Peerlyst vs Medium: Data Ownership and Community Building

First a Warning! Strong Personal Opinions Ahead!

Recently I replied to couple of posts in Peerlyst, and someone asked if I wanted to write an actual blog entry. After some thinking, I decided it would not be easy for me to write blog posts for Peerlyst. I don’t think it is a suitable platform for personal/professional blog posts.

If you don’t know what Peerlyst is, just go over there and you will find out it is all about Information Security Pro’s doing their thing online. Is like a Linkedin for Cyber Spooks.

Why do I think Peerlyst is not a good platform to publish content (personal/professional blog entries)?

Two reasons, which I will summarize as:

  • My writing style and opinions
  • Peerlyst Term of Services (TOS)


I think it will be hell for me.

Mr Bosch said I would feel this way about it

If you have never read anything else other than this blog entry, please go and read some other blog entries. I would be happy to have a reader counter bigger than 2.

What you will find is that I don’t hold back, and use (or abuse) humour. I express my opinions as they pop into my head, and I have also opinions about everything and anything.

Back to to the main theme: this is going to be a post about Peerlyst, and  I will add some InfoSec stuff to keep the theme going. I will also have to be very careful, as Peerlyst guards their content like Smaug guards the gold. That means I will not be providing any links to Peerlyst content. If you want to see what I have posted (a meagre number of replies to other people), search for Blocksec. Obvious, isn’t it?

I am going to end with a blockchain reference, as mandated by my sponsor (my wife), site operator (me), editor (my wife), and executive team (me and my wife). We have a big team.

Ah! Be warned this blog will have an unseemingly high number of bullet points. It happened because I am bending my  imaginary fingers, to count my arguments and for emphasis. Please bear with me (and my imaginary fingers). I recommend you bend your real fingers, and let me know how it goes. Or…. better idea, don’t.

And now, and advertisement from our sponsors, in the form of a Second Warning.


The road ahead is Caliente! (look it up). Also: excessive bullet points!


My thinking on Peerlyst  TOS

I read the TOS and looked the site content, and I concluded that:

  • As per Proprietary Rights in the TOS,  PEERLYST (the legal entity) owns blog posts by virtue of being posted there
  • Only paying members (vendors) can promote products and services to non-paying members (like me).
  • I don’t see any ads, banners, or sponsored content there. I am not paying Peerlyst so how does it fund itself?
  • In my experience if I don’t pay for a product, there is a good chance I am the product.
  • Being a product means I have to consider self-interest, as I learned from other social media platforms.
  • Self-interest means an incentive to derive personal benefit, over benefits to the medium community.
  • The goal would be to get as many upvotes and followers as possible, for content I am willing to give away.
  • I am back into familiar territory (Linkedin), so may as well do in Peerlyst what I do in Linkedin (cultivate an image, connect with peers, find employers, get better paying jobs)


That line of thinking means I would have to work at writing posts for Peerlyst, to mind what I am willing to give up in terms of content ownership. It is a cold, cynical and calculated approach towards a site professing  community building. Sadly, being an Infosec professional has the unfortunate side effect of becoming cold, cynical and calculative about corporations and their motivations. I remember how Facebook started by trying to connect people, and Google’s “don’t be evil” no-longer-a-motto. I think by now we are all less naive about such things.

You know how this works folks! I just need to harvest your data. I will give you a freebie for your efforts (evil laugh)

Where are the vendors?

I am also confused by the fact that Peerlyst has been around since 2010 (or so the internet says), so by now it would have to sell something, or run out of funding. Enter the FAQ. There is something odd in there:

  • I can be anonymous. I actually am, but  it is a side effect of filling a form incorrectly. There is no way to change my ‘nym so I remain anonymous. I like it now, so I am not changing it.
  • The FAQ also states, “Our community is focused on users, but Peerlyst is also a resource for vendors”.


Why is it odd? Because:

  • By now I expected to see more “vendor” activity, and I just don’t see it.
  • Being a product (me)  means being saleable, and I am not, due to my ‘nym.


I am obviously missing something here. Security vendors tend to be aggressive with their sales. I attended a “free” event recently, and I have been getting calls twice a day, every day, since. So, what could be happening here? Some thoughts:

  • Peerlyst has not achieved critical mass, and it is still in the “lets build a community” phase. Not likely.
  • Site is not selling anything and someone is just happy to fund it “because”. Not likely.
  • Someone is curating the vendor activity really hard, as to avoid becoming Facebook. Likely.
  • I don’t get vendor attention because of my ‘nym and lack of upvotes and posts. Very Likely.
  • The vendors are getting “the goodies” in a way that does not intrude with the site flow. Very Very likely.


Enter Privacy Policy

Aha! All becomes clear. Bonus points for writing the policy in plain english instead of legalese! It says in plain english that Peerlyst collects the data and it makes it available to:

  • Affiliates
  • Service Providers
  • Third Parties
  • Business Transfers (acquired by or merged)

My assessment on vendors getting “the goods” via data collection is right. Peerlyst is a treasure trove of people who can “influence or approve” purchases for security products.


Data! Get your Data! I have CISOs! Security Architects! Analysts! Also Pen-testers!

