This is one where I don't quite get the angle of hosting locally to preserve privacy.
By nature of the economic system, you must interact with 3rd parties, unless you somehow live a life where you can manage to be all crypto or (increasingly harder) cash based. At that point, there is no real benefit to privacy outside of ensuring that whatever institution(s) you work with aren't doing anything odd.
Trusting some random VC-backed SAAS not to sell my data is (to me) as mad as trusting that the tide won't come in - it would be astonishing if they _didn't_ sell my data.
My bank has both commercial & cultural reasons not to sell my ID & transaction history. They might still do it anyways, but it's at least plausible that they wouldn't, if only due to the harm to their reputation if it ends up in the papers.
I'm a founder in this space (Fulfilled - posted above). Here's the reality:
You're right that incentives matter. But selling your data would be idiotic for us, same reason it would be for your bank in that trust is the entire business model.
If we want to monetize insights from aggregated data, we'd do it in-house and offer you better products. Example: Why sell your mortgage readiness data to some broker when we could source competitive mortgage offers and present them directly to you? Keep you in our ecosystem, add value to your experience, and build a revenue stream that doesn't destroy the core product.
The wealth space is crowded. Companies that burn user trust get exposed fast and die faster. The only sustainable path is treating your data like it belongs to you and not us. Any company here who doesn't get that is building on quicksand and I'd be very surprised to hear any of the larger players engaging in those practices but maybe I'm naive.
Either way, it's why we're a Fiduciary and that blankets the entire product suite.
"...Selling your data would be idiotic...same reason it would be for your bank [to sell your data] in that trust is the entire business model." I'm afraid that ship has sailed and taken your data with it.
I really don't think you read this article beyond the headline because that's not what it's about or implying...literally in the slightest.
That article is about JPMorgan being able to charge Plaid or other providers for the middleman access. They used to be operating almost for free, now Plaid has to pay for access the same way companies like mine pay Plaid.
So you don't think Plaid sells customer data? And by extension charging for customer data requests by Plaid and other aggregators isn't in fact charging for it?
So you didn't read the article and now you're just throwing out statements without validation? Great, if JPMorgan is selling your data then that's their decision and that's beyond the scope of this convo. We work with partners (Plaid, Snaptrade) who explicitly state that they DO NOT sell user data, and we maintain the same principles:
Here is the quote if you're too lazy to read this one too:
Does Plaid sell my financial data for advertising or marketing purposes?
No, we do not sell your financial data to third parties for marketing or advertising purposes.
Plaid only shares your data to power the services and products that you choose or to protect you and the Plaid network from fraud.
Plaid was founded on the principle that you have a right to your financial information and we are focused on providing products that allow you to safely and conveniently access your data and harness the power of Plaid’s secure financial network.
As Plaid develops more products and services, you may ask Plaid to share your information in ways that benefit you and that you control.
Plaid still rubs me the wrong way. Not selling to 3rd parties is great. But, everyone uses it, so that's still a lot of people getting data I don't necessarily want them to have. If I want to link a bank account to a credit card account in order to pay my bill, there's zero reason for that credit card company to have access to my bank transaction data. I still do the ACH deposit verification method where I can in order to avoid Plaid. I'd love more granular controls here or an audit log of what was pulled in.
SimpleFIN¹ looks compelling. Actual Budget can use that and it seems to work more like a privacy-oriented Plaid. But, now you need to trust a much smaller player. Really, I wish this were all standardized with strict privacy requirements.
Also, even if you trust the startup's current management and investors... a lot of those virtuous promises aren't enforceable in bankruptcy, and they may be in some legal jeopardy if they safely dispose of those "assets" before they are liquidated into the hands of someone without scruples.
I trust that the VC-Backed SaaS will be beholden to not wanting to get cut off from the bank(s), meaning not selling that data. If they sell aggregate anonymized transaction data, I'm also not sure I give a shit.
At a certain point paranoia gives way to practicality.
My threat model is one well placed technical employee who knows a buyer that will pay fuck you money. Judas can work at any organization and frequently does.
Yeah I was taken a back as well, "sell gold? To whom??" To the people buying gold, is not reasonable to have to pinpoint who exactly that might be given there is not shortage.
That is because of both of your biases (which is understandable) and me, not specifying why I am asking.
"it would be astonishing if they _didn't_ sell my data."
If the "who" was answered with "... to Kim Jong Un, glorious leader of the DPRK" you might raise a brow. That is probably not what they meant.
Maybe the author meant "... to the legal buyer of the new company, as part of the content of the company"? Maybe they meant "... to anyone willing to pay a price, legally or illegally"?
I wondered what scenario the author had in mind. It's a reasonable question. To me, the implications are quite different. You might of course disagree.
Obviously to anyone willing to pay a price. Have you ever looked at those cookie banners? "In order to give you the best experience, we share your data with our 759 partners..."
I’m not sure why you read their question as being either surprised or disbelieving?
I’ve worked in marketing enough to know that all sorts of less-interesting data gets bought and sold, yet alone financial data, but even if limiting the context to “for marketing purposes” I wouldn’t know, and would be interested in being told, which companies actually are buying that sort of financial information.
And as the user has now explained in a comment further down the thread, they weren’t limiting their curiosity to just marketing profiling so there’s an even wider scope to their question.
But hey, easier to just call them naive than to give them the benefit of the doubt and engage constructively.
Well, one of the benefits is that it won't go away.
I used Mint for years, and I LOVED it. Hooked it up to all my accounts, it could track purchases and spending and kept everything up to date automatically. It would remember how I categorized things.
Of course, then Intuit decided to get rid of it and force everyone to move to Credit Karma, which doesn't do the same things AT ALL. I don't care about tracking my credit scores, and I pay off all my credit cards every month, I don't need help finding a loan for anything. The only thing it does is try to offer me loans and credit cards. It doesn't have any transaction history, so it doesn't do the one thing I care about.
The decade+ of transaction history I had in Mint was just GONE. It really sucked, and I have not found a replacement yet.
I don't mind if it is hosted, or even if I have to pay for it, but I would like to be able to keep my historical data, and for it to automatically populate from my accounts, and not go away if a company decides it can't make money from it anymore.
Did you find a suitable replacement? What do you use now? I'm interested to hear how big of an sticking point this still is with this a verbose range of options now.
different poster of course, but actualbudget (free selfhost) + simplefin (paid api for transactions) has been really good. faster and more features than the commercial options had. simplefin can also be used for your own local projects
It’s more about having the optionality to not be tied to a SaaS provider and trusting them with all your financial data and bank credentials.
Having options to:
1– Install a piece of software and run it locally, no subscription, no cloud 2– Have to right to use a nicer app instead of a spreadsheet 3– not hand over your banking creds. Some banks will void your account insurance if you do 4– Reduce your exposure by not putting all your financial data on some startup’s servers.
Actual Budget uses SimpleFIN [1] in the US. The integration is pretty good. The big alternative is Plaid and I don't trust them at all. It's a shame we don't have a standard for electronic banking yet.
It's just the mindset. The "oh well 'they' already have all my data anyway" mindset leads to more and more individual steps of giving up privacy even if you could do something about it.
It might not protect any more data, but not attempting is a guarantee that it won't.
By nature of the economic system, you must interact with 3rd parties, unless you somehow live a life where you can manage to be all crypto or (increasingly harder) cash based. At that point, there is no real benefit to privacy outside of ensuring that whatever institution(s) you work with aren't doing anything odd.
I'm open to missing something here.