Is this third-party stash app safe?

"

Zalm wrote:

"

CrystalisQualinthi wrote:

Rule of thumb

My thumbs have rules?

Yes. :-P

- Deleted -

"

DestroTheGod wrote:

Whenever I use any kind of application, I immediately change my password both before and after use. This way, if they steal my password, it doesn't matter :)

Eh, it minimizes risk, but I wouldn't say it "doesn't matter". What happens if you use jimbob's app and jimbob is bored and watches all account harvesting in real time? Then, if you change your password and use the app for 5 minutes, jimbob has 5 minutes to log in as you, *re-change* your password so you're temporarily locked out until you get ahold of support and get things under control, and then loots you silly while you're trying to re-establish your account.

"

CrystalisQualinthi wrote:

Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"

I could have speculated that far. However, if you look at that link, it's on reddit's PoE subreddit, which has tons of users and nobody besides me is even asking about the risks, so the general consensus seems to be that it's safe. What I'm looking for specifically is to get some people who are qualified to examine the actual code since it's open source.

That's not to say I don't agree with what you're saying. I do agree and that's why I created this post. I want more proof than a "bad feeling" though, because the tool seems incredibly useful and there are other tools like PoE helper that are widely used and require login credentials.

"

CrystalisQualinthi wrote:

Rule of thumb: if your question starts with "is this third party" the answer is "no. Fuck no."

If the question doesn't start with "is this third party" but has "requires login info" and *isn't* produced by the game company, the answer is "no. Fuck no."

If the question both starts with "is this third party" AND "requires login info" then the answer is "holy crap, back away from the internet slowly!"

Nailed in one. Tech support 101: "My x isn't workin-" "have you installed any Third Party apps?" "Well, just the one-" doooooooooooooooooooooooo (dial tone).

We'll pretend the guy who made the app is 110% honest, and won't ever look at your login information, so its totally safe from him. Seriously. (<- unlikely)

Do you trust that the app is as bullet proof as GGG's servers against attacks? If not, you're opening yourself up to more likely hacking.

Also, the guy who made the app is totally going to look at your information eventually.

"

Luvz wrote:

I could have speculated that far. However, if you look at that link, it's on reddit's PoE subreddit, which has tons of users and nobody besides me is even asking about the risks, so the general consensus seems to be that it's safe. What I'm looking for specifically is to get some people who are qualified to examine the actual code since it's open source.

That's not to say I don't agree with what you're saying. I do agree and that's why I created this post. I want more proof than a "bad feeling" though, because the tool seems incredibly useful and there are other tools like PoE helper that are widely used and require login credentials.

Personally, I subscribe to the Greater Internet Fuckwad Theory (GIFT) that states "Normal Person + Anonymity + Audience = Total Fuckwad". Thus, my personal preference would be to give 0 third party anyones my username/password. My reasoning for this is twofold.

1. What happens if they redesign the app the harvest the crap out of you later on? Maybe it's fine now, and once they hit a threshold of users that makes it worth their while they go 'black hat'.

2: How do *they* store your account info? Having your account info in more than 1 place simply increases your chances of someone getting compromised and your account info stolen.

I'm looking for more than speculation guys.

Any of us can say it sounds unsafe, because obviously typing login information into a third-party app with no research is ill-advised. However, if someone spent a lot of time working on a super helpful tool that is incredibly safe, saying it is unsafe without any research on your part is also uncalled for.

The purpose of this post is to get the attention of a few people who are qualified to EXAMINE the CODE and determine if there are even security issues in the first place.

I'm not asking for a bunch of people with my level of technical knowledge or lower to say that it sounds like a bad idea. I know it does... I want PROOF one way or the other.

"

CrystalisQualinthi wrote:

Personally, I subscribe to the Greater Internet Fuckwad Theory (GIFT) that states "Normal Person + Anonymity + Audience = Total Fuckwad".

Ah Tycho and Gabe...they seem like Gaming and Internet Gurus.

"

Luvz wrote:

The purpose of this post is to get the attention of a few people who are qualified to EXAMINE the CODE and determine if there are even security issues in the first place.

So my point that code is malleable and could be completely changed down the road once the app developers see a certain number of users was lost on you? Sure, have a coder examine the code and certify it 'clean', that doesn't meant it will always be clean. :/