Community and Commons. I am a fan of Medium

It seems the “mutually beneficial arrangement”, between the site and its users, is on  Peerlyst deriving value from the quantity and quality of its community. The users get a place where to share opinions, and blogs they don’t own.  The site gets to build a nice dataset to sell. I call this “people farming”, which sound sinister as it should.

The obvious question: is this a fair arrangement ?  I don’t think so, because one day site owners will sell it and walk away into the sunset (or laughing to the bank, you pick the metaphor), and the site users would not receive any benefits from that transaction at all. They will be sold as the product they are (or I am, as I am a user).


Social Media Blogger after platform content sale. Not laughing to the bank.

Is this how a community is built? Yes, if you are being farmed by Google, Apple, Facebook or Amazon (aka GAFA).

I am not done yet with Peerlyst TOS and community building. I am going to be very unfair, and compare Peerlyst TOS with Medium.

  • Medium TOS is clear and succinct: “You own the rights to the content you create and post on Medium.”
  • Medium clearly states their target audience is you (or me), not advertisers or sponsored content
  • I am a heavy Medium user. I pay Medium, and I re-post on Medium.
  • I don’t even try to get paid for my work, as I think it is mediocre at best.


Fausto, the social media blogger, interacting with Legal Team over TOS

Side note: I repost on Twitter, Facebook and sometimes Linkedin. I indicate who owns the content, which tracks to my personally owned site and blog. (I think I have 1 reader, but whatever).

It is interesting how Medium has managed to turn cynical me into a contributor, and I am not even trying to get paid. I am just happy to own my stuff, and share it with whomever happens to find it. No interests other than sharing. That is proper community building, according to cynical me. It is possible that I am nuts, and Medium is the Evil Empire but I just don’t see it.

Here is a thought experiment: what would happen if I re-posted in Peerlyst  some content that I clearly own? It would be an interesting experiment I am not willing to undertake. I am scared of Peerlyst legal team!


Medium readers and writers doing their thing (this is how I imagine them, Classics Style)

Where is the blockchain?! 

Patience! I am getting there.

But first, this is one of those opinions I warned you about: as a security professional, and a person, I am deeply concerned about data ownership by social platforms. I am even more concerned about those platforms business models for the data, and the the unfairness of the business model. I don’t think we are getting fair value for out data, as we cant even control any aspects of the “free” service.

Unless you have been living under a rock, or recently arrived to this planet, I don’t need to include any references to recent events regarding Personal Data and Privacy.  If you know about this and don’t care, I feel bad for you, your children and your children’s children (and all the other generations that follow).

Personal data will be (or already is) the fuel for the digital economy, and some people have designs on the data. They all think they will walk into the sunset (or go laughing to the bank) as a result of “monetizing” personal data (I deeply dislike that word).  One of the “monetizing” ideas for personal data is  “Decentralized AI”, and I will write a blog entry about it.

So.. right… blockchain. Let’s think about it. What technology is out there able to:

  • Turn a digital thing (data) into value (make it scarce and valuable that is)
  • Do it in a decentralized manner (no banks, or GAFA)
  • Allow you to transact that value on your own (also in a decentralized manner)
  • While maintaining your privacy (via spooky Zero Knowledge Proofs)
  • And while maintaining your ownership (a tall order this one is)


You guessed it! Blockchain it is!

There is a little twist here. You need two things, both blockchain related:

  • You need Decentralized Digital Identity (of the Self-Sovereign kind)
  • And yes, some public blockchain for the value thing. Preferably the tokenizing type, with smart contracts, and some cryptocurrency


At this point you are thinking I pulled that Identity thing out of a hat. I kind of did (applause?), but not really. It is a deep topic, that I can’t explain in this blog alone. I will have to write about it some time in the future.

For now just take my word: you mix those two, add some tokenizing elbow grease,  and you get a Personal Data Ownership anti-GAFA  cocktail. If you spray GAFA  with it, they will hiss and avoid you like a vampire hit with holy water.


Don’t listen to the Social Media data vampire! Spray some of that blockchain concoction and see it fizzle


To close this blog entry, here are two thoughts:

  • Conclusión Numéro Uno (I speak Spanish):  I don’t think Peerlyst is proper community building. Not in the sense I would like to see it, unless your idea of community is GAFA. If that’s the case, this blog is not for you.
  • Conclusión Numéro Dos (now you know Spanish): It is possible to participate in something like Peerlyst, as long as you don’t mind being farmed. It can be used for self-aggrandizing efforts, or to land that sweet job you are dreaming about. It can also be used to make connections with other farmees (is that a word?). It is also easier to reach readers there (unlike doing this personally hosted blogs nobody reads).


The Author using Linkedin soapbox to advertise self, and harangue followers and future employers. Is that a brick in his hand?

Oh! In case you are wondering about that little thing on top of the “ó” and the “é”: it means the sound is emphasized on that vowel (is accented). It follows some dastardly grammar rules, and you don’t know how glad I am that English Language does not have it. It is also the reason I sound funny in English.


About the Author


Enjoy this blog? If so, spread the word!

%d bloggers like this: