Forgot your password?
typodupeerror
Spam Advertising Social Networks Twitter Your Rights Online

NY Comic Con Takes Over Attendees' Twitter Accounts To Praise Itself 150

Posted by timothy
from the you're-loving-it dept.
Okian Warrior writes "Attendees to this year's New York Comic Con convention were allowed to pre-register their RFID-enabled badges online and connect their social media profiles to their badges — something, the NYCC registration site explained, that would make the 'NYCC experience 100x cooler! For realz.' Most attendees didn't expect "100x cooler" to translate into 'we'll post spam in your feed as soon as the RFID badge senses that you've entered the show,' but that seems to be what happened."
This discussion has been archived. No new comments can be posted.

NY Comic Con Takes Over Attendees' Twitter Accounts To Praise Itself

Comments Filter:
  • Ooops! Sorry (Score:5, Insightful)

    by Anonymous Coward on Saturday October 12, 2013 @09:28AM (#45108097)

    ReedPop's apology was insincere and showed no remorsefulness. They've done it before and they'll do it again.

    Morale of the story: don't use your social media accounts for any type of authentication.

    • by Joining Yet Again (2992179) on Saturday October 12, 2013 @09:29AM (#45108103)

      Morale of the story: low.

    • Re:Ooops! Sorry (Score:5, Informative)

      by Nerdfest (867930) on Saturday October 12, 2013 @09:31AM (#45108113)

      When you use your Twitter account for authentication, it doesn't need to be authorised for tweeting. You only need to avoid places that request that permission.

      • Re:Ooops! Sorry (Score:5, Insightful)

        by Jawnn (445279) on Saturday October 12, 2013 @09:35AM (#45108129)
        Well..., yeah. But that's asking an awful lot of a great many Twitter users.
      • Re:Ooops! Sorry (Score:4, Insightful)

        by Anonymous Coward on Saturday October 12, 2013 @09:35AM (#45108131)

        They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

        • Re:Ooops! Sorry (Score:5, Informative)

          by gl4ss (559668) on Saturday October 12, 2013 @09:45AM (#45108175) Homepage Journal

          They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

          more importantly YOU CAN NOT give just partial access to an app in twitter. you either give it all it's requesting or nothing and you can not go into your app settings and change. you can only revoke the whole app.

          but the guys attending should really have smelled something funny when they were requesting post permissions along with other perms.

          • by peragrin (659227)

            funny the same thing is true of android and that practice gets defended on /.

          • every time I use twitter to authenticate somewhere else, they always request everything but reading private messages and changing your password.

        • Re:Ooops! Sorry (Score:5, Interesting)

          by hawguy (1600213) on Saturday October 12, 2013 @09:46AM (#45108177)

          They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

          When you grant a third party access to sent Tweets on your behalf, don't you click through a warning telling you that? Why would you give a convention permission to send Tweets as you, and if you do, why would you be surprised when they do?

          • Re:Ooops! Sorry (Score:5, Informative)

            by Rich0 (548339) on Saturday October 12, 2013 @10:47AM (#45108407) Homepage

            They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

            When you grant a third party access to sent Tweets on your behalf, don't you click through a warning telling you that? Why would you give a convention permission to send Tweets as you, and if you do, why would you be surprised when they do?

            The problem is that there is a growing trend towards letting apps request permissions, and then giving the user two choices - accept all the permissions the app requests, or don't use the app at all. That is true of many online services, and it is true of Android as well (and likely other mobile OSes).

            The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality. I'd probably go a step further and not make it possible for the application to know what permissions were granted, so that app authors don't just force the all-or-nothing situation back on users by refusing to run if full permissions are not granted. 99% of the time partial permissions only cause failure modes that the application has to handle gracefully anyway (no access to contacts is no different than a user who has no contacts, no access to location/network is no different than a user in a building, etc).

            The all-or-nothing approach just gives app authors a club to hit users with - it puts the app author in control of the device, and not the user. Not running mobile apps really isn't an acceptable alternative.

            • by RoboRay (735839)
              The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality.

