Slashdot Mirror

← Back to Stories (view on slashdot.org)

NY Comic Con Takes Over Attendees' Twitter Accounts To Praise Itself

Posted by timothy on from the you're-loving-it dept.

Okian Warrior writes "Attendees to this year's New York Comic Con convention were allowed to pre-register their RFID-enabled badges online and connect their social media profiles to their badges — something, the NYCC registration site explained, that would make the 'NYCC experience 100x cooler! For realz.' Most attendees didn't expect "100x cooler" to translate into 'we'll post spam in your feed as soon as the RFID badge senses that you've entered the show,' but that seems to be what happened."

28 of 150 comments (clear)

  1. Ooops! Sorry by Anonymous Coward · · Score: 5, Insightful

    ReedPop's apology was insincere and showed no remorsefulness. They've done it before and they'll do it again.

    Morale of the story: don't use your social media accounts for any type of authentication.

    1. Re:Ooops! Sorry by Joining+Yet+Again · · Score: 5, Funny

      Morale of the story: low.

    2. Re:Ooops! Sorry by Nerdfest · · Score: 4, Informative

      When you use your Twitter account for authentication, it doesn't need to be authorised for tweeting. You only need to avoid places that request that permission.

    3. Re:Ooops! Sorry by Jawnn · · Score: 4, Insightful

      Well..., yeah. But that's asking an awful lot of a great many Twitter users.

    4. Re:Ooops! Sorry by Anonymous Coward · · Score: 4, Insightful

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

    5. Re:Ooops! Sorry by gl4ss · · Score: 5, Informative

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

      more importantly YOU CAN NOT give just partial access to an app in twitter. you either give it all it's requesting or nothing and you can not go into your app settings and change. you can only revoke the whole app.

      but the guys attending should really have smelled something funny when they were requesting post permissions along with other perms.

      --
      world was created 5 seconds before this post as it is.
    6. Re:Ooops! Sorry by hawguy · · Score: 4, Interesting

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

      When you grant a third party access to sent Tweets on your behalf, don't you click through a warning telling you that? Why would you give a convention permission to send Tweets as you, and if you do, why would you be surprised when they do?

    7. Re:Ooops! Sorry by Rich0 · · Score: 5, Informative

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

      When you grant a third party access to sent Tweets on your behalf, don't you click through a warning telling you that? Why would you give a convention permission to send Tweets as you, and if you do, why would you be surprised when they do?

      The problem is that there is a growing trend towards letting apps request permissions, and then giving the user two choices - accept all the permissions the app requests, or don't use the app at all. That is true of many online services, and it is true of Android as well (and likely other mobile OSes).

      The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality. I'd probably go a step further and not make it possible for the application to know what permissions were granted, so that app authors don't just force the all-or-nothing situation back on users by refusing to run if full permissions are not granted. 99% of the time partial permissions only cause failure modes that the application has to handle gracefully anyway (no access to contacts is no different than a user who has no contacts, no access to location/network is no different than a user in a building, etc).

      The all-or-nothing approach just gives app authors a club to hit users with - it puts the app author in control of the device, and not the user. Not running mobile apps really isn't an acceptable alternative.

    8. Re:Ooops! Sorry by Anonymous Coward · · Score: 4, Informative

      iOS does it on a permission as needed basis. Twitter wants to use my location? Okay, I'm fine with my tweets indicating my location. Twitter wants to use my contacts? No, thank you Twitter, I'll spam people myself.

    9. Re:Ooops! Sorry by Anonymous Coward · · Score: 4, Informative

      The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality.

      You know what security model you're referring to? Blackberry.

      My ancient (2 year old) blackberry lets me selectively grant or deny application permissions on a granular basis. I can even selectively grant or deny network connectivity, so that an application can connect to an ip address using https, but can't connect to a different ip address by http.

      The Blackberry security model has been thought out by some very smart people at RIM.

      Unfortunately, the market really doesn't seem interested in security, even as more people put their entire life on their smartphone.

      Sad.

  2. Slashdot is Great! by Hominy+Chef · · Score: 3, Funny

    Slashdot is amazing!

