Hacker News new | ask | show | jobs
by woogiewonka 2669 days ago
Is it just me or is anyone else bothered by Plaid privacy policy on the information they collect? I want to use this app but reading through that privacy policy is the stuff of potential nightmares. "collect information including: account numbers, routing numbers, names, balances, history, loan info etc etc..." pretty much everything. Umm no thank you.
6 comments
rixrax 2669 days ago
I'm generally bothered by giving access to my anything to some random 3rd party websites. I am clearly not in a target market, but why would you trust this or anything similar to act in your best interest after you've allowed them to connect to your bank, email, etc. Especially after a year or two when their balance sheet begins to be on the red.

Would make an interesting experiment to create a website that would 'promise' cash-money based on whatever in exchange of user connecting their email and other accounts. This hoax could then siphon the passwords and accounts directly to Troy Hunt [0] and warn user like SECs fake ICO site[1] does. ;-)

[0] https://haveibeenpwned.com/ [1] https://www.howeycoins.com/

edit: grammar

link
Fnoord 2669 days ago
Just like with any of these data grabbing cloud services I don't believe anyone is in the target market, long term speaking. You just learned your lesson sooner rather than later.
link
Fnoord 2669 days ago
Yes, I'm bothered, but then again I'm bothered by pretty much the entire cloud trend. Its not a matter of if shit hits the fan; the question is when. We recently saw one of the many examples of this with Facebook. When is enough enough?

The example of this application seems just like it wouldn't be too hard to implement with proper accounting (and tagging) of expenses.

You can easily self-host Firefly III in Docker [1], or use GNUCash [2].

I'm going to experiment with the former in the next months.

[1] https://hub.docker.com/r/jc5x/firefly-iii

[2] https://www.gnucash.org/

link
exolymph 2669 days ago
Don't they need that info to perform the basic functions of the service? Or are you concerned about it being stored long-term?
link
callmeal 2669 days ago
>Don't they need that info to perform the basic functions of the service?

That is a limitation of the OFX version 1 protocol that is used by banks to exchange that data. OFX v2 does away with real account numbers in the api in exchange for account identifiers. The problem is that not all banks have switched to the new api, which was only finalized back in 2006, so give the big FIs a little time to get with the program.

link
arbuge 2669 days ago
The point is precisely that using a service which needs that info might not be such a good idea...
link
qrbLPHiKpiux 2669 days ago
Every time my daughter wants a new app, I take a look at the PP and Terms - then I try (and try hard) to let her know why this app is app is a bad idea. Hopefully, she'll get it as she grows and won't do something stupid with an app or a device.
link
leepowers 2669 days ago
You are correct. That's way too much trust to put in a company. I can export CSV files from my bank. I'd use the service if I could upload CSV files for my accounts for a given year, and run the data through their algorithm.
link
flattone 2669 days ago
yeah not a chance in hell
link