Hi, I’m Jason, CEO of Wesabe (a USV portfolio company). Thanks Fred for starting this conversation.
Peter,
The question you raise about trust is really important…because sometimes too much trust can be a really bad thing.
At Wesabe your passwords are NEVER stored on a server. We maintain your credentials on your hard drive – decoupling the credentials from the data associated with them. We also don’t pass your credentials onto a data middle man in order to pull data out of FIs (both Mint and Geezeo share your passwords with third parties).
You also correctly raise the issue of privacy (which we think is just as important as security). We protect our member’s privacy by building a “privacy wall.” Here is how it works:
The data that you submit to Wesabe is divided into two categories: public and private. Public data is associated with your public persona (i.e., your public user name and user photo, if you have provided one) and consists of tips, goals, comments, and other data visible by other users. Your private data, which consists of your bank accounts and transactions, is only connected to your public persona by your password, which is not stored by Wesabe. Therefore, your private data can only be connected to your user account when you are logged in; when you log out of Wesabe, the connection is completely severed and your privacy protected.
Steve Kane,
I think in many ways you prove Fred’s point. In your description of data ownership you showed the way banks uses an individual’s data to derive value. I think that what Fred is asserting, and we agree, is that the users should have at least as much control over their data as the FI.
Put another way, consumers own they money they put in banks, and they *should* own the data associated with the money. Banks, as long as they remain solvent, can make use of the money and the data. However, at the end of the day the money and the data belong to the consumer.
kid mercury
· 2 years ago
IMO companies need to have full access to do whatever they want with metadata.
Marco Barulli
· 2 years ago
Everyone got used to trust online services with personal data (photos, texts, spreadsheets, and now financial data ...), but is it always necessary? Can I get the convenience of web applications without facing a "trust problem"?
Clipperz, the online password manager, recently introduced the concept of zero-knowledge web applications. An application that knows nothing about its users and their data. Not even their usernames! Local encryption within the browser guarantees that no one, except the user that owns the data, can read it.
Zero-knowledge applications require complex browser-based cryptography. Luckily Ajax made pure browser-based cryptography a reality. Javascript implementations of crypto functions have been around for years, but Javascript alone can’t remember data between page loads. This causes an annoying issue since it forces the user to re-enter the encryption key each time. Ajax web apps tend to not actually do page transitions, hence solving the problem of keeping a persistent key to perform crypto operations.
Zero-knowledge web applications aim to leverage the Internet to manage personal data, especially sensitive one, without disclosing any information to the server providing the service. The basic idea is to deliver a "no trust needed" web service, where users have the ability to inspect and verify anything running in their browser. Zero-knowledge web applications drift the attention away from trusting the provider and let users focus on trusting the application.
Clipperz started with a password manager, but a secure web-based word processor is already in the pipeline. A personal finance manager could be next.
You got the "social web". Are you ready for the "private web"?
Marco
Peter Cranstone
· 2 years ago
It's your data. It's your choice where you store it. You have to assume that there service will be hacked at some point. Much more sophisticated services have been - there's will be too. What happens to your data once it's been exposed?
Your login and passwords should NEVER be stored on the server.
Security by obscurification is not security. There is only one way to do this and that is to be open about how things work. That's unlikely to happen, so ultimately you take a risk on having your data exposed. The key is to understand the downside risk and mitigate against it.
All of these services rely on one thing - Trust. Once that trust is broken, however it's done, it will be incredibly hard to resurrect it. All you have to do is ask yourself - what if everyone reading this blog suddenly got to see the data I stored on Wesabe? Now it may not affect you totally because you're well diversified - however for people who aren't it becomes an immediate violation of their personal space. That's tough to recover from.
Also - here's one more thought. What if the Government want to inspect my online financial records (or lawyers in a divorce action) - what are my rights?
andrew
· 2 years ago
I sort of think this is a mute put. Those who are concerned about who owns what will not use any of these services. I believe all these services have some sort of bill of rights. Once these services get an FDIC type guarantee adoption will increase. I really like MINT and had a good feeling about them. I believe MINT will become a leader in this space. Security is important. Once breach and its over for all these services.