              If you take control of your device rather than allowing your service provider or the OEM to control it, you can do just that. On my rooted Android devices, I revoke any permissions that I don't want an app to have.
            • Re:Ooops! Sorry (Score:4, Informative)

              by Anonymous Coward on Saturday October 12, 2013 @12:37PM (#45108993)

              iOS does it on a permission as needed basis. Twitter wants to use my location? Okay, I'm fine with my tweets indicating my location. Twitter wants to use my contacts? No, thank you Twitter, I'll spam people myself.

              • by Kalriath (849904)

                Only a very limited subset of permissions though. Microphone, location, contacts, photos. You can't revoke an app's internet access, camera access, file system access, bluetooth access, and so on - all permissions the app developer demands in the applications .pinfo, and which you have no choice to grant or deny.

                • by mattack2 (1165421)

                  I don't know about the other issues, so don't consider my not mentioning them as agreeing with you.

                  As for "file system access", every app is sandboxed, and can only generally access files within its app. Yes, I said generally, there are photo & music access APIs, but at least for music, I believe it's read only.. You don't have access to the entire device's filesystem.

            • Re:Ooops! Sorry (Score:4, Informative)

              by Anonymous Coward on Saturday October 12, 2013 @12:47PM (#45109049)

              The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality.

              You know what security model you're referring to? Blackberry.

              My ancient (2 year old) blackberry lets me selectively grant or deny application permissions on a granular basis. I can even selectively grant or deny network connectivity, so that an application can connect to an ip address using https, but can't connect to a different ip address by http.

              The Blackberry security model has been thought out by some very smart people at RIM.

              Unfortunately, the market really doesn't seem interested in security, even as more people put their entire life on their smartphone.

              Sad.

              • well, I would say they aren't interested in a very secure, obsolete smartphone.

                Up until what, 8 months ago, they were selling 3 year old technology with a 5 or more year old operating system, and then they released a brand new, buggy OS on 2 year old technology. Without a keyboard [which was the primary reason most people were still using BlackBerries].

              • by KZigurs (638781)

                Funnily enough it comes from the fact that first blackberry devices were based on J2ME - something which had granular permissions baked in pretty much since day one (not all manufacturers handled them properly, but most majors did without a blip).

            • by h4nk (1236654)
              Spamming a person's feed may in fact be a violation of Twitter's broadcast terms: http://support.twitter.com/entries/114233 [twitter.com]
            • by mysidia (191772)

              The better solution is to allow the application to request a default list of permissions, and then give the user the opportunity to accept or modify them. The application would still work if the permissions are modified, though with limited functionality.

              I would go further, and say instead of just "letting the user modify"; provide the user a list of checkboxes for the permissions the app requests.

              By default none of the boxes are checked. The user is to tick the box corresponding to the p

          • by raymorris (2726007) on Saturday October 12, 2013 @11:43AM (#45108691)

            In the few cases an app has posted on my social media accounts, it's been a benign (and true) message like "raymorris is at NY Comic Con". That's what a respectable organization might do and what I'd expect from a company that wants to keep my business.

            On the other hand, what they did is misleading and they are assholes for doing it. Just because I give someone access to something doesn't excuse them for abusing that access. One of my employees has access to the company checkbook. If she abuses that access she could go to jail.

        • So you are saying that to attend this event, you needed to hand over your twitter username and password? No exceptions, or opt-outs?

        • They didn't "ask" for permission. They inferred it from people providing their twitter account info. There wasn't even an "opt-out" option because people didn't know this was going to happen.

          Of course, because if they *had* asked, I imagine the answer would have always been "no" - unless you're someone that likes other people putting words in your mouth. I'm sure ReedPop was operating under the idea that it's easier to ask for forgiveness than permission - or they're just dicks.

      • When you use your Twitter account for authentication, it doesn't need to be authorised for tweeting. You only need to avoid places that request that permission.

        One gets the impression that NYCC was...tactful... in eliding exactly what level of privilege delegation users were clicking through, and certainly less than forthright about how those privileges would be put to use.

        • by Anonymous Coward

          When you use your Twitter account for authentication, it doesn't need to be authorised for tweeting. You only need to avoid places that request that permission.

