This afternoon a user on the Puzzle Pirates forum posted an interesting question:

Im [sic] sorry to ask this question, but how do we know this software is safe from account hackings and such?

It is certainly an interesting question, and while my response likely won’t quell concerns much, it did get me thinking about safety in regards to software. How do you know that every piece of software running on your computer is safe? Even if you examine the source code, is there a way to know for sure? In actuality, not really.

Now I know that there likely will be some open source advocates who will say that open source software is safer than closed-source software, statistics don’t really support that. Any application on your computer can be used as a conduit for compromising your computer’s security.

In my response to this concern, there wasn’t much I could say, but I finished with this statement:

The Trade Profiteer will not harvest any information about you and, to the best of my knowledge as the sole and principal developer of this application, cannot be used to compromise someone’s account.

About all I could provide are verbal assurances. And this was not the first time this concern was raised. Not long after the initial beta release and the announcement on the forum, forum user hugnam posted this:

Sounds pretty good for an application, but unless it’s proven to be safe, i’m not gonna use it.

Software safety is certainly an issue. Any data you enter into any application has the potential to be harvested and sent somewhere. An application may hook into the system to capture keystrokes. Unless you have an application to detect applications like these, you can’t know entirely.

To help quell fears a little, I responded to the most recent concern on the forum with this:

If you are concerned that my application might harvest data about you, your computer, or your installation of Y!PP, you can certainly configure your firewall software to block the Trade Profiteer from accessing the Internet. Unlike with the Pirate Commodity Trader with Bleach, you will not be interfering with the Trade Profiteer by doing that. If you configure your firewall to block the Trade Profiteer, the only functionality you will be blocking is its ability to check my web site for a new version, which is the only reason it will ever connect to the Internet.

Further, I added this, which may give a little more assurance:

I have also been playing Puzzle Pirates since late 2005, I’ve built up considerable wealth in the game, and I’m not about to risk all of that.

Creating an application that can be used to harvest account information is an offense that will get you banned from Puzzle Pirates and likely reported to applicable government agencies. It’s not something I’m going to risk.