[temp129038]

Plaid needs to be exposed as one of the most unethical companies in SV. If people are worried about online privacy then they should really be worried about a company that is so deceiving and makes it basically impossible to revoke permissions on something as sensitive as access to your bank account and transaction history once granted.

[okigan]

Looks like Betterment & Wealthfront use plaid, which could affect many on HN [1][2].

[1] https://www.quora.com/Why-doesnt-Betterment-or-Wealthfront-u...

[2] https://www.investmentnews.com/article/20190108/FREE/1901099...

[jgalt212]

probably so, but the if you look at all the large recent successes in SV, all of them have had serious moral and legal lapses. As they are well funded, and have powerful friends, they have thus far avoided jail time.

So my cynical view, is that Plaid is just playing a game of doing what works and has proven to work. I am not excusing their bad behavior, just trying to point out what's motivating it. Robbers will always rob, and cheaters will always cheat, but we as a society need to make it less profitable to rob and cheat--and not just for the lower classes, for the elites as well.

Rahm Emanuel wrote on this recently in The Atlantic, and then shortly thereafter took a well paid job in financial services. So I guess, more do as I say not do as I do.

https://www.theatlantic.com/ideas/archive/2019/05/middle-cla...

[adrr]

To revoke access change your bank password. My biggest concern with any of the bank api providers is who they use to scrape the banks. Most are offshore outside the reach of US law enforcement or court system.

[robot]

can you revoke by changing your password?

[temp129038]

I’m not sure, but does it matter?

I take issue with a product that markets to consumers as an easy way to authenticate for the purpose of pulling or pushing funds, but is actually authorizing developers to scrape years of transaction history in 20 minutes, my real time balance, my phone/email/address etc. without another level of permission. It’s disgusting.

I just wanted an alternative to microdeposits to prove to an app that I own a bank account, not give the app free range to steal all my bank data in the process of doing so.

[Nursie]

In Europe we have PSD2 and similar things which are working towards much more of an oauth type of situation.

[pbreit]

In Europe there are industry consortiums working specifically on the account access topic: https://www.openbankingeurope.eu/