          One gets the impression that NYCC was...tactful... in eliding exactly what level of privilege delegation users were clicking through, and certainly less than forthright about how those privileges would be put to use.

          There's not much "tactful" about this screen (sample image):

          http://readwrite.com/files/files/files/images/twitter-new-oauth-4-28.png

          NYCC are dicks for doing this, but the users in question are STOOPID DICKS for clicking "Authorize App" on shit without reading it.

          • ...but the users in question are STOOPID DICKS for clicking "Authorize App" on shit without reading it.

            Absofuckinglutely! Shocking behaviour on the part of the advertiser, but greatly enabled by idiot users. They can't even argue this was buried in 6 pages of legalese - it's right there in front of them in a short bulleted list.

    • ReedPop's apology was insincere and showed no remorsefulness. They've done it before and they'll do it again.

      Morale of the story: don't use your social media accounts for any type of authentication.

      Would you expect the sort of abhuman scum who would pull a stunt like this to even be capable of comprehending the concepts of 'sincerity' or 'remorse'? Not only do they not exhibit them, they probably don't possess them, and may not even have the cognitive mechanisms required to acquire an understanding of them.

      "we were probably too enthusiastic in our messaging and eagerness to spread the good word about NYCC. We have since shut down this service completely and apologize for any perceived overstep"

      I thought that that sort of invasive narcissism was only found among inebriated 'pick-up artists' trying to avoid going home alone toward the end of an evening...

    • by Anonymous Coward

      ReedPop's apology was insincere and showed no remorsefulness. They've done it before and they'll do it again.

      Sounds like they doubled the wrong vowel in their name.

    • Current Trend (Score:4, Insightful)

      by theshowmecanuck (703852) on Saturday October 12, 2013 @02:45PM (#45109771) Journal

      Morale of the story: don't use your social media accounts for any type of authentication

      I just finished up at a company that creates mobile apps for clients (under contract). Pretty much every app being made now (by all companies not just the one I worked at) uses at least one of your social media accounts to log in. It saves them from having to create and manage their own authentication mechanism. It also saves them from lawsuits etc if and when someone hacks their user database and steals the information because they don't want to spend the money to create a reliably safe user/security system themselves (or on the other hand if they just aren't bright enough to).

      So good luck with that, at least for now. And the truth is, most users aren't bright enough to understand the consequences of allowing any and every app out there access to their social media accounts and potentially a tonne of their personal data. That, with only the trust of the company that build the app's integrity because they said they might have one in the copy on the page. Meanwhile the one thousand line user agreement designed to cover their ass no matter what they do says they can change their mind without telling you. Or after you are so committed to it that psychologically you can't break free... kind of like Google wanting to suddenly use all your profile information in advertisements. Now I understand why they wanted so much to get people to change their usernames to their real names. It wasn't for protection. Glad I didn't change mine.

  • by Anonymous Coward

    I'll blame the users if they never checked what "connecting to twitter account" means.

  • by Hominy Chef (181046) on Saturday October 12, 2013 @09:35AM (#45108127)

    Slashdot is amazing!

  • by SternisheFan (2529412) on Saturday October 12, 2013 @09:48AM (#45108197)
    In a message pasted on the event’s official website, Comic Con demands that nerdy attendees wash themselves and use deodorant after they emerge from their moms’ basements to attend the event.In a message pasted on the event’s official website, Comic Con demands that nerdy attendees wash themselves and use deodorant after they emerge from their moms’ basements to attend the event.

    Apparently this is such a problem Comic Con listed “shower” as item No. 3 on its event “survival” checklist.

    “Things tend to get hot at NYCC with so many fans around and you don’t want to be the stinky one!” the organizers wrote. “Do everyone a favor and shower before and wear clean clothes!”

    Apparently this is such a problem Comic Con listed “shower” as item No. 3 on its event “survival” checklist.

    “Things tend to get hot at NYCC with so many fans around and you don’t want to be the stinky one!” the organizers wrote. “Do everyone a favor and shower before and wear clean clothes!” http://nypost.com/2013/10/10/comic-con-plea-shower/ [nypost.com]

  • ... for identity theft. Period.
    • by Barny (103770) <bakadamage-slashdot@yahoo.com> on Saturday October 12, 2013 @10:16AM (#45108283) Homepage Journal

      The people allowed the app, complete with special warning, to 'post tweets on their behalf'.

