[txcwpalpha]

I'm not sure I follow nor agree. When I go buy something at Target, they take my money but I in no way expect that Target would then be able to see my bank account balance nor all of my transaction history at every other place I shop.

[ceejayoz]

"I'm swiping my card" versus "I'm entering my banking username/password" are very different authentication methods.

[bubblethink]

And yet, you are missing simple distinctions between authorization and authentication. You can authenticate with a separate identity provider. Every site that uses google login does that. They don't get access to your google account. You can also authorize specific things in your google account. Some apps do that too, and they get restricted access to a folder in google drive for example. Plaid doesn't follow any of these patterns. Instead, they show you a log in screen that looks like your bank's login (same colours and everything), only that you are sending your credentials to plaid. This is outright deception.

[txcwpalpha]

What does the authentication method have to do with anything? You stated that if an app "takes your money", then you expect it to have unfettered access to all of your financials? That's absurd, regardless of what information you put in.

If I give a valet the keys to my car, it is very clearly for them to drive it to and from a parking space, nothing else. It is not blanket approval for them to go take it on a joyride through the city. To defend them by saying "well you gave them the keys, what did you expect?" would be similarly absurd as defending Plaid et al.