• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Archived

This topic is now archived and is closed to further replies.

NYCC Hacking Your Twitter...

Started by kaholo1256,

32 posts in this topic

synch

synch

Posted
Posted

I'd honestly consider never going to the con again if that had happened to me what a load of bs I honestly hope they some how get charged for something & I hope people are smart enough to change passwords after this next thing will be the list gets leaked out to hackers some how lol

 

 

Link to comment
Share on other sites
DeliBebek

DeliBebek

Posted
Posted

I certainly don't condone the bad decision on the part of NYCC. Just be a good comic con and people will talk about it on their own. However, people should learn that it's okay to tap "no" or "decline" when an app asks for permissions.

Link to comment
Share on other sites
Comicopolis

Comicopolis

Posted
Posted
I certainly don't condone the bad decision on the part of NYCC. Just be a good comic con and people will talk about it on their own. However, people should learn that it's okay to tap "no" or "decline" when an app asks for permissions.

 

Indeed - no hacking involved.

Link to comment
Share on other sites
Comic_Diva

Comic_Diva

Posted
Posted
If you accept cross-site logins or let apps access your account, you are allowing this type of activity whether it happens or not.

 

The things you see are not as big of a concern as the things you don't see.

Information is being collected about you that has far more potential for bad.

 

DG

 

+1 This is just the information being shared with the public, what you don't know is what they pulled from the accounts while access was granted.

 

I wondered by a con badge needed an RFID chip. Seems sketchy to me.

Link to comment
Share on other sites
comicsnyc22

comicsnyc22

Posted
Posted

Incredibly sketchy, and once more media pick this up, they are going to get railed.

 

Say all you want about consent-- they buried that info for what they were really going to post socially in the small print of their terms and conditions. Not cool.

 

Also, RFID chips are great for social/authentication purposes, but why during the check out? Just to track length of stay, or how many times you checked in during the day? Makes you wonder what else they want to do with the info.

 

Link to comment
Share on other sites
HCE

HCE

Posted
Posted
If you accept cross-site logins or let apps access your account, you are allowing this type of activity whether it happens or not.

Thing is, there's a difference between linking/connecting your social media account and allowing it to post things to your account. Usually those are separate permission levels and you will have a separate option to allow the latter. That was not the case here, NYCC had not asked permission to do what they did.

 

In addition, when people give permission to apps, games, e.t.c. to get info from their account or post things on their behalf, there's a certain expectation to the form it will take. I'm sure most people with a Facebook account have seen updates like "[name] has reached level 3 in Candy Crush" or similar. My wife recently used the "Walking Dead - deadify yourself" app. You can give it access to your Facebook account to easily pull your uploaded images and then when you've finished making yourself into a zombie you can let the app post the finished image to your page. You had to give separate permissions for those two actions and it was clear what was going to happen. There's a big jump from that and putting out messages without express permission, and messages attributing opinions written in the first person to the user in question, no less!

 

Like I said, incredibly ill-conceived. If they know enough about social media to set something like this up, they should also know enough to know that this was overstepping bounds.

Link to comment
Share on other sites
Comicopolis

Comicopolis

Posted
Posted
This social media stuff is getting out of hand!

When did Facebook and Twitter become so all important?

Some of these sites are annoying in that they won`t let you see the page unless you join Facebook!

2c

 

Join :baiting:

Link to comment
Share on other sites
comicsnyc22

comicsnyc22

Posted
Posted
If you accept cross-site logins or let apps access your account, you are allowing this type of activity whether it happens or not.

Thing is, there's a difference between linking/connecting your social media account and allowing it to post things to your account. Usually those are separate permission levels and you will have a separate option to allow the latter. That was not the case here, NYCC had not asked permission to do what they did.

 

In addition, when people give permission to apps, games, e.t.c. to get info from their account or post things on their behalf, there's a certain expectation to the form it will take. I'm sure most people with a Facebook account have seen updates like "[name] has reached level 3 in Candy Crush" or similar. My wife recently used the "Walking Dead - deadify yourself" app. You can give it access to your Facebook account to easily pull your uploaded images and then when you've finished making yourself into a zombie you can let the app post the finished image to your page. You had to give separate permissions for those two actions and it was clear what was going to happen. There's a big jump from that and putting out messages without express permission, and messages attributing opinions written in the first person to the user in question, no less!

 

Like I said, incredibly ill-conceived. If they know enough about social media to set something like this up, they should also know enough to know that this was overstepping bounds.

 

I think that's the alarming thing. I think they just didn't care. It'll be a nice case study and deterrent from other cons to do something similar. Such a stupid move.

Link to comment
Share on other sites
comicwiz

comicwiz

Posted
Posted
If you accept cross-site logins or let apps access your account, you are allowing this type of activity whether it happens or not.

 

The things you see are not as big of a concern as the things you don't see.

Information is being collected about you that has far more potential for bad.

 

DG

 

+1 This is just the information being shared with the public, what you don't know is what they pulled from the accounts while access was granted.