Steve Kane
· 2 years ago
Fred, I'm puzzled by your assertion that "bank and credit card compan[ies]... who thinks they own [individuals transaction and other financial data]...
In my experience this is simpy not true.
As I'm sure you experience (to the point of annoyance!), every financial institution you do business with maintains and publishes a very detailed and explicit Privacy Policy and mails it to you periodically (as they are required to do, by law.)
Most people may throw these disclosures away without reading them, but they exist, and are very clear: the financial institution does not own the data; the customer does.
In addition to my work in permission-based automated database marketing, I was a founding Director and investor in a successful nationally-chartered bank, and sat on the bank's board for six years, and I can tell you, without condition, that the bank utterly respected the customer's privacy and maintained and complied with all applicable federal, state and local laws and its own internal Privacy Policy with intense effort and and near fanatical commitment -- if you want to see a financial institution fail instantly, watch what happens when its customers lose their trust -- and in my experience with other financial services companies, I saw them all act the same.
Not because they are altruists, but because of self-preservation.
Sure, it's true that Privacy Policies can and often do allow for data aggregation, or internal marketing repurposing, or even outright reselling. But if you don't like that, just find another financial instution to do business with that has a more restrictive policy.
And as for the "new" online models, in a world of Tacodas and DoubleClicks and the like, the genie is wayyyy out of the bottle.
Case in point? When asked, the TechCrunch40 startup Mint.com stated that its business model is "lead generation." I would avoid that company like the plague. Ditto Wesabi or any company that can't find a user-direct-pay business model, as they will have to go to advertising or lead generation for revenue, and that will compel them to have very vague or loose Privacy Policies --there just ain't no other way to make hay.
Robert John Ed
· 2 years ago
I've been in the private beta of Mint for a very short term (for whatever reason it was only a week after tooling with the beta that it went live at the TC40). My bank isn't on the service yet and so the only card I have is my CC. For Mint to become a leader in the space over Jason and Wesabe they have to get the vast majority of banks (obviously they know this).
The tagging system was something I commented to the company on; it should be user focused in that I want to label certain purchases as what they are. The concept is simple, everything I buy at the local gas station isn't fuel, so I want to tag it as food or entertainment, etc. I think it makes sense to give users fundamental guidelines for tagging but also open it up for their discretion wherever possible. I'm extremely excited about services such as this because I'm such a lousy accountant (I've never balanced a checkbook and have overdrawn my account a handful of times since college a few years ago.) This space is going to be big for my generation (Y) and MUCH MUCH bigger for the generations younger.
Security and privacy are obviously huge concerns, but for the most part most of the people I know are completely comfortable with buying/posting info online because our banks and CC companies are fraud protected. That said, one slip up and I'm off the service for good.
druce
· 2 years ago
Anybody willing to give all their online banking passwords to a startup to store on their servers deserves whatever pain they have coming.
Any startup that asks people to do so is the reason for the mindset where people give up all security for a little convenience. That's what has led to every friggin' security fiasco.
Even a financial institution has no reason whatsoever to store your password. (Just a hash... you enter your password, they hash it and compare to stored hash, and never store the actual password, and the hash cannot be easily reversed). And a bank at least has a franchise to lose, unlike an other-people's-money startup.
(Wesabe is doing this part right, I just want proper reports/budgets!)
Jon
· 2 years ago
I completely agree with Druce on this. I'm a pretty adventurous user of online services and have been for some time, but giving a statup the keys to the kingdom (my financial usernames & passwords) just sounds nuts to me. I've worked at and built a startup and have consulted to large banks and insurance companies. You can say what you want about the dynamism of the former versus the latter, but when it comes to my money, I'll take the controls and conservatism of large financial services companies. And, yes, I know they occasionally lose a laptop full of social security numbers. I can only image Mint as a service offered by large, branded banks.
druce
· 2 years ago
(to Robert I would add... no bank or CC company is going to guarantee your security when you post your password online... and good luck trying to recover money when it's missing from your account)
Brooks Jordan
· 2 years ago
I'm not as focused on privacy as maybe others are. Yes, I want my financial data to be private, but I trust Jason and Wesabe (and other companies like Mint) to do this right, even if they have to perfect it over time.
