By default all of your data is held locally on your own computer, even if you choose to syncronize with other machines or a mobile device, where your data must be passed through a server or dropbox your data is encrypted and only you have the password,
None of your data is ever held on a system owned by The Infinite Kind (the creator of Moneydance) or on a system they have access to.
I have some residual doubts about the fact that Moneydance keeps all data localized to the user own system ...
As testing your software, I see the existence of some file named:
This file was created automatically, without that I was informed about it.
This seems designed for synchronization.
Furthermore, in the software folders is the file named:
I believe that any synchronization features should be added on a voluntary basis by the user, typically by downloading a synchronization plugin.
By default, the software should be unable of performing any synchronization.
As described in other messages, TXN files in some folders are designed to sync data. As I cannot see a server component, I assume this synchronization is done through Infinite Kind's server(s) or thir-party servers (Dropbox?, Amazon S3?, ...).
I assume you have some Cloud projects or Big data ones (if not already done).
I have no problem purchasing good software, even if more expensive than MoneyDance is, as long as it is fully standalone without privacy risks.
Sorry being so suspicious, but I have not been fully reassured by the answers of the team on the forum, especially since users are discouraged deleting the TXN files.
Users need to know exactly what is done with their data, where they are stored and which data transfers are possibly done behind the scenes.
The only time Moneydance uses the cloud, say Dropbox is if you elect to sync your data to another computer or a mobile device say a phone. Their the files you are seeing, they are created even if you don't sync in case you elect to at a later date. When Moneydance uses Dropbox, it is automatically uses end to end symmetric AES256 encryption. As used by governments and banks for example. Keys (syncing encryption passphrase) are not held in the cloud, only on your devices. Moneydance never sends data to their server, they don’t have the encryption key. If Dropbox was to be hacked, hackers would only get an encrypted set of files.
If you don’t use syncing your data never leaves your hard drive. If you set a password on your data file your data on your hard drive is encrypted. Don’t forget this password as Moneydance will not be able to retrieve this password.
Also take a look at this article https://infinitekind.com/blog/online-banking-privacy-security
Support should be able to tell you more.
I'm eagerly looking forward to a response to Julien's observation regarding apparent synch functions.
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------From: Julien <[email blocked]> Date: 2/25/18 11:16 AM (GMT-05:00) To: [email blocked] Subject: Re: Privacy? [Switching to Moneydance #8167]
I'm not convinced I'll be able to satisfy you but will give it a shot.
The Moneydance data structures have been designed so that synchronizing of data can be achieved. If you are thinking there should be two separate structures - one designed for people who make use of the feature and one for those that do not I do not think that is an realistic expectation. A structure that is designed to facilitate to feature will work quite happily if you do not use the function, but alas not the other way around.
Moneydance has a core data file then the .TXN files you see, periodically these files are rolled into the main data file FWIW, What happens is that Moneydance reads the trunk file then reads the TXN files for newer data, these TXN just contain one or more transactions, so it is working somewhat like a journaling system. When you add transaction the software writes out TXN files
In day to day operations when syncing data it is these TXN files that are copied between systems.
Moneydance uses a drop and pick up technique to replicate the data. The primary requirement is to have some sort of shared location that can be used for the central location to make this work.
There are three possibilities.
Shared folder is one where you must have a location you can see from your machine, some sort of file share generally. This type of approach is geared towards say a LAN that all machines are connected to when using Moneydance. Clearly this is an environment you have to create to work.
Dropbox folder is the next. You have to install the Dropbox client for this to work.
The third is Dropbox connection. for this to work you have to provide a dropbox Username/password to access it.
In all three cases you have to configure the system for it to begin the replication process, you have to select the method that is being used as part of the setup process.
A Plug in for synchronization I do not see as viable. It is operating here at the basic level of data file handling and that is not a level I see a plugin operating at. I see plug-ins adding features and functionality at a much higher level. The capability of Synchronization I see as being a core part of the software functionality - even though I do not personally use it - and therefore part of the basic software.
Sean Reilly on 26 Feb, 2018 07:59 PM
Pretty much everybody posting to this thread so far has been correct or has raised excellent questions. I seriously appreciate everyone's attention to privacy and can assure you that TIK is absolutely committed to maintaining customer privacy.
The files under the "tiksync" folder are built using our own incremental storage system in which all changes are logged to encrypted files. Those would be the *.txn and *.mdtxn files. This was designed to be compatible with syncing, and especially with end-to-end encrypted syncing that can use any folder/file system, whether local or remote, for performing syncing. So customers can use any file storage mechanism (dropbox, box.net, SMB, afp, sftp, etc) and not have to rely on that storage system's encryption. Any synced files are fully encrypted based on a passphrase that you provide and using standard strong encryption algorithms.
Using such an incremental system provides advantages even when no syncing is performed. For example, it is possible to "roll back" to a specific point in time or to revert specific changes just by deleting certain txn files. In addition, not re-writing the entire data file every time a change is made allows us to be much more efficient. We use up some of that efficiency to fully encrypt every bit of data that is stored with your file - something that no other finance app I'm aware of does.
As for including the dropbox library with Moneydance, that's really the only practical way to do the syncing. If you don't want to do syncing, you don't need to turn it on, and you can use software like Little Snitch (on the mac) to monitor apps such as Moneydance to ensure we're not making any connections to our or other's servers. In the past we did separate out the syncing into a separate plugin/extension, but it was untenable as fixes to the syncing code would get out of sync (no pun intended) with the rest of the app's code. We'd have people using recent versions of Moneydance with a very old plugin, and vice versa. Basically, it was a mess.
Moneydance (and basically all other modern apps) also include libraries to talk to any https server in the world, but separating any networking functions into an extension would be an even bigger mess and a terrible hassle for customers. Because syncing and downloading data from banks are core functions of Moneydance, it is reasonable that we'd include libraries that make it easier to talk to those services.
I'd recommend using software (such as Little Snitch) that can monitor and limit network connections for any app. If you monitor Moneydance in such a way I think you'll find that we make no unexpected connections and share none of your information. To be clear, there are some third party extensions (paypal importer, and import list) that use a google analytics library to track how often the extension is loaded or used. We don't do that with any of the first-party or open source moneydance extensions, and I believe it is clearly labeled on the blurb for those extensions.
To be honest, we don't want your information anywhere near our servers or any other computer that we control. It would be a huge liability and we'd rather just sell you the software. I really don't understand why so many other financial software providers are only too happy to upload even your online banking login and password to their own or third party services. That seems insane to me.
In other words, I agree with your vigilant approach and can assure you that we take extreme care to preserve your privacy with the information you entrust to Moneydance.
I am also looking to leave Quicken and love all that I have read and researched about this software.
However, security and privacy are of top concerns, especially when looking at putting my personal banking info at risk.
After a lot of searching here, I finally found this thread. I HIGHLY suggest you advertise this fact. In fact you should have some sort of FAQ, and the first Q/A should be about the safety and security of my data.
Thanks and I am going to try it out. Without finding this answer about the data being stored locally and safe, I would never had tried this software.
Also agree that the security and privacy features of MD should be highlighted and featured in blazing neon. I've been searching forever for financial/budgeting software that didn't involve always online cloud subscriptions, or Quicken and the usual commercial wannabe versions of Quicken that are out there.