I will run the installed version of YNAB as long as it runs on my computer, and after that I'll probably run in in a virtual machine until the end of time. I am not comfortable with my financial information being on the cloud in the hands of a third party, much less so when it is not the likes of Google and Apple with armies of security engineers and can be hacked much more easily.
A number of information sharing activities cannot be limited. This is typical of any bank or financial institution. Your bank has its own vendors, many of them are themselves SaaS and cloud hosted!
My point isn't to say "Why care at all? Just open the floodgates!" Instead, my point here is that trust and security in our society is only as good as the people and institutions that back them up. We don't use bank vault doors for our front doors just because we have the knowledge that anyone with simple tools can defeat a home lock.
Therefore, I think that the choice of more inconvenient solutions made just to avoid some nebulous what-if scenarios involving privacy is often (but not always) the wrong way to go.
A) They will have all of your financial information, as opposed to banks that will each get a slice. So the data they have is much more sensitive.
B) YNAB has around 100 employees in total. They do not have the resources to secure their data the way big banks do. We all have our doubts about security at big banks, but I am sure small startups are way worse.
C) It was all unnecessary for YNAB to go online. The decision, much like 1Password's was about money, not clients. I cannot live in this day and age without a bank account. I can live with an old version of YNAB. Heck, I can live even without YNAB. If banks are necessary evil, YNAB is an unnecessary one. Why increase your attack surface with unnecessary stuff, just because there is some necessary attack surface remaining?
Re. point C, I think everyone's use case is different but for an alternative perspective: it was absolutely necessary for YNAB to go online for me to buy it.
The mobile app is a really key use case for me, and even as a technical person I just can't be bothered to set up hacky sync via dropbox or expect my family to know how to do that. Even if I could be bothered, now I'm just kicking the responsibility to dropbox + myself with all the same problems. I'd rather have the app developers manage that responsibility.
Yeah I can totally understand that. I'm similar with the sync feature: the last thing I'm going to do is give them (or their 3rd party provider) my actual bank credentials. I would feel better if they supported some type of end-to-end encryption. I can also understand how, at least from a business perspective, most users probably don't care enough to not use it.
FWIW, YNAB never receives or touches your bank credentials — sign-in happens through MX and Plaid, which hands back a token to YNAB to use[1]. For banks that support it, the process goes through OAuth and you sign in directly with your bank, so even MX and Plaid never see your credentials. The whole process is end-to-end encrypted, with no credentials stored at rest (unless necessary on the MX/Plaid side, but they handle that).
Not trying to change your usage or habits, just wanted to clarify.
Thanks for clarifying! I understand the architecture but perhaps didn't explain it properly in my comment.
It does honestly strike me as the best approach given the constraints, but here in Canada almost none of my banks are supported with OAuth flow last time I checked so giving the 3rd party providers my credentials and having them log into the bank both violates the TOS of my bank and is also far less secure than I'm comfortable with. Storing my financial details in YNAB / their partners is one thing, storing credentials that can be used to actually move or spend my money is another.
It's honestly not a huge deal for me personally. Entering the transactions manually is a good habit as I can see the balances update and mobile app is easy to use right on the spot.
Totally fair and reasonable! Too many banks here in the US too that both make it against TOS to get external access to your data and also refuse to offer anything secure like OAuth — extremely frustrating :/ At best you can try to pressure your bank to support OAuth but... we're just small fries.
Yeah banking is stuck in decade old technology in north america. Heck I'd settle for TOTP (or any 2FA in some cases) or getting rid of those harmful security images.
I held off on the new YNAB for a very long time before switching about a year and a half ago. I absolutely love the new version and the syncing works so much better than before. And the new iOS client is loads better.
