<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">You can skip a lot of those requests form the app, and just authenticate using it.<div>-A<br><div><div>On Nov 13, 2013, at 3:11 PM, Tobias <<a href="mailto:tobias.gondrom@owasp.org">tobias.gondrom@owasp.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Tom, <br>
      <br>
      please forgive me for a small humble comment: <br>
      I just looked at the thunderclap link you gave and really wanted
      to do this. <br>
      But when I went through the approval process for giving access to
      one of my accounts, it was scary to what excessive degree they
      want permissions. In the end after careful consideration I could
      not bring myself to give that much access rights to thunderclap.
      :-( <br>
      I am fully supporting the cause and will post, re-tweet messages
      to support our conferences but really felt that for me as a
      security person that giving away that excessive access rights is
      not acceptable. <br>
      <br>
      To give you some indication why I find this excessive:<br>
      For twitter they requested _all_ of these rights: <br>
      - Read Tweets from your timeline.<br>
      - See who you follow, and follow new people.<br>
      - Update your profile.<br>
      - Post Tweets for you.  (this is the only one I can understand and
      wanted to grant.)<br>
      For Facebook: <br>
      - Thunderclap will receive the following info: your public profile
      and friend list.<br>
      (From my understanding the only thing they need is the right to
      post a message to my timeline.) <br>
      <br>
      I can not see a reason why this company needs all that information
      and access rights. <br>
      <br>
      Anyway, all the best and rest assured I will tweet/re-tweet about
      the event independently.  <br>
      <br>
      Best regards, Tobias<br>
      <br>
      <br>
      On 13/11/13 19:49, Laicana Coulibaly wrote:<br>
    </div>
    <blockquote cite="mid:CANqhz0fTiq5Oq6p41jgV_7NwoJs9STGVVoNkGo0ThfAOv-MokA@mail.gmail.com" type="cite">
      <div dir="ltr">I just did it.<br>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Nov 13, 2013 at 7:04 PM,
          Michael Coates <span dir="ltr"><<a moz-do-not-send="true" href="mailto:michael.coates@owasp.org" target="_blank">michael.coates@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">
              <div>
                <div>
                  <div>Great idea tom!<br>
                    <br>
                    For anyone that's not familiar on how Thunderclap
                    works we have to hit the minimum number of
                    supporters for our message to be sent at all. If we
                    don't hit that minimum then none of the publicity is
                    gained from the people that vouched support.<br>
                    <br>
                    In other words, please do sign up and help spread
                    awareness for one of our largest fundraisers of the
                    year.<br>
                    <br>
                  </div>
                  By the way, it's going to be an amazing event. There's
                  still time to register if you haven't already.<br>
                  <br>
                </div>
                See you there.<br>
              </div>
              -Michael<br>
            </div>
            <div class="gmail_extra"><br clear="all">
              <div>
                <div dir="ltr"><br>
                  --<br>
                  Michael Coates | OWASP | @_mwc<br>
                  <br>
                </div>
              </div>
              <br>
              <br>
              <div class="gmail_quote">
                <div>
                  <div class="h5">On Wed, Nov 13, 2013 at 10:32 AM, Tom
                    Brennan - OWASP <span dir="ltr"><<a moz-do-not-send="true" href="mailto:tomb@owasp.org" target="_blank">tomb@owasp.org</a>></span>
                    wrote:<br>
                  </div>
                </div>
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">
                  <div>
                    <div class="h5">
                      <div style="word-wrap:break-word">Thunder Thunder
                        Thunderů ok maybe you were not a Thundercats
                        fanů but we know you LOVE OWASP
                        <div><br>
                        </div>
                        <div>We are doing a experiment with THUNDERCLAP
                          to raise awareness and would like your help
                          worldwide.</div>
                        <div><br>
                        </div>
                        <div><a moz-do-not-send="true" href="https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc" target="_blank">https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc</a><br>
                          <div>
                            <div><br>
                            </div>
                            <div>
                              <div>
                                <div>Thank you in advance for helping
                                  spread the word about the mission 
                                </div>
                                <br>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                      <br>
                    </div>
                  </div>
                  _______________________________________________<br>
                  OWASP-Leaders mailing list<br>
                  <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                  <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                  <br>
                </blockquote>
              </div>
              <br>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a moz-do-not-send="true" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>
            <a moz-do-not-send="true" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
OWASP-Leaders mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-leaders">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </div>

_______________________________________________<br>OWASP-Leaders mailing list<br><a href="mailto:OWASP-Leaders@lists.owasp.org">OWASP-Leaders@lists.owasp.org</a><br>https://lists.owasp.org/mailman/listinfo/owasp-leaders<br></blockquote></div><br></div></body></html>