| Hi HN — I’m Victor. I built Whisper Money, a personal finance tracker where your
financial data is end-to-end encrypted client-side before it ever reaches the
server (zero-knowledge style: the server stores ciphertext and shouldn’t see
plaintext transactions/accounts/budgets). It’s aimed at people who want to track spending/budgets without giving a SaaS
provider access to raw financial data. There are no bank connections and no AI
processing — you can import transactions via CSV/XLS and everything is encrypted
locally before upload/sync. You can self-host it via Docker/docker-compose:
https://github.com/whisper-money/whisper-money There’s also a hosted version at https://whisper.money (paid). Source is available under CC BY-NC 4.0 (non-commercial). What I’d love feedback on from the HN crowd: - Threat model review: what am I missing in the E2EE/“zero-knowledge” claims? - Backup/restore expectations when encryption keys live only on clients - What features you’d require before trusting it for real finances
(e.g., OIDC/SSO, 2FA, audit logs, export formats) Happy to answer technical questions about the architecture and encryption flow. |