While I commend the creator on a good looking and well-designed user interface - I will say that it boggles my mind when people give up their login credentials to unknown entities on the internet.
There is this fundamental disconnect between wanting to save yourself some money - but not realizing that you are setting yourself up for immense risks. You can lose far-far more by signing up to a site like this than what it could ever possibly benefit you.
The same applies to the founder as well - it is all fun to reach 1k MRR - but are you prepared to shoulder the responsibility that comes with managing people's login accounts and finance records? It is a massive risk.
Someone that forgets to set the development flag on their production service should not be in charge of accessing bank accounts.
This is no different than giving out legal or medical advice on the internet. Most people don't understand what they are getting into.
Jesus, its comments like this that will stop future developers from documenting their stories honestly or even having an About Me page.
As already pointed out, Plaid takes care of this not the dev. Sheesh
Plaid is handling the credentials, and they work with banks with their cooperation. This is FUD - it’s no different from accusing projects using Stripe of hoarding credit card numbers.
Or they do, they've done the calculus, and their threat models are different from yours. Ideally, yes, Bank of America, Chase, and Wells Fargo would make an API and give OAUTH (or SAML) access for mint.com to your bank account. But that problem's been around forever, and they trust lunchbag.ca with their login creds. You could fake a site similar to lunchbags' and grab a bunch of login creds and steal all their money? Go for it.
The issue here is the banks: until they change, the status quo here is stupid - you, the user of mint/lunchbag/etc, have to trust an agent with your password.
How do I convince Bank Of America that it's worth their time to work on giving 3rd parties API access to my account?
There is this fundamental disconnect between wanting to save yourself some money - but not realizing that you are setting yourself up for immense risks. You can lose far-far more by signing up to a site like this than what it could ever possibly benefit you.
The same applies to the founder as well - it is all fun to reach 1k MRR - but are you prepared to shoulder the responsibility that comes with managing people's login accounts and finance records? It is a massive risk.
Someone that forgets to set the development flag on their production service should not be in charge of accessing bank accounts.
This is no different than giving out legal or medical advice on the internet. Most people don't understand what they are getting into.