doing, this is the one.

But if people want to feel a connection to the campaign, not just the candidate, a staff Twitter account can be useful.  The account can discuss news and happenings within the campaign, giving a more of a nuts-and-bolts view into the organization.  Like this one for the Obama campaign:

It should come as no surprise that Mitt Romney’s campaign is set up the same way: @MittRomney is for the candidate and @TeamRomney is for the campaign staff. Both campaigns have additional Twitter accounts for various family members, high profile advisors, etc. At the national campaign level, the Obama and Romney accounts are structured roughly the same.

But that’s where the similarity ends and Obama starts pulls far ahead of Romney.

Obama’s campaign team has moved beyond just the small handful of national accounts to create accounts that target various constituencies.  Paying homage to Tip O’Neill’s quip that all politics is local, Obama’s team has launched a set of 51 state-level (including DC) twitter accounts:

... and on and on

These state-level Twitter accounts distribute state-specific news of interest, retweet pertinent general campaign messages, and promote volunteer teams.  Mitt Romney has nothing like this. True, there are a few local groups supporting Mitt that have independent Twitter accounts, but they’re nowhere as well done as Obama’s. 

Each Obama For America (OFA) state account is a “verified account”, meaning that Twitter has validated that they are who they say they are.  Additionally, the accounts all follow the same naming convention: OFA_xx, where the “xx” is the two letter state code. Any Twitter user, upon seeing the name and blue-circle-with-a-check, knows the account is a legitimate part of the Obama campaign.  This is a very important tool: when you search for somebody on Twitter — somebody popular — the number of fake/joke/criticism accounts can be startling.  Being able to easily spot the right account is critical.

Each state account is tied to a state-specific micro-site on barackobama.com; people can navigate seamlessly from Twitter into the Obama web site and land on the correct state’s page. There are state specific Facebook pages as well. All of this provides comprehensive “multi-channel” support for the state organizations.

As an example, here’s the @OFA_FL account (which I picked since I live in Florida…):

You can see that this is a very active account — somedays even more active than the main @BarackObama account!  The logo is well done and is in keeping with the over all style of the Obama campaign.   The Twitter profile page itself (not shown here, but you can see it at https://twitter.com/#!/OFA_FL), is branded consistently with the rest of Obama campaign. For a state campaign Twitter account, it has a very healthy number of followers and helps drive support for the President in Florida.

You might think that, for such an important battle-ground state, Mitt Romney would have a state-specific account too.  But a search for “Mitt Romney Florida” in Twitter only turns up one south-Florida countywide group:

It’s not verified, it doesn’t have a dedicated web page, the profile page has the default Twitter look instead of Romney’s, and the account’s not very active.  For a normal user, it would be hard to know at a glance if this account real or not, especially given all the fake Mitt Romney accounts on Twitter. That’s not a criticism of this group’s efforts, but an observation of an omission on the part of the Romney campaign.  As far as I can tell, there are no state-level Romney for President Twitter accounts.  Romney’s team could learn a lesson on this subject.

What are the lessons for the rest of us, though, who don’t have an organization the size and depth of Obama’s (or Romney’s)?

  1. If you can get your account(s) verified by Twitter, do so.  The blue check mark stands out and will let people know that they can trust your account.  If you cannot get verified (which is likely, as Twitter is very selective about who it verifies), make sure that you use the same branding in Twitter as you use everywhere else.  This is especially important if you have more than one account.  Since fake accounts rarely spend the time necessary to do proper branding, you will want to make sure yours are thoroughly branded by:
     
    1. Setting a background image in your Twitter profile that looks clean and appropriate for your organization.  It should look like an extension of your web site, albeit transformed for the limitations of Twitter’s layout.
       
    2. Making sure your picture looks consistent with other pictures or logos you use.  For heaven’s sake, don’t use Twitter’s default egg picture!
       
    3. Making sure you include a link to your web site in the profile
       
    4. Stating clearly that it is the official account
       
    5. Mentioning your Twitter account name on your web site, Facebook page, etc.  This provides a double check for users.
       
  2. If you actually have multiple audiences that need to hear different (but never conflicting) messages, weigh the costs/benefits of setting up separate accounts for each of them (or for some logical grouping of audiences).  A business will naturally want to consider different Twitter accounts for (mostly) unrelated product lines, independent business units, or any other logical way they organize customer interactions.  Make sure all accounts are branded similarly (unless they truly represent different brands!).
     
  3. Finally, you’ll find that neither Obama nor Romney have separate “personal” accounts. I’ve seen some candidates who try to have a campaign account and a personal one that is unrelated to the race.  That doesn’t work too well.  If you lock the personal account (so only approved users can read what you tweet), people will wonder what you’re saying — and may assume the worst.  If it’s unlocked, you can bet the competition will be looking for something to use from it.  All public accounts are campaign accounts at the end of the day.

While most of what the Obama campaign does on Twitter can be adopted by smaller campaigns and organizations, the campaign’s spinning up 50+ accounts works only because of the size of Obama’s team and his popularity on Twitter. This is a scale most of us will never reach (although we might hope to).  But we can still keep in mind the best practices we’ve learned as we apply them our more humble efforts.

Keep up to date with future updates to this series by following me on Twitter and/or subscribing to updates to this website. To see all posts in this series, visit the overview page.

Random asides:

The Obama campaign has many additional communities it addresses on its web site that don’t have distinct Twitter accounts — perhaps they’ll roll out additional accounts over time?