      There comes a time in your life where you take responsibility for your own actions. For the most part, we call this adulthood.

      • Re: (Score:2, Informative)

        An established principle in the law is that there are certain rights you cannot sign away. For instance, you cannot legally, voluntarily or otherwise, enter into slavery in the United States of America. It remains for the courts to decide if one's identity is one of those rights. Prosecute them.
        • by Oligonicella (659917) on Saturday October 12, 2013 @10:42AM (#45108381)
          But they didn't steal an identity. Just requested allowance to post on a Twitter feed. Unless they did something other than what the article said, there's no identity theft going on. Giving someone access to use your broadcast mechanism is hardly equal to slavery.
          • Someone cannot apply for credit, file their taxes, or vote under another's identity, even with the rightful identity holder's complicity. The people whose identities were hijacked were not the only victims here, by any means. Those who read the posts were deliberately given the impression that the individual posts were the product of the person whose identity was attached to the post. That's fraud. Prosecute them.
            • by russotto (537200)

              Someone cannot apply for credit, file their taxes, or vote under another's identity, even with the rightful identity holder's complicity.

              That's only true for voting. You can delegate someone else to file taxes on your behalf (though if they are paid for it they have to sign off as well), and you can give someone power of attorney which would allow them to apply for credit on your behalf.

              • They can do those things on your behalf, but it must be so stated, legally and formally and they may not assume your identity to do so. They must do so under their own identity, on your behalf.
        • Re: (Score:2, Interesting)

          by jmac_the_man (1612215)
          Here's the flaw with that logic. Look at this comment. Whose words is it? Mine, jmac_the_man, and as Slashdot puts it at the bottom of the screen, "Comments owned by the poster." But who is saying it? Slashdot is repeating these words to you (it's their servers, after all), and attributing them to me.

          Now, it's implicit (and probably explicit too) in the Slashdot ToS (and the user's expectations) that Slashdot gets to repeat back anything I type into the comment box, and further, that they get to attribute

          • What your are describing is a situation where the word posted did, in fact, originate with you; you simply want to disown them after the fact. That is substantially different than the case where the words did not originate with you and you were given no opportunity to vet them before they were assigned to you.
        • by Ksevio (865461)
          Are you really comparing someone being forced into slavery with a company sending a tweet using a person's twitter handle?
          • No, that was just an example of a right you can't sign away. Indeed, a closer analogy would be indentured servitude, a contract that was "freely" entered into, but wherein one relinquished one's rights as an individual, for a specified period. Note that it was the same stroke of the pen that eliminated slavery, which also eliminated indentured servitude .
        • by retchdog (1319261)

          People like you cheapen the meaning of everything.

          There's also an established principle in the law where you have to be able to show some kind of harm or imminent harm in order to sue. You would be laughed out of court.

          Your principle is absurd, and would make ghostwriting [wikipedia.org] a form of fraud.

          • Harm to one's reputation or public image is a demonstrable and prosecutable harm. If one were to enjoy a reputation as a sensible and judicious person, some of the comments I've seen, which were purported to be the postings in question, would do harm to it.

            Your comment does draw further attention to the potential harm that might befall the readers of such postings, who would have been wilfully mislead.

            In ghost writing the individual for whom the writing service is provided has knowledge of the product and

            • by retchdog (1319261)

              Well, in this case, they did agree in advance, quite clearly, when the app asked for privileges. The analogy would be hiring a ghostwriter with an agreement to not exercise editorial control, which is just fine (barring cases of libel). In fact, that's almost exactly what they did.

              Yes, significant harm to reputation is actionable. This is insignificant.

              As an aside, wouldn't making an agreement to allow an unknown third party to post anything on one's behalf make one, ipso facto, not a sensible and judicious

              • While you may have a point regarding the act of giving such permission being an indictment against one's judiciousness, that has no immediate bearing on whether one has such a reputation in the first place.

