[Owasp-leaders] Social Media - thunderclap quite excessive in what access rights it demands

Tobias tobias.gondrom at owasp.org
Wed Nov 13 20:11:26 UTC 2013


Hi Tom,

please forgive me for a small humble comment:
I just looked at the thunderclap link you gave and really wanted to do
this.
But when I went through the approval process for giving access to one of
my accounts, it was scary to what excessive degree they want
permissions. In the end after careful consideration I could not bring
myself to give that much access rights to thunderclap. :-(
I am fully supporting the cause and will post, re-tweet messages to
support our conferences but really felt that for me as a security person
that giving away that excessive access rights is not acceptable.

To give you some indication why I find this excessive:
For twitter they requested _all_ of these rights:
- Read Tweets from your timeline.
- See who you follow, and follow new people.
- Update your profile.
- Post Tweets for you.  (this is the only one I can understand and
wanted to grant.)
For Facebook:
- Thunderclap will receive the following info: your public profile and
friend list.
(From my understanding the only thing they need is the right to post a
message to my timeline.)

I can not see a reason why this company needs all that information and
access rights.

Anyway, all the best and rest assured I will tweet/re-tweet about the
event independently. 

Best regards, Tobias


On 13/11/13 19:49, Laicana Coulibaly wrote:
> I just did it.
>
>
> On Wed, Nov 13, 2013 at 7:04 PM, Michael Coates
> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>
>     Great idea tom!
>
>     For anyone that's not familiar on how Thunderclap works we have to
>     hit the minimum number of supporters for our message to be sent at
>     all. If we don't hit that minimum then none of the publicity is
>     gained from the people that vouched support.
>
>     In other words, please do sign up and help spread awareness for
>     one of our largest fundraisers of the year.
>
>     By the way, it's going to be an amazing event. There's still time
>     to register if you haven't already.
>
>     See you there.
>     -Michael
>
>
>     --
>     Michael Coates | OWASP | @_mwc
>
>
>
>     On Wed, Nov 13, 2013 at 10:32 AM, Tom Brennan - OWASP
>     <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
>
>         Thunder Thunder Thunder... ok maybe you were not a Thundercats
>         fan... but we know you LOVE OWASP
>
>         We are doing a experiment with THUNDERCLAP to raise awareness
>         and would like your help worldwide.
>
>         https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc
>
>         Thank you in advance for helping spread the word about the
>         mission 
>
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/28a6f46d/attachment-0001.html>


More information about the OWASP-Leaders mailing list