It's not that I don't trust the bigger banks and credit card companies to do the same, but what they're obviously not doing is making it easy for me to track, understand, and analyze what is a very fast flowing transaction stream in my bank account. Do you know that Wells Fargo, where we bank, still won't let you put your transactions or outgoing bills into categories? (Tagging? Forget it.)
My wife and I together are probably 80% card swipers and only 10% cash and 10% checks. Between us, we probably have 300 card transactions per month. Wesabe, which I use, has been a life saver in allowing me to see that data through tags and graphs in a way that I can make sense out of it. This has been the hook for me so far.
I'm also excited about the social component. Right now the benefit is more general: we're doing it together. But I would love to see how information and resources could be pooled to make people wealthier and all around happier and make the banks work harder for their money. Wesabe could become that kind of platform.
Aaron Patzer
· 2 years ago
Mint has a similar "Bill of Rights" under our "How Mint Keeps You Safe" link: http://mint.com/safe.html
---- How Mint Keeps You Safe
1. Your data is secure. Only you have access to your data on Mint. 2. Your data is always private. Your personal information is never sold to anyone. 3. Your data is yours. You can take it with you or remove it anytime you want. 4. Mint works for you. Mint's advanced software identifies personalized ways to save you money, avoid fees, and decrease financial risk.
Mint believes not only in simplifying your financial life, but in having a readable and comprehensive privacy and security policy anyone can understand.
Mint keeps your data private, and limits collection of any personally identifiable information. * We require only a valid email address for login registration for the service. Notice that our signup page never asks for your name, address, or SSN. * Your personal information is never sold to third parties. You will not end up on someone else’s email list. * You can delete your account at any time.
druce
· 2 years ago
a start... but for every mission statement that says 'only you have access to your data', somewhere there are a bunch of sysadmins laughing their you-know-whats off...
But thanks for clearing that up - I'm so relieved that you aren't asking for my SSN! just usernames and passwords to all my online financial institutions...
jason knight
· 2 years ago
Aaron,
Thanks for participating in the conversation. I believe that Mint will delete a user’s account, but does Yodlee (data middleman that actually pulls member account data from FIs ) delete the account as well? Do you require your aggregation vendor to adhere to the same standards that Mint promises?
Steven A., Carpenter
· 2 years ago
Steve Carpenter, the CEO of Cake Financial here. Glad to see Jason and Aaron posting and taking the same thoughtful approach to privacy and security that we do at Cake. Cake is built like the banks and brokerage firms you already use and trust. You can see our specific policies at https://www.cakefinancial.com/app/pubSecurity.do.
At Cake we have three core principles when it comes to our members' information:
1. Members are in Control of Their Information 2. State of the Art Security Infrastructure and Policies 3. No-Hack Assurance
Cake uses the same data classification system that is standard for financial services; i.e., public, private, and secret. And then we attach policies to each classification.
Public - no restrictions Private - should only be shared with the user who owns that data, but exposure would not incur a financial loss Secret - financial loss would occur if data was exposed
We believe in our approach and systems so much that we will reimburse any Cake member in the unlikely event that they experiences a financial loss as a direct result of our negligence. I do not believe anyone else does this.
Alexander Falk
· 2 years ago
Great topic. But in addition to trust and ownership of financial data there is another issue to consider: one would normally expect a financial software to get the basics of math. Not so with Mint! They just promised me that I can save $35,977 by switching to CapitalOne: http://www.xmlaficionado.com/2007/09/mint-pomis... Not a joke - I've posted actual screenshots!
All Comments
Peter,
The question you raise about trust is really important…because sometimes too much trust can be a really bad thing.
At Wesabe your passwords are NEVER stored on a server. We maintain your credentials on your hard drive – decoupling the credentials from the data associated with them. We also don’t pass your credentials onto a data middle man in order to pull data out of FIs (both Mint and Geezeo share your passwords with third parties).
