Security of Third-Party Tools

From Goon Wiki
Jump to: navigation, search

Many developers produce third-party tools (software, spreadsheets, and websites) to make EVE Online a better experience. While the majority of these tools are well-intentioned and genuinely helpful, tools have been created now and in the past with the purpose of collecting intelligence from other entities that use them. You should always make an effort to know who makes a particular tool, and in the case of a website, who runs it and where it's hosted. Giving tools access to your system and/or private CREST endpoints via EVE SSO can result in a breach of your personal privacy as well as the operational security of The Imperium.

As part of a recent revamp of the Utilities pages on this wiki, we've made an attempt to highlight the ownership and control of popular tools so that you can make informed decisions.

Security Information on Utilities Pages

  • Internally Developed: This tool is developed by an Imperium member.
  • Internally Hosted: Available from or runs on infrastructure controlled by GSF or another ally within the Imperium.
  • Externally Developed: This tool is developed by someone outside the Imperium.
  • Externally Hosted: Available from or runs on infrastructure not controlled by GSF or another ally within the Imperium.

What can I trust?

Unfortunately, trust is a relative thing.

  • A widely used local application with a well-established web presence is significantly more trustworthy than a web application, because the information shouldn't have to go anywhere and there are ways to verify this.
  • A widely used web application though, is significantly more trustworthy than a software download that's relatively unknown or hosted with some fly-by-night download service.
  • A tool where you know the authors is probably more trustworthy to you than some unknown.
  • Internally hosted and developed applications are probably safer for Imperium members than external ones.
  • Tools where source code is available are more easily checked for backdoors - but this doesn't guarantee anyone's done so, and in the case of a web-based tool or binary, it doesn't mean that the version available corresponds to the source available.

Over time, developers form a reputation. Barring significant, and sudden changes in their tools, some tools are widely considered to be "safe" by the EVE community.

EVE SSO hygiene

  • Try to use the least amount of external tools as possible
  • Check carefully what permissions the tool asked for, for example a fitting tool don’t need a permission to read you location, or market orders
  • Use your personal brain.exe - you get this file with your birth by your parents (some peeps lost this file some years later or got a corrupted one)
  • Check for all active Third-party Tools that have access to your stuff and delet not necessary Tools! (Hello,zkillboard!) GSF Auth is the important thing for your gsf characters, don’t delete it or your ceo will be mad at you ;)