shahine.com/omar/

What about the privacy implications? Do you trust storing all of your account information on mint's website? I've checked the site out and while it's got some compelling features I really don't want to share that much data with a startup. I can't say I disagree with you but the privacy issues are huge in my mind.

Hey, Steve,

You're right, there are a lot of privacy implications to our services (I'm one of the founders of Wesabe). We've tried to take this issue on directly by promising people what we call the "Data Bill of Rights." These rights include the ability to export or delete your data whenever you want, and the right to have anything you want be private.

We are also the only service that provides automatic updates without requiring you to give us your bank or credit card passwords or account numbers. We provide small client applications (one a desktop program, one a Firefox extension) that keep your data sync'd with Wesabe while leaving your credentials on your own computer, and stripping out your account numbers before uploading.

We also use a host of other privacy techniques, which we wrote about in issue 11 of (IN)SECURE magazine, under the title, "Super Ninja Privacy Techniques for Web App Developers." I'd encourage you to check it out.

Omar is right -- all desktop applications, even personal finance applications, are making the move to the web. The question you ask about privacy is an important one, and we think we've taken an approach that all web app developers with sensitive data could learn from. I hope you'll check Wesabe out, and if you have feedback about our site or our approach to privacy, I hope you'll drop me a line at marc@wesabe.com.

Thanks much for the comments.

Marc Hedlund, Wesabe

I just started using yodlee.com and like it so far. Any comparisons with the other online sites mentioned?

The privacy issues are too big. Even with a corporate policy statement I've seen too many companies disolve those when the chips are down. I think Quicken or Microsoft needs to buy one of these companies before things really take off

The problems with "policy statements" are that they only really offer statements of intent. Bugs in the code or design of the software that cause software to not behave as intended will be the problem.

Of all the personal information that has been stolen from companies via Internet links, I don't think any of it was intended to be handed over to an attacker, regardless of whether or not a policy existed.

And you might say that, well, they've been audited. Such a statement is only valuable to people that don't know what really goes on in an audit. And, Enron and Worldcom were audited; and they were huge, prominent companies.

I like Wesabe's bill of rights but it's not integrated into their Terms of Service so while it's a nice marketing gimmick you have no recourse if they decide to take it down or alter it.

Hi, James,

Yes, you're right that we need to make the terms, privacy policy, and data bill of rights agree with each other more, and we have been working on that.

But I don't agree that people would have no recourse -- for one thing, the publicity hit we would take if we did violate our own bill of rights would be enormous; for another, we've made the bill of rights very clearly a promise, and I think any court would consider it false advertising at the least if we deliberately reneged on it.

I wrote it, and I'm the chairman of the board, and I definitely don't consider it a marketing gimmick. I think of it as a deliberate shield against anyone in the company -- now or in the future -- proposing actions that would violate it.

Take from that what you will, but I think even our posting it as a separate document on our site is a promise that we would be held to, not just a gimmick.

Best,
Marc Hedlund, Wesabe

People who complain about privacy and hacking/data-loss issues in personal finance websites like Wesabe or Mint should think about the same risk via netbanking. The vulnerability of our data is even more at risk there. Think about it: you don't even have to opt for netbanking. If your bank's site were to get hacked there is a good chance that your data is at risk whether you ever wanted to make it available online or not. No bank I have seen provides an option to do computer-less banking!!

In this day and age privacy and data security are at best a hope.

Marc, while your bill of rights and other ways of protecting data are nice, and your comment about negative publicity while true, still leaves me wondering what will happen if years from now your company were to be acquired by someone that doesn't really believe in them. A policy is a policy only until overridden by another policy!

I like to dream about some personal finance software company that promises a large financial reward (in the order of millions) to anyone who suffered financially due to their software through an act of negligence or otherwise!

It's not the "end" of personal finance software; it's the beginning of personal finance software finding a profitable business model.

nobody mentions mvelopes! (www.mvelopes.com) the clear winner in this category. ~K