[noloqy]

It is time for software companies to unite. Feds can't just continue roaming around, asking companies for their users' password hashes and other things.

In the current state, some big companies have the means to fight such requests, some big companies are very willing to cooperate, and small companies rarely have the means to go into a legal battle.

Because of the current fragmentation and secrecy surrounding feds' requests with software companies, users do not have the possibility of knowing what they're in for with which company. Also, the divide and conquer tactics used by the Feds really allow them to extract much more information than what would otherwise be the case. Ideally there should be a union for software companies, which makes agreements with the feds concerning their access rights; agreements which then apply to all members of the union.

Currently I have two rules of thumb: 1) for critical services, avoid companies located or significantly involved in the US or UK and 2) at all costs, stay away from Microsoft.

[kybernetyk]

1) For critical services run them locally where possible. Avoid 'cloud' or 'remote' at all costs - no matter where the hosting company is located.

[toble]

This is more apt advice. At Hacker News we are swimming in a sea of start-ups, who are constantly evangelising the 'cloud' (it's often their bread and butter). But if you genuinely want privacy then keep it local and locked down. Stick to mainstream open source products and keep things as simple as possible.

[SilasX]

Well ... What if I launched a cloud based startup that used homomorphic encryption on your data? I mean, it'll be another 10 years before we get the encryption overhead below a factor of a million, but at least we won't be able to give away your data in any useful form...

[hariis]

And what will you do when Feds knock on your door?

[kybernetyk]

At least they need a warrant in that case and you know that there's something going on.

Also: You can encrypt the server hard drives.

[noloqy]

Fun fact: in Holland the department of justice has recently obtained the right to force you to decrypt your hard drive.

[krasin]

This is why deniable encryption exists.

http://en.wikipedia.org/wiki/Deniable_encryption

[killerpopiller]

use hidden truecrypt-container in a truecrypt container.

[drivingmenuts]

Keep your server in a hardened concrete closet and a strong magnetic coil in the only doorframe.

Hey, it sounded good on paper.

[mtgx]

I've been saying the same thing for a while. Many companies need to form some sort of alliance against government censorship and surveillance, not just in US, but globally. One company alone, even one as big as Google, can't stand up to a government like the Chinese one. 100 big American companies that are vital for their economy, might be able to do it.

[w0rd-driven]

Ditto. I'm of the notion that the government can't put the entire company in jail. Could you imagine if Google, Microsoft, and Yahoo were effectively put out of business for these decisions? The repercussions would be devastating. Even placing a lot of key officials from these companies in jail would have lasting effects.

To me this is the prime definition of "too big to fail". It would only require a small percentage of these companies uniting "for the greater good" to produce meaningful results. Not cowing to the NSA is not treason in this instance so I can't even possibly understand why complying with "laws that aren't on any books so are they really laws?" has any positive merit.

[john_b]

Yes, but they won't do it until it hurts their bottom line. If I owned a European cloud business of any kind I would be heavily advertising to the US market right now. When customers start leaving major US internet companies because they no longer feel that they adequately protect their data and privacy, things will change.

[moens]

IMO the very nature of the centralization of power works against individual rights, one of which is (arguably) privacy. As corporations grow they tend to lose a sense of the customer as a means, and instead choose which type of customer they need in order to maximize profits (or other goals).

Corporations (or any large centralized power base) will optimize for the most exploitable customer or user base, culturing this base if possible. To help broaden a target user base corporations need strong centralized governments more than they need even sizable (but less "culturable") segments of their market base.

Upshot: mature corporations (political parties / religions / etc) will not typically stand up to a centralized government on behalf of a rights-demanding fraction of their market... indeed, typically, they will do the opposite.

[rayiner]

And let's face it, it's not like corporate America needs the government's help to abuse you based on your private information. Not in a day and age where you can be denied a job because of your credit history or kicked off your insurance because of your health records. People throw off tons of data, and companies have been working for decades to figure out how to use it to screw you.

[im3w1l]

Well that sounds great if the large companies fight the good fight. If they don't, you have a very large, unaccountable companies, able to fight the governments to get [lower taxes/lower wages/monopolies]

[rlvesco7]

Do we think that services like Mint are handing over all our financial data to the government (making it easy for them to have a picture of your entire finances)?

If so, are there any viable, offline alternatives?

[john_b]

Never mind Mint, if your bank accounts are in the US your financial data is already available for inspection by the IRS, DHS, and probably many other three letter agencies. I'd wager that Mint, not being a bank, has far less an obligation to hand over your financial data than the banks you have accounts with.

[mahyarm]

The US already has complete financial surveillance over all US financial activity that isn't a cash trade, and they've been expanding it around the globe aggressively. For decades.