                Obviously, significance is in the eye of the reputation holder, potentially to be determined by the court.

                The real point is making this an expensive enough episode for the perpetrators to discourage such behavior in the future. By most accounts, it came as a surprise to the victims that postings had bee

      • by Mitreya (579078) <<moc.liamg> <ta> <ayertim>> on Saturday October 12, 2013 @12:14PM (#45108859)

        The people allowed the app, complete with special warning, to 'post tweets on their behalf'.

        Problem is, there is no way to say "install the app, but block all tweet-related permissions"

        Can't install anything on Android nowdays. Each app wants permissions to make phone calls, take pictures with your camera (without your knowledge, not just while it is used) or read address book and current phone state. No good reason for the app to want this, but no way to install without allowing everything the app asks for.

        • by preflex (1840068)

          Can't install anything on Android nowdays. Each app wants permissions to make phone calls, take pictures with your camera (without your knowledge, not just while it is used) or read address book and current phone state. No good reason for the app to want this, but no way to install without allowing everything the app asks for.

          There are several ways to install Android applications without allowing everything the app asks for. The best one is called openpdroid [xda-developers.com].

        • Then don't let them?The app stores tell you before you install what permissions an app wants. If every grocery store in town decided you had to have a prostate exam given by the cashier before you could shop there would you just shrug your shoulders and say, "oh well, nothing we can do"?

          There are plenty of ways to secure apps on your phone once you have rooted it.
      • by gman003 (1693318)

        An app that allows you to write and publish a tweet through it, or an app that allows you to tweet things at your choosing (eg. "share this with your Twitter followers"), requires the same permissions. And that is probably what most people expected - the app would, say, have a listing of all the booths and such, and allow you, among other things, to send "I'm at the _____" tweets. Nobody really expects an app to just send out advertising tweets. This is perhaps a flaw in the permissions system, having two v

  • Nerds (Score:1, Funny)

    Let's face it, we are talking nerds, so in some sense no real harm was done, just maintaining the pecking order.
  • by mark-t (151149) <markt@lynx . b c.ca> on Saturday October 12, 2013 @10:19AM (#45108297) Journal
    When you connect your social media account to somethiing, it's reasonable to expect that every permission that they describe they are requesting they are actually going to use. If you're not comfortable with this, then don't connect the account to the service. Period.
    • What I like about Facebook is I can allow an external service to post to my wall, so only I can see it.
      Twitter, as far I I know, does not give you that freedom to trick these spammers.

      • by mark-t (151149)
        Fair point... but when the service is first connecting to your account on the social site, it does, at least in my experience, always tell you exactly what permissions are being asked for. If there's any that you're not happy with, then you probably shouldn't be giving permission in the first place. If you can, after the fact, go and adjust those permissions so that they only impact you personally, that' might be okay, but if the service tries to use your account as soon as you've connected to it, then t
    • by Rich0 (548339) on Saturday October 12, 2013 @10:49AM (#45108413) Homepage

      If you're not comfortable with this, then don't connect the account to the service. Period.

      Why does it need to be this way? Why not give the user granular access to permissions? Platforms like Twitter/Android/etc give way too much control to apps and not enough to the user - the user shouldn't be given all-or-nothing choices like this.

      • by mark-t (151149)

        If you can do that, then that's fine... often with these types of things, it's an all-or-nothing deal.... if you don't give them permission for everything they've asked for, you can't connect your account to the site. My point is that there's just so many people don't even read what's right in front of their own faces when permission is being explicitly asked for, and then they are all shocked and upset when something they didn't expect actually happens...

        I dunno... call me an unsympathetic boob, I gue

        • by peragrin (659227)

          Hmm people not reading fine print of legalese because it is annoying useless, and you can't use the new shiny anyways and in software you can't even get a refund.

          In a world where bleach bottles have to say do not drink, hair dyers come with warnings for external use only, Fireplaces come with warnings that say may get HOT.

          Do you really think people read legalese? Besides if you want to use that app you have to sign up for it. you can ignore the new app but then your not part of the social scene.

