[Owasp-leaders] Social Media - thunderclap quite excessive in what access rights it demands

Laicana Coulibaly laicana.coulibaly at owasp.org
Wed Nov 13 21:02:33 UTC 2013


I completely agree with Michael.


On Wed, Nov 13, 2013 at 8:46 PM, Michael Coates <michael.coates at owasp.org>wrote:

> For comparison on the Twitter permissions:
>
>
> For twitter they requested _all_ of these rights:
> - Read Tweets from your timeline.
> This is already possible for all twitter accounts (unless you've made your
> twitter account private)
>
> - See who you follow, and follow new people.
> It is already possible to see who you follow (unless you've made your
> twitter account private
> Following new people - I haven't heard that they do this at all.
> Suspicious actions would of course reflect poorly on them.
>
> - Update your profile.
> Agreed. This seems unnecessary. Abuse would not reflect well on Thunderclap
>
>
> - Post Tweets for you.  (this is the only one I can understand and wanted
> to grant.)
> This is the purpose of ThunderClap.
>
>
> Here's the FAQ for ThunderClap: https://www.thunderclap.it/faq
>
> For what it's worth Mozilla used ThunderClap several times and they are
> very privacy conscious.
>
> And lastly you can always remove access via twitter at any point.
>
>
> But, of course make the right decision for you. This is a nice way to
> raise awareness if it feels right for your situation. There are many other
> ways everyone is supporting.
>
>
> -Michael
>
> --
> Michael Coates | OWASP | @_mwc
>
>
>
> On Wed, Nov 13, 2013 at 12:11 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Hi Tom,
>>
>> please forgive me for a small humble comment:
>> I just looked at the thunderclap link you gave and really wanted to do
>> this.
>> But when I went through the approval process for giving access to one of
>> my accounts, it was scary to what excessive degree they want permissions.
>> In the end after careful consideration I could not bring myself to give
>> that much access rights to thunderclap. :-(
>> I am fully supporting the cause and will post, re-tweet messages to
>> support our conferences but really felt that for me as a security person
>> that giving away that excessive access rights is not acceptable.
>>
>> To give you some indication why I find this excessive:
>> For twitter they requested _all_ of these rights:
>> - Read Tweets from your timeline.
>> - See who you follow, and follow new people.
>> - Update your profile.
>> - Post Tweets for you.  (this is the only one I can understand and wanted
>> to grant.)
>> For Facebook:
>> - Thunderclap will receive the following info: your public profile and
>> friend list.
>> (From my understanding the only thing they need is the right to post a
>> message to my timeline.)
>>
>> I can not see a reason why this company needs all that information and
>> access rights.
>>
>> Anyway, all the best and rest assured I will tweet/re-tweet about the
>> event independently.
>>
>> Best regards, Tobias
>>
>>
>> On 13/11/13 19:49, Laicana Coulibaly wrote:
>>
>> I just did it.
>>
>>
>> On Wed, Nov 13, 2013 at 7:04 PM, Michael Coates <michael.coates at owasp.org
>> > wrote:
>>
>>>   Great idea tom!
>>>
>>> For anyone that's not familiar on how Thunderclap works we have to hit
>>> the minimum number of supporters for our message to be sent at all. If we
>>> don't hit that minimum then none of the publicity is gained from the people
>>> that vouched support.
>>>
>>> In other words, please do sign up and help spread awareness for one of
>>> our largest fundraisers of the year.
>>>
>>>  By the way, it's going to be an amazing event. There's still time to
>>> register if you haven't already.
>>>
>>>  See you there.
>>>  -Michael
>>>
>>>
>>> --
>>> Michael Coates | OWASP | @_mwc
>>>
>>>
>>>
>>>  On Wed, Nov 13, 2013 at 10:32 AM, Tom Brennan - OWASP <tomb at owasp.org>wrote:
>>>
>>>>  Thunder Thunder Thunder… ok maybe you were not a Thundercats fan… but
>>>> we know you LOVE OWASP
>>>>
>>>>  We are doing a experiment with THUNDERCLAP to raise awareness and
>>>> would like your help worldwide.
>>>>
>>>>  https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc
>>>>
>>>>   Thank you in advance for helping spread the word about the mission
>>>>
>>>>
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/cba79db6/attachment.html>


More information about the OWASP-Leaders mailing list