 

I wondered by a con badge needed an RFID chip. Seems sketchy to me.

 

The kind of virtual handshake you are referring to is usually a one-time, testimony-type of response, authored and signed by a brand/company/vendor.

 

Posting in a way that appears like an endorsement authored by an individuals account is hacking:

 

greg-miller-nycc.jpg

 

BIG difference.

Link to comment
Share on other sites
comicsnyc22

comicsnyc22

Posted
Posted
So umm, yeah... What's up with this?

 

NYCC Hacking Twitter...

 

(tsk)

On a completely different note, I'm bothered that we're getting so much of our news from bloggers.

 

Why?

 

Not to take this conversation in a different direction, but there have been multiple examples of journalists from big-tim publications swinging and missing when it comes to breaking news, ongoing stories, etc. Bloggers can be nimble, aren't bogged down by potential politics or conflicts, etc. Some of my favorite journalists are bloggers-- whether they're at mainstream outlets, or self started blogs.

Link to comment
Share on other sites
DeliBebek

DeliBebek

Posted
Posted
So umm, yeah... What's up with this?

 

NYCC Hacking Twitter...

 

(tsk)

On a completely different note, I'm bothered that we're getting so much of our news from bloggers.

 

Why?

 

Not to take this conversation in a different direction, but there have been multiple examples of journalists from big-tim publications swinging and missing when it comes to breaking news, ongoing stories, etc. Bloggers can be nimble, aren't bogged down by potential politics or conflicts, etc. Some of my favorite journalists are bloggers-- whether they're at mainstream outlets, or self started blogs.

The one with this story wasn't bad. There are many that leave me with more questions after reading because there are so many holes in the information they've presented. I'm not saying professional journalists are always better. My problem with blogging is that so many blogs look like news to most people's eyes and too many readers believe the first words they read or hear on any given subject. Everyone wants to be first and fastest with news, and this often means sacrificing objectivity and some simple research. Again, this particular story wasn't bad.

 

However, I did see a screenshot elsewhere of the "accept" prompt from NYCC's app and it showed clearly that not only was acceptance giving permission for the app to post on their behalf, but to follow or unfollow and to change the profile. There were too many red flags in that screen, but most people quickly accepted, thinking the app would follow the unspoken rules that other apps play by. That screenshot isn't in the blog, and at this point I don't know the accuracy of the one I saw.

 

ADD: The CBR story on this subject shows the screenshot.

Link to comment
Share on other sites
Comicopolis

Comicopolis

Posted
Posted
So umm, yeah... What's up with this?

 

NYCC Hacking Twitter...

 

(tsk)

On a completely different note, I'm bothered that we're getting so much of our news from bloggers.

 

Why?

 

Not to take this conversation in a different direction, but there have been multiple examples of journalists from big-tim publications swinging and missing when it comes to breaking news, ongoing stories, etc. Bloggers can be nimble, aren't bogged down by potential politics or conflicts, etc. Some of my favorite journalists are bloggers-- whether they're at mainstream outlets, or self started blogs.

The one with this story wasn't bad. There are many that leave me with more questions after reading because there are so many holes in the information they've presented. I'm not saying professional journalists are always better. My problem with blogging is that so many blogs look like news to most people's eyes and too many readers believe the first words they read or hear on any given subject. Everyone wants to be first and fastest with news, and this often means sacrificing objectivity and some simple research. Again, this particular story wasn't bad.

 

However, I did see a screenshot elsewhere of the "accept" prompt from NYCC's app and it showed clearly that not only was acceptance giving permission for the app to post on their behalf, but to follow or unfollow and to change the profile. There were too many red flags in that screen, but most people quickly accepted, thinking the app would follow the unspoken rules that other apps play by. That screenshot isn't in the blog, and at this point I don't know the accuracy of the one I saw.

 

ADD: The CBR story on this subject shows the screenshot.

 

Indeed again - which is why it isn't hacking.

Link to comment
Share on other sites
dgarthwaite-migration

dgarthwaite-migration

Posted
Posted
If you accept cross-site logins or let apps access your account, you are allowing this type of activity whether it happens or not.

Thing is, there's a difference between linking/connecting your social media account and allowing it to post things to your account. Usually those are separate permission levels and you will have a separate option to allow the latter.

 

You aren't getting what I'm saying.

 

Since you have no control over what any app is actually doing once you give it access, you ARE allowing it to do what it did and possibly much more. NYCC is just the one that's been caught breaking the rules showing no respect for personal privacy and device use. .

 

Try running the Noscript plugin with Firefox. Go to a site with a video. It'll block the video in most cases. Click your "temporarily allow..." options and you'll see that you might have to allow over 20 web domains in order to see the video. Why does it take over 20 sites to view one file? Because they are sharing info about you! They are identifying you by things such as IP address, Computer, Operating system. It's all random information until you type real information into a form, then they all share it. The real word to describe what they are doing is "stalking", but they'll call it "customizing your browser experience based upon your preferences."

 

DG

Link to comment
Share on other sites
Go to topic listing