[rayiner]

In this day and age where everyone does everything through credit cards, everyone already has all your financial data. Certainly the government does, and the credit card companies hand information out like candy.

[uptown]

Probably. They also scoop up all your credit card transactions, so for in-person purchases, they've got your location logged there as well.

http://www.motherjones.com/kevin-drum/2013/06/wsj-nsa-progra...

[girvo]

For what it's worth, I'm working on a Mint competitor of sorts (that takes advantage of Machine Learning to automatically help you save. It will be based in Australia, not the US, and the basic app will be released as open source for personal self hosting.

[Joeri]

I don't think any country is safe at this point. TNO (trust no one) is the only solution. Your cloud provider should have no ability to hand over your data because they can't decrypt it themselves. For example, Lastpass has an architecture where the passwords are encrypted and decrypted on the client, the server never sees anything but pseudorandom noise, and you can audit their browser addon to verify this. You can, with careful design, build many - if not most - cloud services in this way.

[girvo]

That is exactly what we are trying to do. The problem is that is somewhat at odds with machine learning in practice, but I have some ideas in the space.

[aryastark]

Just an FYI, a Mint competitor, Wesabe, went out of business some time ago. When they did, they open sourced their software. Not sure of the state it's in. Maybe you can find some good things in their bank interface/scraping code...

https://github.com/wesabe/pfc

[girvo]

Brilliant! Thanks for that :)

[Arnor]

After reading rlvesco7's comment, I immediately deleted my Mint account. It always made me uncomfortable to have all my financial data sitting in the cloud. I stopped actively using it a few months ago.

An open source service sounds interesting, but I don't think I'll ever be willing to post all my financial data to a web service again. It would be great to have a locally installed application that could keep track of all those accounts. Having some algorithms run to help me save would be great, but it would take some demonstrated assurances to get me to provide even anonymous data for the machine learning process.

[rlvesco7]

This is interesting. Machine learning requires data. Will the app be sending back up anonymized data that then gets used to help the app make better decisions? Or how else will you make your app smart like Mint? Can't wait to see what you're doing.

[girvo]

The former is what we are doing, but coupling it with some basic statistical financial methods (and some stuff I've come up with myself!) that you can rely on if you'd rather not send the information. That's also what the cheapest plan for our hosted version relies on.

The entire premise is personal finance software that learns your habits to make it easier to use :)

[deanpcmad]

That sounds good. I'd be interested in seeing the open source version

[howeyc]

If you like text files, there's ledger : http://ledger-cli.org/

[superuser2]

The government having access to your financial data is a prerequisite for a functioning tax system. If you are audited, the IRS has the right to look inside your bank accounts.

The policies (or location) of online budgeting tools are entirely irrelevant. Hiding financial data from the government involves well established trades dating to long before the internet (or PRISM): money laundering and tax evasion.

[mrerrormessage]

Check out GNUCash. I've been using it for about a year. Entering all your stuff is tedious, but it's open source and integrates with some banks (also import from Quicken and CSV).

[scrabble]

I could never sign up for Mint. I see the value in it, but providing a private business with a view into all my financial accounts just seems like a huge mistake.

[sgrove]

Other than banks, creditors, and credit-score companies? I imagine there are far more businesses with access to view our financial accounts than we realize day-to-day.

[scrabble]

I'm sure you're correct.

But as far as I know, my bank can't look at my accounts that are with other financial companies.

[sp332]

It's not just that, but they use information in your accounts to recommend other companies' products. Today I got a notification that I was paying more than average for car insurance, with a link to a competing product.

[a3n]

text files, paper statements and your file cabinet. There are various open source check register and book keeping packages. GnuCash is complete but possibly overkill for some people.

http://en.wikipedia.org/wiki/Comparison_of_accounting_softwa...

[nwzpaperman]

What part of "privacy is dead" do people not understand? You think multi-core processors in your iPhone or android is to make the calls more clear? How many people here can say they haven't integrated a "smart" Apple or Google phone into their lifestyle? Someone with more HN love should post that poll.

Everyone needs to reconsider their worldview and a few important definitions they hold. One of those is privacy.

My definition of privacy: anything I relay to ANY one person is no longer private. What's the old saying about three people keeping a secret? Information wants to be free and privacy is not its natural state. It's always been this way, but the physical barriers to diffusion have been completely decimated in the past two decades.

This is not a mere blip in a long term trend, it is fundamental, IMO.

That being said, I believe there are new values we can all embrace to make the most of the state of the human experience today. Perhaps someone should can a thread on Internet values for the 21st century and beyond.

PS - Anyone ever wonder how MSFT got an anti-trust pass in the US, but not in the EU?

"In the interest of national security..."