Many developers produce third-party tools (software, spreadsheets, and websites) to enhance the EVE Online experience. While the majority are well-intentioned, some tools are created specifically to harvest intelligence on rival entities.

Every tool you authorize is a potential leak. Giving a tool access to your private EVE data (ESI) via SSO can result in a breach of personal privacy and compromise the Operational Security of the Imperium. https://developers.eveonline.com/authorized-apps

As part of the Utilities revamp, we classify tools based on ownership and infrastructure to help you make informed decisions.

Internally Developed

The code was written by an Imperium member. These are generally trusted but not immune to bugs.

Internally Hosted

The tool runs on infrastructure controlled by GSF or an ally. The server logs and data are in friendly hands.

Externally Developed

Created by a third party. We have no control over the code's intent.

Externally Hosted

Runs on a server we do not control. The host can see who accesses it (IP addresses) and potentially harvest the data being processed.

Trust is relative. When evaluating a new tool, consider the following hierarchy of risk:

• Standalone vs. Web: A local application (like Pyfa) is generally safer than a web application. Local data stays on your machine; web apps require sending data to a foreign server.
• Reputation: Established tools with years of history are safer than a new tool posted yesterday on Reddit by an unknown character.
• Source Code: Open Source tools are safer because they can be audited for backdoors. However, this is not a guarantee—just because code is public doesn't mean anyone has actually checked it.
• Internal Preference: Always prioritize Internally Hosted/Developed tools over external alternatives.

The EVE Single Sign-On (SSO) allows tools to access your data even when you are logged out. Maintain strict hygiene regarding what you authorize.

• Minimize Exposure: Use the fewest number of external tools possible. If you don't use a tool daily, revoke its access.
• Check Scopes (Permissions): Read the requested permissions carefully.
  • Does a fitting tool really need read access to your Location?
  • Does a market tool really need access to your Contacts?
  • If a tool asks for more than it needs, do not use it.
• Critical Thinking: Use common sense. If a random person links you a "cool new mapping tool" during a war, it is likely a trap to get your location.
• Regular Audits: Periodically review all authorized applications on the EVE Secure website.

You should check your authorized applications list regularly and delete anything you are not actively using (e.g., old zKillboard authorizations, unused mapping tools).

Manage your Third-Party Applications here: https://developers.eveonline.com/authorized-apps

Note: Never revoke GSF Auth for your Imperium characters, or you will lose access to alliance services.