    --
    Revenge is a dish best served cold -- grits should be served hot!
  3. And Nerds, please, shower! by SternisheFan · · Score: 4, Interesting
    In a message pasted on the event’s official website, Comic Con demands that nerdy attendees wash themselves and use deodorant after they emerge from their moms’ basements to attend the event.In a message pasted on the event’s official website, Comic Con demands that nerdy attendees wash themselves and use deodorant after they emerge from their moms’ basements to attend the event.

    Apparently this is such a problem Comic Con listed “shower” as item No. 3 on its event “survival” checklist.

    “Things tend to get hot at NYCC with so many fans around and you don’t want to be the stinky one!” the organizers wrote. “Do everyone a favor and shower before and wear clean clothes!”

    Apparently this is such a problem Comic Con listed “shower” as item No. 3 on its event “survival” checklist.

    “Things tend to get hot at NYCC with so many fans around and you don’t want to be the stinky one!” the organizers wrote. “Do everyone a favor and shower before and wear clean clothes!” http://nypost.com/2013/10/10/comic-con-plea-shower/

    1. Re:And Nerds, please, shower! by couchslug · · Score: 3, Informative

      It's not Flamebait since it's the truth!

      Clicky da linky before modding.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  4. Re:Prosecute them ... by Barny · · Score: 4, Insightful

    The people allowed the app, complete with special warning, to 'post tweets on their behalf'.

    There comes a time in your life where you take responsibility for your own actions. For the most part, we call this adulthood.

    --
    ...
    /me sighs
  5. Stupid users to lazy to read by mark-t · · Score: 4, Insightful

    When you connect your social media account to somethiing, it's reasonable to expect that every permission that they describe they are requesting they are actually going to use. If you're not comfortable with this, then don't connect the account to the service. Period.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Stupid users to lazy to read by wisnoskij · · Score: 2

      What I like about Facebook is I can allow an external service to post to my wall, so only I can see it.
      Twitter, as far I I know, does not give you that freedom to trick these spammers.

      --
      Troll is not a replacement for I disagree.
    2. Re:Stupid users to lazy to read by Rich0 · · Score: 4, Insightful

      If you're not comfortable with this, then don't connect the account to the service. Period.

      Why does it need to be this way? Why not give the user granular access to permissions? Platforms like Twitter/Android/etc give way too much control to apps and not enough to the user - the user shouldn't be given all-or-nothing choices like this.

    3. Re:Stupid users to lazy to read by mark-t · · Score: 2

      If you can do that, then that's fine... often with these types of things, it's an all-or-nothing deal.... if you don't give them permission for everything they've asked for, you can't connect your account to the site. My point is that there's just so many people don't even read what's right in front of their own faces when permission is being explicitly asked for, and then they are all shocked and upset when something they didn't expect actually happens...

      I dunno... call me an unsympathetic boob, I guess... but I actually read that stuff.... sure, I can be fairly confident that they aren't asking for anything illegal (and would have legal remedy available to me if they were), but that doesn't necessarily mean they aren't asking me for information or permissions I ordinarily would be uncomfortable with.

      --
      File under 'M' for 'Manic ranting'
    4. Re:Stupid users to lazy to read by mark-t · · Score: 2

      True, they don't need to do that, and they shouldn't be trying to get the user's permission to publish on their behalf. In the end, however, the users still did click through and agree to those terms.

      I'd click cancel the instant that I saw that kind of required permission on any third party service that wanted to connect to my online social network.... as I said, if they are asking for a permission, then there's every reason to expect that they will use it somehow. If one doesn't know how they will use it, then they need to ask someone to find out.... or, just cross their fingers, and hope that they won't. Call me a hardass, but I don't have much sympathy for people who do the latter.

      --
      File under 'M' for 'Manic ranting'
  6. Re:Prosecute them ... by Rambo+Tribble · · Score: 2, Informative

    An established principle in the law is that there are certain rights you cannot sign away. For instance, you cannot legally, voluntarily or otherwise, enter into slavery in the United States of America. It remains for the courts to decide if one's identity is one of those rights. Prosecute them.

  7. Re:Prosecute them ... by Oligonicella · · Score: 4, Insightful

    But they didn't steal an identity. Just requested allowance to post on a Twitter feed. Unless they did something other than what the article said, there's no identity theft going on. Giving someone access to use your broadcast mechanism is hardly equal to slavery.