      • by retchdog (1319261)

        oh christ, it wouldn't help. people would just clamor for granularity on the level of "allow the app to post for me, but only if it makes me look cool, according to undefined standards decided retroactively by the twitter mob," and then be shocked (shocked!) when this convention is breached.

      • Because they have something people want and that allows them to negotiate from a position of strength. Pretty basic concept.
      • by houghi (78078)

        The reason they do this is because the user is the product they are selling.

    • Well, true. On the flip side, if I may make an analogy, just because I let some painters into my house doesn't mean they can do whatever they want inside. Still, the thing that really irritates me is Comic Con doesn't HAVE to do this. Their tickets sold out almost instantly. Even con volunteers had difficulty getting in. Why in blazes do they have to act like some shady spammer desperate to get noticed?

      • by mark-t (151149)

        True, they don't need to do that, and they shouldn't be trying to get the user's permission to publish on their behalf. In the end, however, the users still did click through and agree to those terms.

        I'd click cancel the instant that I saw that kind of required permission on any third party service that wanted to connect to my online social network.... as I said, if they are asking for a permission, then there's every reason to expect that they will use it somehow. If one doesn't know how they will use

  • by Anonymous Coward

    I actually pioneered the use of this technology at Bonaroo of 2011. My company brought the use of rfid to the concert and event seen as tickets and eventually added social integration and cashless solutions. We used it at the largest festivals across north America and many oversees including Coachella, Austin city limits, Quebec summer music festival and lollapalooza. The stuff we could do with social media always had possibilities, but the event organisers only ever used it for posting generally lame "thi

    • by Anonymous Coward

      So, was being a contractor on the Death Star your side job, or was it your primary employment before it was destroyed?

      I ask because I wonder how difficult it is to locate jobs to assist in the creation of technologies that will obviously be used for evil, yet still allow one to retain some plausible deniability. There's always some far-fetched scenario where this shit could be used for good... even the Death Star. It's still self-delusion, though.

      Good luck on your future endeavors. I bet the NSA is hiring;

  • by The Cat (19816) *

    Spam is:

    1. Unsolicited
    2. Commercial
    3. Bulk
    4. Off-topic

    It must be all four or it is not spam.

    And yep, I was on the Internet when the term was invented.

    It is impossible for anything posted to a Twitter feed to be spam, since seeing it requires you to follow that feed. That fails the first test, therefore it is not spam. Case closed, end of discussion.

    Learn what the word means before you use it. Spam is not "anything I don't want to read."

    • Re:Ok (Score:4, Insightful)

      by Daniel Dvorkin (106857) on Saturday October 12, 2013 @12:34PM (#45108977) Homepage Journal

      It is impossible for anything posted to a Twitter feed to be spam, since seeing it requires you to follow that feed.

      By that logic, it is impossible for anything posted in a newsgroup to be spam, since seeing it requires you to read that newsgroup. Which is a pretty silly interpretation, given the history involved.

      You're not the only person here who "was on the Internet when the term was invented," you know.

    • by Anonymous Coward

      Spam is:

      1. Unsolicited
      2. Commercial
      3. Bulk
      4. Off-topic

      It must be all four or it is not spam.

      And yep, I was on the Internet when the term was invented.

      But were you watching original airings of Monty Python when the term was appropriated?

    • You might have been on the Internet when spam was invented, but it sounds like you haven't used Twitter much.

      Twitter has a feature called "retweet" which, for example, would allow me to post someone else's tweet on my own timeline, thereby allowing users who had not subscribed to the initial feed to see it.

      The other thing is that the English language is a living one; meaning that the precise definition of words can (and do) change over time. The best example I can think of in a computing sense is the word "

  • That's not even 1.2 times cooler.

  • From the second TFA:

    "This isn’t the first time that ReedPop has had trouble with oversharing at this year’s New York Comic Con.

    Last month, it came to light (via WIRED contributor Rachel Edidin) that ReedPop had the shared personal contact information provided by journalists during their press registration — including home phone numbers and addresses — with exhibitors at the show.

    Wow, giving out your home phone numbers (if you were stupid enough to supply them) — are ReedPop

Help me, I'm a prisoner in a Fortune cookie file!

Working...