It helps to understand that the Maltego series of tools are “dual” use. In other words, they may be used for benefit or harm (and this changes also depending on point-of-view). In the Maltego community blog, some of the official signoffs exhort readers to use the software tool responsibly.


Paterva also clarifies that data extractions conducted off of their Transform Application Server (TAS) involve the collection of some basic information of users (such as the API key, the IP address, the transform executed, the time of access, the user ID which includes the first and last name and email address).  The questions asked and the results obtained are not recorded. This is to indicate that there is no stealth data extraction, no invisibility cloak. 

Some data extractions use web services residing on Paterva servers--such as those that use meta information in documents and those that use information "in the mirror of sites."  Those web serves log the question asked.  

Finally, Paterva notifies its users that when individuals or groups purchase their service (a fairly spendy investment the first year and then subscription the following years), they record the following:  first and last name, email address, time of registration, time of first use, the numbers of transforms run, the MAC address, the OS type and version, and the GUI version. This data will not be shared unless the company is compelled to by law (according to their notice).  

 

The company clarifies that their software may not be used for unlawful actions: “You are not limited in how you can use the software but you can't use it for unlawful actions (including collecting email addresses for sending spam). Same goes for the data or graphs you generate using it.” They also add: “You cannot blame us in any way if something goes wrong with this software. If you use this software and you get into trouble in any way then it's your problem.” (What follows then is the more binding legalese.)