[Owasp-leaders] Social Media - thunderclap quite excessive in what access rights it demands
Laicana Coulibaly
laicana.coulibaly at owasp.org
Wed Nov 13 21:09:57 UTC 2013
Hi everyone, I'm a new chapter leader(since yesterday). I lead Ivory Coast
chapter in west africa. I want to know if there's something special for
chapter leader to attend AppSecUSA ?
On Wed, Nov 13, 2013 at 9:01 PM, Jonathan Marcil
<jonathan.marcil at owasp.org>wrote:
> If I understand correctly, Thunderclap is the crowd sourcing of social
> media buzz. So when the goal is reached, a message is posted to your
> timeline/feed by Thunderclap.
>
> At that point you must trust Thunderclap with your "tweets" the same
> ways people trust Kickstarter with their money.
>
> If you remove the rights then I suppose it removes the backing since
> that's the whole point of Thunderclap. If on their side they want to
> trust you, they must analyze some data and that would justifies all the
> required rights.
>
> BTW I used @owaspmontreal twitter account to do so, that way it doesn't
> mix with my own twitter account and automated message are acceptable to
> me with that account with no privacy concern. I would suggest to do the
> same if you have privacy concern, but don't register a stub account with
> no followers since it won't help anyways.
>
> See you all at AppSecUSA!
>
> - Jonathan
>
>
>
> On 2013-11-13 15:46, Michael Coates wrote:
> > For comparison on the Twitter permissions:
> >
> > For twitter they requested _all_ of these rights:
> > - Read Tweets from your timeline.
> > This is already possible for all twitter accounts (unless you've made
> > your twitter account private)
> >
> > - See who you follow, and follow new people.
> > It is already possible to see who you follow (unless you've made your
> > twitter account private
> > Following new people - I haven't heard that they do this at all.
> > Suspicious actions would of course reflect poorly on them.
> >
> > - Update your profile.
> > Agreed. This seems unnecessary. Abuse would not reflect well on
> Thunderclap
> >
> > - Post Tweets for you. (this is the only one I can understand and
> > wanted to grant.)
> > This is the purpose of ThunderClap.
> >
> >
> > Here's the FAQ for ThunderClap: https://www.thunderclap.it/faq
> >
> > For what it's worth Mozilla used ThunderClap several times and they are
> > very privacy conscious.
> >
> > And lastly you can always remove access via twitter at any point.
> >
> >
> > But, of course make the right decision for you. This is a nice way to
> > raise awareness if it feels right for your situation. There are many
> > other ways everyone is supporting.
> >
> >
> > -Michael
> >
> > --
> > Michael Coates | OWASP | @_mwc
> >
> >
> >
> > On Wed, Nov 13, 2013 at 12:11 PM, Tobias <tobias.gondrom at owasp.org
> > <mailto:tobias.gondrom at owasp.org>> wrote:
> >
> > Hi Tom,
> >
> > please forgive me for a small humble comment:
> > I just looked at the thunderclap link you gave and really wanted to
> > do this.
> > But when I went through the approval process for giving access to
> > one of my accounts, it was scary to what excessive degree they want
> > permissions. In the end after careful consideration I could not
> > bring myself to give that much access rights to thunderclap. :-(
> > I am fully supporting the cause and will post, re-tweet messages to
> > support our conferences but really felt that for me as a security
> > person that giving away that excessive access rights is not
> acceptable.
> >
> > To give you some indication why I find this excessive:
> > For twitter they requested _all_ of these rights:
> > - Read Tweets from your timeline.
> > - See who you follow, and follow new people.
> > - Update your profile.
> > - Post Tweets for you. (this is the only one I can understand and
> > wanted to grant.)
> > For Facebook:
> > - Thunderclap will receive the following info: your public profile
> > and friend list.
> > (From my understanding the only thing they need is the right to post
> > a message to my timeline.)
> >
> > I can not see a reason why this company needs all that information
> > and access rights.
> >
> > Anyway, all the best and rest assured I will tweet/re-tweet about
> > the event independently.
> >
> > Best regards, Tobias
> >
> >
> > On 13/11/13 19:49, Laicana Coulibaly wrote:
> >> I just did it.
> >>
> >>
> >> On Wed, Nov 13, 2013 at 7:04 PM, Michael Coates
> >> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
> >>
> >> Great idea tom!
> >>
> >> For anyone that's not familiar on how Thunderclap works we
> >> have to hit the minimum number of supporters for our message
> >> to be sent at all. If we don't hit that minimum then none of
> >> the publicity is gained from the people that vouched support.
> >>
> >> In other words, please do sign up and help spread awareness
> >> for one of our largest fundraisers of the year.
> >>
> >> By the way, it's going to be an amazing event. There's still
> >> time to register if you haven't already.
> >>
> >> See you there.
> >> -Michael
> >>
> >>
> >> --
> >> Michael Coates | OWASP | @_mwc
> >>
> >>
> >>
> >> On Wed, Nov 13, 2013 at 10:32 AM, Tom Brennan - OWASP
> >> <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> >>
> >> Thunder Thunder Thunder… ok maybe you were not a
> >> Thundercats fan… but we know you LOVE OWASP
> >>
> >> We are doing a experiment with THUNDERCLAP to raise
> >> awareness and would like your help worldwide.
> >>
> >>
> https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc
> >>
> >> Thank you in advance for helping spread the word about the
> >> mission
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> <mailto:OWASP-Leaders at lists.owasp.org>
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> <mailto:OWASP-Leaders at lists.owasp.org>
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org
> >
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/d1a17774/attachment-0001.html>
More information about the OWASP-Leaders
mailing list