  8. "hawkguy is at nycc" vs. their lies. abused access by raymorris · · Score: 4, Interesting

    In the few cases an app has posted on my social media accounts, it's been a benign (and true) message like "raymorris is at NY Comic Con". That's what a respectable organization might do and what I'd expect from a company that wants to keep my business.

    On the other hand, what they did is misleading and they are assholes for doing it. Just because I give someone access to something doesn't excuse them for abusing that access. One of my employees has access to the company checkbook. If she abuses that access she could go to jail.

  9. Re:Prosecute them ... by Mitreya · · Score: 3, Insightful

    The people allowed the app, complete with special warning, to 'post tweets on their behalf'.

    Problem is, there is no way to say "install the app, but block all tweet-related permissions"

    Can't install anything on Android nowdays. Each app wants permissions to make phone calls, take pictures with your camera (without your knowledge, not just while it is used) or read address book and current phone state. No good reason for the app to want this, but no way to install without allowing everything the app asks for.

  10. Ok by The+Cat · · Score: 2

    Spam is:

    1. Unsolicited
    2. Commercial
    3. Bulk
    4. Off-topic

    It must be all four or it is not spam.

    And yep, I was on the Internet when the term was invented.

    It is impossible for anything posted to a Twitter feed to be spam, since seeing it requires you to follow that feed. That fails the first test, therefore it is not spam. Case closed, end of discussion.

    Learn what the word means before you use it. Spam is not "anything I don't want to read."

    1. Re:Ok by Daniel+Dvorkin · · Score: 3, Insightful

      It is impossible for anything posted to a Twitter feed to be spam, since seeing it requires you to follow that feed.

      By that logic, it is impossible for anything posted in a newsgroup to be spam, since seeing it requires you to read that newsgroup. Which is a pretty silly interpretation, given the history involved.

      You're not the only person here who "was on the Internet when the term was invented," you know.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
  11. Re:"hawkguy is at nycc" vs. their lies. abused acc by tverbeek · · Score: 2

    NYCC's mistake was to jump ahead to what they'd be able to get away with in a few years. If they'd kept the tweets "benign (and true)" as you suggest, people would've squawked briefly, but gotten over it and accepted it as "the new normal" for businesses to tweet bland ads in their feed. (One step beyond what Facebook already does with their "Ray Morris likes Starbucks" ads.) Then, in 2 or 3 years, when the ads started to get more huckstery and misleading, they'd probably get away with that too. The secret to boiling a live frog is to turn the temperature up slowly.

    --
    http://alternatives.rzero.com/
  12. Current Trend by theshowmecanuck · · Score: 3, Insightful

    Morale of the story: don't use your social media accounts for any type of authentication

    I just finished up at a company that creates mobile apps for clients (under contract). Pretty much every app being made now (by all companies not just the one I worked at) uses at least one of your social media accounts to log in. It saves them from having to create and manage their own authentication mechanism. It also saves them from lawsuits etc if and when someone hacks their user database and steals the information because they don't want to spend the money to create a reliably safe user/security system themselves (or on the other hand if they just aren't bright enough to).

    So good luck with that, at least for now. And the truth is, most users aren't bright enough to understand the consequences of allowing any and every app out there access to their social media accounts and potentially a tonne of their personal data. That, with only the trust of the company that build the app's integrity because they said they might have one in the copy on the page. Meanwhile the one thousand line user agreement designed to cover their ass no matter what they do says they can change their mind without telling you. Or after you are so committed to it that psychologically you can't break free... kind of like Google wanting to suddenly use all your profile information in advertisements. Now I understand why they wanted so much to get people to change their usernames to their real names. It wasn't for protection. Glad I didn't change mine.

    --
    -- I ignore anonymous replies to my comments and postings.
  13. Re:"hawkguy is at nycc" vs. their lies. abused acc by NoMaster · · Score: 4, Insightful

    In ten pages of google scholar results, I couldn't find a single one where someone had actually performed the famous "boiling frog experiment."

    Sedgwick, W.T., 1888, On Variations Of Reflex-Exciteablilty In The Frog, Induced By Changes Of Temperature. Studies From The Biological Laboratory, pp385-410.

    --
    What part of "a well regulated militia" do you not understand?