I had a bank that frequently double-charged me for services and threw my balance below zero. I wouldn't trust their records of what I spent for anything.
But I would give my bank credentials to Zuckerberg (say we meet at a restaurant in Palo Alto and he asks for it). The asymmetry of the situation means that he will lose much more than the meager amount in my account if he steals the money. So that questions is rather silly.
I understand that the question really means "give you credentials to Facebook", where Facebook is proxy to any big company. This is a harder question, but one that I face often in practice, giving out bank account info, SSID number, credit card numbers, etc. The answer, evidently (since I and millions of other people do give this information out) is yes. The above answer still applies, these companies still stand to lose more than me if this information leaks or they mismanage it.
In summary, the richer and visible an entity (real or corporate) is the better I feel about providing sensitive information, if it should be provided. This means that teh sort of main message used here ("would you give your account info to") is irrelevant. Being open source is a huge step up, but for the general public either it doesn't mean much or else is a detriment, since the thinking is that, if it's open, "hackers" can also see the code and find ways to exploit it.
So how can a small startup ever compete with large established companies, since this creates a chicken and egg problem?
I spent the better part of a year and a half on the premise that consumers care about data ownership. Spoiler alert, they don't. It's a similar concept in terms of what hackers tend to value.
There is a (small) niche of people that care about this stuff. But I can't help but feel that we, as hackers, try to communicate why others should care. Perhaps they should, I don't know. But what I do know is that they don't.
We end up wasting precious time and energy trying to convince someone who blatantly trusts Facebook that they should not. And we use phrases like "a company that's business is to sell your data".
I agree completely with you and after having worked at a large company (Yahoo!) on their security team I can confidently say that your data is safer with a large company than on some small or even self hosted software.
I'm not trying to convince hackers not to hack. I'm saying to not waste time convincing the general population. Scratch your itch and find the niche that actually cares about what you're building and talk their language.
The problem is that he will have an always more accurate profile of you. Your incomes/expenses tell a lot about you, some info that interest a lot of people...
The consequence is that FB will sell your always more accurate profile (or give it to the NSA :-)
I agree with the idea of a free/open finance manager - definitely when it connects to the bank through online services.
I wrote a GPL'd finance app for OS X a few years ago, and tried to add online banking support, but other than OFX HTTP download, there didn't seem to be any standard specification for it at the time other than screen-scraping, which I don't think counts, so I didn't bother, given it would be different for each bank.
Another issue is that my bank would give abbreviated/limited names and descriptions of the data, which meant that there needed to be a "post import" step to tidy the data up to make it meaningful which was annoying.
This is an open source project designed to be hosted on one of the "personal cloud" platforms that you can run yourself on your own hardware, or if you want, run on a VPS that you trust. That eliminates many of the concerns that people generally have about "the cloud," while still giving you the convenience of having it web-accessible from anywhere you want to check it.
Or I can use X11 forwarding over SSH to access GNUcash from my desktop which seems a lot safer than hoping that whatever VPS I have on the Internet is magically secure.
Came here to say exactly that. Kudos to the original author! But just having made this and open sourced it makes them awesome enough, they don't need to puff themselves up by using easily disproved superlatives.
I know this sounds pedantic and distracts from your software, but that's because the website really distracts. With any service or product, make the focus on that thing instead of the website taking the limelight, because even if it works you still steal focus.
I was just mulling over this same problem last week. This approach is a big improvement over giving Mint or Wave (or their scraping partners) my credentials.
Last I looked GnuCash didn't support any online banking except HCBI (Germany). So beyond the simple online finance manager functions, maybe it would be worth thinking of re-purposing this as a banking transaction aggregator that could feed GnuCash or Ledger or whatever. That would give it a better focus on the value for me, at least.
What I would really like to see is a startup or open source project that can sell banks on a standard API with granular OAUTH and drive that difficult adoption cycle. Something in the spirit of the German HCBI, but built on REST with the ability to limit an app's access to read-only, get balance and get transaction options.
This sounds awesome. I've been looking to build an alternative to Mint, but getting banking data (in an automated way) has always been a pain. I look forward to trying it out.
Yeah Mint has so many flaws and warts but without the backend integrations it would be very tough to create a competitor.
There was a good article a couple of years back about why Wesabe lost to Mint[1], written by one of the Wesabe co-founders. The biggest issue according to him was that they chose to write their own integrations instead of partnering with Yodlee.
Since that time, Mint has left the Yodlee platform, but it gave them a first-mover advantage that no one has been able to overcome.
I've checked back with Mint many times over the years, but they have never added support for any of my banks and never responded with more than a form email to requests.
After quite a bit of back and forth with Wave and their backend provider (yodlee?), I was able to get connected.
It does squick me out to share my credentials and grant full access to my bank account, but I was hoping for some smart transaction categorization. Wave does a pretty good job there.
I'm still likely to just disconnect and reset all of my passwords though. It's just too worrisome leaving that out there.
I opened the page and saw "Would you give your bank credentials to Mark Zuckerberg?" and waiting for something to happen. About 10 seconds later I figured I should try scrolling.
Really?
http://skrooge.org/ http://www.gnucash.org/ http://kmymoney2.sourceforge.net/ ...