You also correctly raise the issue of privacy (which we think is just as important as security). We protect our member’s privacy by building a “privacy wall.” Here is how it works:
The data that you submit to Wesabe is divided into two categories: public and private. Public data is associated with your public persona (i.e., your public user name and user photo, if you have provided one) and consists of tips, goals, comments, and other data visible by other users. Your private data, which consists of your bank accounts and transactions, is only connected to your public persona by your password, which is not stored by Wesabe. Therefore, your private data can only be connected to your user account when you are logged in; when you log out of Wesabe, the connection is completely severed and your privacy protected.
Steve Kane,
I think in many ways you prove Fred’s point. In your description of data ownership you showed the way banks uses an individual’s data to derive value. I think that what Fred is asserting, and we agree, is that the users should have at least as much control over their data as the FI.
Put another way, consumers own they money they put in banks, and they *should* own the data associated with the money. Banks, as long as they remain solvent, can make use of the money and the data. However, at the end of the day the money and the data belong to the consumer.
Can I get the convenience of web applications without facing a "trust problem"?
Clipperz, the online password manager, recently introduced the concept of zero-knowledge web applications.
An application that knows nothing about its users and their data. Not even their usernames!
Local encryption within the browser guarantees that no one, except the user that owns the data, can read it.
Zero-knowledge applications require complex browser-based cryptography.
Luckily Ajax made pure browser-based cryptography a reality. Javascript implementations of crypto functions have been around for years, but Javascript alone can’t remember data between page loads. This causes an annoying issue since it forces the user to re-enter the encryption key each time. Ajax web apps tend to not actually do page transitions, hence solving the problem of keeping a persistent key to perform crypto operations.
Zero-knowledge web applications aim to leverage the Internet to manage personal data, especially sensitive one, without disclosing any information to the server providing the service. The basic idea is to deliver a "no trust needed" web service, where users have the ability to inspect and verify anything running in their browser. Zero-knowledge web applications drift the attention away from trusting the provider and let users focus on trusting the application.
Clipperz started with a password manager, but a secure web-based word processor is already in the pipeline.
A personal finance manager could be next.
You got the "social web". Are you ready for the "private web"?
Marco
Your login and passwords should NEVER be stored on the server.
Security by obscurification is not security. There is only one way to do this and that is to be open about how things work. That's unlikely to happen, so ultimately you take a risk on having your data exposed. The key is to understand the downside risk and mitigate against it.
All of these services rely on one thing - Trust. Once that trust is broken, however it's done, it will be incredibly hard to resurrect it. All you have to do is ask yourself - what if everyone reading this blog suddenly got to see the data I stored on Wesabe? Now it may not affect you totally because you're well diversified - however for people who aren't it becomes an immediate violation of their personal space. That's tough to recover from.
Also - here's one more thought. What if the Government want to inspect my online financial records (or lawyers in a divorce action) - what are my rights?
In my experience this is simpy not true.
As I'm sure you experience (to the point of annoyance!), every financial institution you do business with maintains and publishes a very detailed and explicit Privacy Policy and mails it to you periodically (as they are required to do, by law.)
Most people may throw these disclosures away without reading them, but they exist, and are very clear: the financial institution does not own the data; the customer does.
In addition to my work in permission-based automated database marketing, I was a founding Director and investor in a successful nationally-chartered bank, and sat on the bank's board for six years, and I can tell you, without condition, that the bank utterly respected the customer's privacy and maintained and complied with all applicable federal, state and local laws and its own internal Privacy Policy with intense effort and and near fanatical commitment -- if you want to see a financial institution fail instantly, watch what happens when its customers lose their trust -- and in my experience with other financial services companies, I saw them all act the same.
Not because they are altruists, but because of self-preservation.
Sure, it's true that Privacy Policies can and often do allow for data aggregation, or internal marketing repurposing, or even outright reselling. But if you don't like that, just find another financial instution to do business with that has a more restrictive policy.
And as for the "new" online models, in a world of Tacodas and DoubleClicks and the like, the genie is wayyyy out of the bottle.
