DEV Community

Awesome List of the Best Developer Tools

Suraj Vishwakarma on June 12, 2023

Introduction In this rapidly evolving tech world, we see lots of dev tools getting launched every day. Most of them aren’t great that ca...

Read full post

Mike Stemle • Jun 17 '23

It should be noted that some of these tools have known privacy problems, and Postman—for example—is able to access any secrets or credentials stored on their servers by your use of their cloud services. They're pretty transparent about this fact in their privacy policy.

It is generally a good idea to never put sensitive information into a third party system or service unless you have an NDA and contract in place with that third party.

In order to keep yourself and your organization safe:

Always read the TOS, EULA, and Privacy Policy
If you have a legal team, it is probably a good idea to have them review the terms, too
Do not share information with third parties who you don't have an agreement with, unless you're comfortable with that information being published everywhere on the internet (including with competitors or adversarial entities)
Make sure you know for sure whether the tools you're using phone home or send your information out.

No amount of convenience is worth a data breach.

Camilo Santana • Jun 29 '23 • Edited

Postman is able to access any secrets or credentials stored on their servers by your use of their cloud services

You mean this policy?

Postman personnel do not access private workspace
content except for:

security purposes
to assist the workspace owner with a support matter
to maintain the integrity of the Service
to comply with our legal obligations
if we have reason to believe the contents are in violation of the law, or
with your consent.

Note the "with your consent" and the legal obligation.

You enter into a business agreement with these kinds of services. You're partners. It may be best to avoid assuming an antagonistic relationship by default.

Mike Stemle • Jun 29 '23 • Edited

I do object to your assumption that I’m suggesting antagonism, my concern here is only for privacy and security.

I’m referring to this section under “Workspace contents”:

If your workspace is private, you control the access to your Content. If you include personal information or Sensitive Personal Information, that information may only be accessible to Postman in accordance with this Privacy Policy. Postman personnel do not access private workspace content except for:

security purposes to assist the workspace owner with a support matter

to maintain the integrity of the Service to comply with our legal obligations

if we have reason to believe the contents are in violation of the law, or

with your consent.

However, while we do not generally search for content in your workspaces, we may scan our servers and content to detect certain tokens or security signatures, known active malware, known vulnerabilities in dependencies, or other content known to violate the Postman EULA.

This means that Postman personnel have the ability to see inside everything you do, so if they have an internal bad actor, or they are breached, everything in your account may be compromised.

B. Burt • Jul 12 '23

Thank you for the info. I use Insomnia over Postman but now I wonder...

Does Insomnia have same/similar privacy issue as Postman?

Suraj Vishwakarma • Jun 12 '23

Which developer tools do you use most?

Krisztián Maurer • Jun 13 '23

I'm currently doing a lot of migration work in TypeScript, and I find this tool app.quicktype.io/?l=ts very helpful. It helps me create the old interface from a JSON object easily.