How do I know I can trust a tool with my password?


May 16, 2013
Reaction score
Sorry if this is a newbie question, but I searched the forum and couldn't find an answer.

I'm thinking about purchasing a tool like Tweet Demon. Once I put an account name and password into the tool, how can I be sure that the creator of the tool won't steal my account?

It seems like a pretty easy thing to do to silently "backup" users accounts and passwords to a central server, and if Twitter/Instagram/etc find a way to shut down the tool, having access to a number of very valuable accounts seems like an tempting way to make some extra money. Since no one even knows who the creators of some of these tools are, it doesn't even seem like some creators have any "reputation" to protect.
You should ask the same question regarding hosting companies. How can you be positive that they wont steal your website leads, emails DB, ideas, bla bla assuming you have a super earning website ?

The answer is: You can't really tell. This is why you should look first for recommendations, testimonials, ask around etc. same as with purchasing any product, even offline.
Check for positive reviews and referrals. If others enjoy using the tool then it's possibly very good and reliable. You can also monitor from your ends from time to time, if you notice any weird change investigate and act quickly.
In this world its best not to trust anyone, just change the password once you are done with the tool.
How can you be sure that Microsoft is not stealing all your data by using Windows as an OS? You can't..

Just use tools from established and reputable companies! Also try to avoid cracked stuff as most times it is infected
Are you referring to social media tools? You NEVER EVER use your real\personal account on those tools. Most accounts used on those tools are created by bots. Also, check if the developer(s) is legit and has a good standing reputation. Most of the time the money they earn from the software is a deterrent enough to prevent such small hacking activities from occurring.
Aside from the obvious responses in this thread that lean more towards the developer/their reputation, I'd say you're much better off looking at the code itself.

I've noticed most people on this site whip up quick little apps using .NET, which means you can usually just decompile the binary and view the raw source code (or the interpreted bytecode). Sometimes they obfuscate the source before deployment, but a little debugging goes a long way.

What I'd personally do in your situation is purchase the application, debug/analyze it, and run a packet sniffing tool like Wireshark to capture and log all outgoing requests said application makes.
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock