Slashdot Mirror

← Back to Stories (view on slashdot.org)

NY Comic Con Takes Over Attendees' Twitter Accounts To Praise Itself

Posted by timothy on from the you're-loving-it dept.

Okian Warrior writes "Attendees to this year's New York Comic Con convention were allowed to pre-register their RFID-enabled badges online and connect their social media profiles to their badges — something, the NYCC registration site explained, that would make the 'NYCC experience 100x cooler! For realz.' Most attendees didn't expect "100x cooler" to translate into 'we'll post spam in your feed as soon as the RFID badge senses that you've entered the show,' but that seems to be what happened."

4 of 150 comments (clear)

  1. Ooops! Sorry by Anonymous Coward · · Score: 5, Insightful

    ReedPop's apology was insincere and showed no remorsefulness. They've done it before and they'll do it again.

    Morale of the story: don't use your social media accounts for any type of authentication.

    1. Re:Ooops! Sorry by Joining+Yet+Again · · Score: 5, Funny

      Morale of the story: low.

    2. Re:Ooops! Sorry by gl4ss · · Score: 5, Informative

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

      more importantly YOU CAN NOT give just partial access to an app in twitter. you either give it all it's requesting or nothing and you can not go into your app settings and change. you can only revoke the whole app.

      but the guys attending should really have smelled something funny when they were requesting post permissions along with other perms.

      --
      world was created 5 seconds before this post as it is.
    3. Re:Ooops! Sorry by Rich0 · · Score: 5, Informative

      They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

      When you grant a third party access to sent Tweets on your behalf, don't you click through a warning telling you that? Why would you give a convention permission to send Tweets as you, and if you do, why would you be surprised when they do?

      The problem is that there is a growing trend towards letting apps request permissions, and then giving the user two choices - accept all the permissions the app requests, or don't use the app at all. That is true of many online services, and it is true of Android as well (and likely other mobile OSes).

      The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality. I'd probably go a step further and not make it possible for the application to know what permissions were granted, so that app authors don't just force the all-or-nothing situation back on users by refusing to run if full permissions are not granted. 99% of the time partial permissions only cause failure modes that the application has to handle gracefully anyway (no access to contacts is no different than a user who has no contacts, no access to location/network is no different than a user in a building, etc).

      The all-or-nothing approach just gives app authors a club to hit users with - it puts the app author in control of the device, and not the user. Not running mobile apps really isn't an acceptable alternative.