<div dir="ltr"><div>For comparison on the Twitter permissions:<br><br>For twitter they requested _all_ of these rights: <br>
      - Read Tweets from your timeline.<br></div>This is already possible for all twitter accounts (unless you've made your twitter account private)<br><div><br>
      - See who you follow, and follow new people.<br>It is already possible to see who you follow (unless you've made your twitter account private<br></div><div>Following new people - I haven't heard that they do this at all. Suspicious actions would of course reflect poorly on them.<br>
</div><div><br>
      - Update your profile.<br>Agreed. This seems unnecessary. Abuse would not reflect well on Thunderclap<br><br>
      - Post Tweets for you.á (this is the only one I can understand and
      wanted to grant.)<br><div class="gmail_extra">This is the purpose of ThunderClap.<br><br><br>Here's the FAQ for ThunderClap: <a href="https://www.thunderclap.it/faq">https://www.thunderclap.it/faq</a><br><br></div>
<div class="gmail_extra">For what it's worth Mozilla used ThunderClap several times and they are very privacy conscious.<br><br></div><div class="gmail_extra">And lastly you can always remove access via twitter at any point.<br>
<br><br></div><div class="gmail_extra">But, of course make the right decision for you. This is a nice way to raise awareness if it feels right for your situation. There are many other ways everyone is supporting.<br><br><br>
</div><div class="gmail_extra">-Michael<br clear="all"></div><div class="gmail_extra"><div><div dir="ltr"><br>--<br>Michael Coates | OWASP | @_mwc<br><br></div></div>
<br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 12:11 PM, Tobias <span dir="ltr"><<a href="mailto:tobias.gondrom@owasp.org" target="_blank">tobias.gondrom@owasp.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Hi Tom, <br>
      <br>
      please forgive me for a small humble comment: <br>
      I just looked at the thunderclap link you gave and really wanted
      to do this. <br>
      But when I went through the approval process for giving access to
      one of my accounts, it was scary to what excessive degree they
      want permissions. In the end after careful consideration I could
      not bring myself to give that much access rights to thunderclap.
      :-( <br>
      I am fully supporting the cause and will post, re-tweet messages
      to support our conferences but really felt that for me as a
      security person that giving away that excessive access rights is
      not acceptable. <br>
      <br>
      To give you some indication why I find this excessive:<br>
      For twitter they requested _all_ of these rights: <br>
      - Read Tweets from your timeline.<br>
      - See who you follow, and follow new people.<br>
      - Update your profile.<br>
      - Post Tweets for you.á (this is the only one I can understand and
      wanted to grant.)<br>
      For Facebook: <br>
      - Thunderclap will receive the following info: your public profile
      and friend list.<br>
      (From my understanding the only thing they need is the right to
      post a message to my timeline.) <br>
      <br>
      I can not see a reason why this company needs all that information
      and access rights. <br>
      <br>
      Anyway, all the best and rest assured I will tweet/re-tweet about
      the event independently.á <br>
      <br>
      Best regards, Tobias<br>
      <br>
      <br>
      On 13/11/13 19:49, Laicana Coulibaly wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">I just did it.<br>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Wed, Nov 13, 2013 at 7:04 PM,
          Michael Coates <span dir="ltr"><<a href="mailto:michael.coates@owasp.org" target="_blank">michael.coates@owasp.org</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div dir="ltr">
              <div>
                <div>
                  <div>Great idea tom!<br>
                    <br>
                    For anyone that's not familiar on how Thunderclap
                    works we have to hit the minimum number of
                    supporters for our message to be sent at all. If we
                    don't hit that minimum then none of the publicity is
                    gained from the people that vouched support.<br>
                    <br>
                    In other words, please do sign up and help spread
                    awareness for one of our largest fundraisers of the
                    year.<br>
                    <br>
                  </div>
                  By the way, it's going to be an amazing event. There's
                  still time to register if you haven't already.<br>
                  <br>
                </div>
                See you there.<br>
              </div>
              -Michael<br>
            </div>
            <div class="gmail_extra"><br clear="all">
              <div>
                <div dir="ltr"><br>
                  --<br>
                  Michael Coates | OWASP | @_mwc<br>
                  <br>
                </div>
              </div>
              <br>
              <br>
              <div class="gmail_quote">
                <div>
                  <div>On Wed, Nov 13, 2013 at 10:32 AM, Tom
                    Brennan - OWASP <span dir="ltr"><<a href="mailto:tomb@owasp.org" target="_blank">tomb@owasp.org</a>></span>
                    wrote:<br>
                  </div>
                </div>
                <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                  <div>
                    <div>
                      <div style="word-wrap:break-word">Thunder Thunder
                        Thunderů ok maybe you were not a Thundercats
                        fanů but we know you LOVE OWASP
                        <div><br>
                        </div>
                        <div>We are doing a experiment with THUNDERCLAP
                          to raise awareness and would like your help
                          worldwide.</div>
                        <div><br>
                        </div>
                        <div><a href="https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc" target="_blank">https://www.thunderclap.it/projects/6403-hackers-hit-time-square-nyc</a><br>
                          <div>
                            <div><br>
                            </div>
                            <div>
                              <div>
                                <div>Thank you in advance for helping
                                  spread the word about the missioná
                                </div>
                                <br>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                      <br>
                    </div>
                  </div>
                  _______________________________________________<br>
                  OWASP-Leaders mailing list<br>
                  <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
                  <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
                  <br>
                </blockquote>
              </div>
              <br>
            </div>
            <br>
            _______________________________________________<br>
            OWASP-Leaders mailing list<br>
            <a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a><br>
            <a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
OWASP-Leaders mailing list
<a href="mailto:OWASP-Leaders@lists.owasp.org" target="_blank">OWASP-Leaders@lists.owasp.org</a>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-leaders" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-leaders</a>
</pre>
    </blockquote>
    <br>
  </div>

</blockquote></div><br></div></div></div>