Hacker News new | past | comments | ask | show | jobs | submit login

I have my own issues with Plaid, but I think you’re reaching a bit here. Everything Plaid does is opt in by the end user. They’re not selling data unbeknownst to the user (assuming co-founder above is being genuine), the user is giving another service permission to use their data.

As for bank logins...that’s been around since long before Plaid. But I agree there must be a better way. Though I don’t have any great practical ideas.




It's possible I'm overreaching, yep, but I think the past decade has shown - is showing - that simply 'assuming the best' of what will happen with rapid adoption of new technology isn't the most effective strategy. Daemons will come home to roost over time.

Even if users are technically opting in, and even if everything is documented in the privacy policy, a potential end-game here is that startup companies have access to all bank transactions for the people who need to use Plaid - likely people on the ground in the sharing economy who rely on it for payments - and the more fortunate/wealthier folks continue to have financial privacy by virtue of not needing to use it.

That would be a really unfair world to live in.


Do users have any idea exactly what they're giving up here though? Do they have fine-grained permissions to allow read-only vs write access, and to choose between transaction and account level data? And is there anything that prevents those second-party developers from then turning around and selling data to third parties (besides their own TOS with Plaid)?


What write access would there be?

Obviously this is a hugely sensitive service, I’m not denying that. But there’s a way to do it right and it seems that Plaid is attempting to do that. So I’m not ready to declare them evil before they actually do anything evil.


Many (most?) banking websites allow transferring money through the UI. A screen scraper technically has the same access.

Unfortunately the current approach of the major aggregation players is the only way to motivate the banks to give customers access to their own data through more reliable means.


> A screen scraper technically has the same access.

Sure, but the developer using Plaid's services doesn't.


> it _seems_ that Plaid is attempting to do that

Isn't this a clear parallel to the Google "Don't be evil" approach that gets discarded as soon as the opportunity cost becomes too large to ignore?


Sure, but what do we do? No company should ever be allowed access to data?


It's a big question that I don't have the answer to. I'd prefer we trade off on some innovation on features in exchange for innovating the way we segment and communicate our data. But the market is speaking and it has a different opinion...


It's read-only access.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: