[Owasp-leaders] Social Media - thunderclap quite excessive in what access rights it demands

Laicana Coulibaly laicana.coulibaly at owasp.org
Wed Nov 13 21:09:57 UTC 2013


Hi everyone, I'm a new chapter leader(since yesterday). I lead Ivory Coast
chapter in west africa.  I want to know if there's something special for
chapter leader to attend AppSecUSA ?


On Wed, Nov 13, 2013 at 9:01 PM, Jonathan Marcil
<jonathan.marcil at owasp.org>wrote:

> If I understand correctly, Thunderclap is the crowd sourcing of social
> media buzz. So when the goal is reached, a message is posted to your
> timeline/feed by Thunderclap.
>
> At that point you must trust Thunderclap with your "tweets" the same
> ways people trust Kickstarter with their money.
>
> If you remove the rights then I suppose it removes the backing since
> that's the whole point of Thunderclap. If on their side they want to
> trust you, they must analyze some data and that would justifies all the
> required rights.
>
> BTW I used @owaspmontreal twitter account to do so, that way it doesn't
> mix with my own twitter account and automated message are acceptable to
> me with that account with no privacy concern. I would suggest to do the
> same if you have privacy concern, but don't register a stub account with
> no followers since it won't help anyways.
>
> See you all at AppSecUSA!
>
> - Jonathan
>
>
>
> On 2013-11-13 15:46, Michael Coates wrote:
> > For comparison on the Twitter permissions:
> >
> > For twitter they requested _all_ of these rights:
> > - Read Tweets from your timeline.
> > This is already possible for all twitter accounts (unless you've made
> > your twitter account private)
> >
> > - See who you follow, and follow new people.
> > It is already possible to see who you follow (unless you've made your
> > twitter account private
> > Following new people - I haven't heard that they do this at all.
> > Suspicious actions would of course reflect poorly on them.
> >
> > - Update your profile.
> > Agreed. This seems unnecessary. Abuse would not reflect well on
> Thunderclap
> >
> > - Post Tweets for you.  (this is the only one I can understand and
> > wanted to grant.)
> > This is the purpose of ThunderClap.
> >
> >
> > Here's the FAQ for ThunderClap: https://www.thunderclap.it/faq
> >
> > For what it's worth Mozilla used ThunderClap several times and they are
> > very privacy conscious.
> >
> > And lastly you can always remove access via twitter at any point.
> >
> >
> > But, of course make the right decision for you. This is a nice way to
> > raise awareness if it feels right for your situation. There are many
> > other ways everyone is supporting.
> >
> >
> > -Michael
> >
> > --
> > Michael Coates | OWASP | @_mwc
> >
> >
> >
> > On Wed, Nov 13, 2013 at 12:11 PM, Tobias <tobias.gondrom at owasp.org
> > <mailto:tobias.gondrom at owasp.org>> wrote:
> >
> >     Hi Tom,
> >
> >     please forgive me for a small humble comment:
> >     I just looked at the thunderclap link you gave and really wanted to
> >     do this.
> >     But when I went through the approval process for giving access to
> >     one of my accounts, it was scary to what excessive degree they want
> >     permissions. In the end after careful consideration I could not
> >     bring myself to give that much access rights to thunderclap. :-(
> >     I am fully supporting the cause and will post, re-tweet messages to
> >     support our conferences but really felt that for me as a security
> >     person that giving away that excessive access rights is not
> acceptable.
> >
> >     To give you some indication why I find this excessive:
> >     For twitter they requested _all_ of these rights:
> >     - Read Tweets from your timeline.
> >     - See who you follow, and follow new people.
> >     - Update your profile.
> >     - Post Tweets for you.  (this is the only one I can understand and
> >     wanted to grant.)
> >     For Facebook:
> >     - Thunderclap will receive the following info: your public profile
> >     and friend list.
> >     (From my understanding the only thing they need is the right to post
> >     a message to my timeline.)
> >
> >     I can not see a reason why this company needs all that information
> >     and access rights.
> >
> >     Anyway, all the best and rest assured I will tweet/re-tweet about
> >     the event independently.
> >
> >     Best regards, Tobias
> >
> >
> >     On 13/11/13 19:49, Laicana Coulibaly wrote:
> >>     I just did it.
> >>
> >>
> >>     On Wed, Nov 13, 2013 at 7:04 PM, Michael Coates
> >>     <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
> >>
> >>         Great idea tom!
> >>
> >>         For anyone that's not familiar on how Thunderclap works we
> >>         have to hit the minimum number of supporters for our message
> >>         to be sent at all. If we don't hit that minimum then none of
> >>         the publicity is gained from the people that vouched support.
> >>
> >>         In other words, please do sign up and help spread awareness
> >>         for one of our largest fundraisers of the year.
> >>
> >>         By the way, it's going to be an amazing event. There's still
> >>         time to register if you haven't already.
> >>
> >>         See you there.
> >>         -Michael
> >>
> >>
> >>         --
> >>         Michael Coates | OWASP | @_mwc
> >>
> >>
> >>
> >>         On Wed, Nov 13, 2013 at 10:32 AM, Tom Brennan - OWASP
> >>         <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> >>
> >>             Thunder Thunder Thunder… ok maybe you were not a
> >>             Thundercats fan… but we know you LOVE OWASP
> >>
> >>             We are doing a experiment with THUNDERCLAP to raise
> >>             awareness and would like your help worldwide.
> >>
> >>
> https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc
> >>
> >>             Thank you in advance for helping spread the word about the
> >>             mission
> >>
> >>
> >>             _______________________________________________
> >>             OWASP-Leaders mailing list
> >>             OWASP-Leaders at lists.owasp.org
> >>             <mailto:OWASP-Leaders at lists.owasp.org>
> >>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >>         _______________________________________________
> >>         OWASP-Leaders mailing list
> >>         OWASP-Leaders at lists.owasp.org
> >>         <mailto:OWASP-Leaders at lists.owasp.org>
> >>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >>
> >>
> >>
> >>
> >>     _______________________________________________
> >>     OWASP-Leaders mailing list
> >>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org
> >
> >>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131113/d1a17774/attachment-0001.html>


More information about the OWASP-Leaders mailing list