Most people would agree the first person to write something down and share it with their friends is not responsible for all the horrible things written. In the same way, the inventor of the gun isn't responsible for the deaths of all those killed with firearms. The latter probably feels more open to debate, particularly around what it means to be ‘responsible’.
The difference here between the creation of language and weaponry is that the potential ramifications of the gun are clearly known to the inventor. The individual that creates a weapon to be used against enemy soldiers knows that it is a destructive tool. If that tool is used against people who were not originally intended to be harmed, is the creator still responsible?
Tools in the field of security, Open Source Intelligence (although using open source information by definition), and others have the goal to make it easier to find relevant information oftentimes pertaining to an individual. Many of these tools put a specific focus on social media which heavily relate to the personal lives of many. Because of this, there is a dilemma when deciding to publicly release scripts/tools.
- A: Release the tool and hope that by doing so you promote knowledge about what kind of information is publicly available, that people use it for good purposes (such as TraceLabs), and people do not use what you've provided for malicious purposes.
or
- B: Do not release the tool, avoiding relinquishing control over what you've made is used for, while also greatly limiting its potential for positive impact.
I recently wrote a tool which might be of use to some people wanting to use it positively, however I realized if I open sourced it or released it in any matter I would have no control for who it was used towards, something I was not comfortable with in this circumstance. Because of this, I opted for option B. However, this is definitely a case-by-case choice.
I have also been writing a tool, Traverse, to automate discovery of related sites that use the same adsense/analytics ids/js/html/etc with the goal of being able to quickly spot relationships between news sites or blogs who may be promoting false information across their hosts. In this instance, I believe that the positive outweighs any negative impact it may have, and the tool is made entirely open source.
Whether or not you agree with me, I hope everyone that reads this can accept the sentiment that before something is released, the potential impact, both positive and negative, should always be considered.