Enshittification of a Beloved Open Source Tool, Postman

Summary

The author expresses dissatisfaction with Postman's transition from a user-friendly, open-source tool to a paid service with mandatory cloud storage, citing security concerns and a lack of user benefit.

Abstract

The author begins by acknowledging their previous reliance on Postman due to their own self-described aversion to command-line interfaces, particularly cURL. Postman's ease of use made it a beloved tool for the author and many web developers. However, the author's sentiment has soured due to Postman's shift towards monetization, which includes the deprecation of local storage for requests in favor of their external storage system. This change raises significant security concerns as sensitive data such as passwords and API keys are now stored externally. The author references a Reddit thread that details these concerns, suggesting that Postman's new direction may introduce a "pay to encrypt" model for credential storage. The author critiques the imposition of new requirements without clear user benefits and speculates about potential service outages and additional issues that could arise from Postman's cloud dependency. The article concludes with the author's lament over the trend of valuable tools becoming monetized and less user-friendly, with a call for community-recommended alternatives to Postman.

Opinions

The author has a strong preference for user-friendly tools that do not require command-line expertise.
Postman's transition to a paid model with a focus on cloud storage is viewed negatively, with the author expressing a sense of betrayal.
There are significant security concerns regarding the mandatory use of Postman's external storage for sensitive data.
The author is critical of the potential for Postman to introduce a paid feature for encrypting credentials.
The change in Postman's storage approach is seen as arbitrary and not in the best interest of the users.
The author anticipates further complications and service issues due to the dependency on Postman's cloud infrastructure.
There is a broader concern about the trend of valuable open-source tools becoming monetized and the negative impact this has on the developer community.
The author is seeking alternatives to Postman that maintain the original spirit of ease of use and security without mandatory cloud services.

Web devs, I’m sorry, but you’re going to have to a cURL hero

I’ll be first to admit I loved using Postman. I am a shitter when it comes to being a command-line junkie. Shit, I got made fun of opening up PyCharm to show code because I wasn’t a VIM hero.

You won’t see me anytime cURL commands to debug a request. That command scared me, and Postman was my hero.

However, Postman wanted that money because everything is about being richer than yesterday. As a result, I have some serious concerns about using Postman.

Security Concerns

This thread covers most of the concerns. The TLDR is Postman deprecated local storage for requests. This means all data in those requests, including passwords, API keys, etc., will be sent to Postman’s external storage system. A sane individual might think that’s not good, especially since not everyone is a friendly threat researcher.

Sneaky bastards are trying to pull one over. I can’t wait for the “pay to encrypt” credentials password DLC to come out.

This change is intentional, and I guess Postman will offer companies to spin up their instances of Postman, similar to JIRA, in the future.

Anyways, having arbitrary requirements like this placed on software with no benefits to the user is annoying. Now, if Postman can’t store credentials due to an outage, does it not work? What other bullshit issues will be introduced?

It’s another example of how good things don’t last forever. Wait until ChatGPT gets monetized or VSCode.

Can’t have anything good in this space, and I expect it to get worse over time.

Thanks for the read, and let me know of alternatives like Insomnia in the comments.