Case in point? When asked, the TechCrunch40 startup Mint.com stated that its business model is "lead generation." I would avoid that company like the plague. Ditto Wesabi or any company that can't find a user-direct-pay business model, as they will have to go to advertising or lead generation for revenue, and that will compel them to have very vague or loose Privacy Policies --there just ain't no other way to make hay.
The tagging system was something I commented to the company on; it should be user focused in that I want to label certain purchases as what they are. The concept is simple, everything I buy at the local gas station isn't fuel, so I want to tag it as food or entertainment, etc. I think it makes sense to give users fundamental guidelines for tagging but also open it up for their discretion wherever possible. I'm extremely excited about services such as this because I'm such a lousy accountant (I've never balanced a checkbook and have overdrawn my account a handful of times since college a few years ago.) This space is going to be big for my generation (Y) and MUCH MUCH bigger for the generations younger.
Security and privacy are obviously huge concerns, but for the most part most of the people I know are completely comfortable with buying/posting info online because our banks and CC companies are fraud protected. That said, one slip up and I'm off the service for good.
Any startup that asks people to do so is the reason for the mindset where people give up all security for a little convenience. That's what has led to every friggin' security fiasco.
Even a financial institution has no reason whatsoever to store your password. (Just a hash... you enter your password, they hash it and compare to stored hash, and never store the actual password, and the hash cannot be easily reversed). And a bank at least has a franchise to lose, unlike an other-people's-money startup.
(Wesabe is doing this part right, I just want proper reports/budgets!)
It's not that I don't trust the bigger banks and credit card companies to do the same, but what they're obviously not doing is making it easy for me to track, understand, and analyze what is a very fast flowing transaction stream in my bank account. Do you know that Wells Fargo, where we bank, still won't let you put your transactions or outgoing bills into categories? (Tagging? Forget it.)
My wife and I together are probably 80% card swipers and only 10% cash and 10% checks. Between us, we probably have 300 card transactions per month. Wesabe, which I use, has been a life saver in allowing me to see that data through tags and graphs in a way that I can make sense out of it. This has been the hook for me so far.
I'm also excited about the social component. Right now the benefit is more general: we're doing it together. But I would love to see how information and resources could be pooled to make people wealthier and all around happier and make the banks work harder for their money. Wesabe could become that kind of platform.
----
How Mint Keeps You Safe
1. Your data is secure. Only you have access to your data on Mint.
2. Your data is always private. Your personal information is never sold to anyone.
3. Your data is yours. You can take it with you or remove it anytime you want.
4. Mint works for you. Mint's advanced software identifies personalized ways to save you money, avoid fees, and decrease financial risk.
Mint believes not only in simplifying your financial life, but in having a readable and comprehensive privacy and security policy anyone can understand.
Mint keeps your data private, and limits collection of any personally identifiable information.
* We require only a valid email address for login registration for the service. Notice that our signup page never asks for your name, address, or SSN.
* Your personal information is never sold to third parties. You will not end up on someone else’s email list.
* You can delete your account at any time.
But thanks for clearing that up - I'm so relieved that you aren't asking for my SSN! just usernames and passwords to all my online financial institutions...
Thanks for participating in the conversation. I believe that Mint will delete a user’s account, but does Yodlee (data middleman that actually pulls member account data from FIs ) delete the account as well? Do you require your aggregation vendor to adhere to the same standards that Mint promises?
At Cake we have three core principles when it comes to our members' information:
1. Members are in Control of Their Information
2. State of the Art Security Infrastructure and Policies
3. No-Hack Assurance
Cake uses the same data classification system that is standard for financial services; i.e., public, private, and secret. And then we attach policies to each classification.
Public - no restrictions
Private - should only be shared with the user who owns that data, but exposure would not incur a financial loss
Secret - financial loss would occur if data was exposed
We believe in our approach and systems so much that we will reimburse any Cake member in the unlikely event that they experiences a financial loss as a direct result of our negligence. I do not believe anyone else does this.
http://www.xmlaficionado.com/2007/09/mint-pomis...
Not a joke - I've posted actual screenshots!