Privacy?

RGelzer's Avatar

RGelzer

14 Feb, 2018 05:11 PM

I am shopping for new personal finance software. Quicken, as you undoubtedly know, now uses your data for whatever purposes it sees fit and there is no opt-out for reselling personal data.

Does Moneydance forswear data-mining and otherwise "repurposing" customer-entered data?

Regards,

RDGelzer

  1. 1 Posted by dwg on 14 Feb, 2018 08:03 PM

    dwg's Avatar

    I am a fellow user

    By default all of your data is held locally on your own computer, even if you choose to syncronize with other machines or a mobile device, where your data must be passed through a server or dropbox your data is encrypted and only you have the password,

    None of your data is ever held on a system owned by The Infinite Kind (the creator of Moneydance) or on a system they have access to.

  2. Support Staff 2 Posted by Tom Freeman on 14 Feb, 2018 11:18 PM

    Tom Freeman's Avatar

    What DWG says is correct. Moneydance is purposely programmed to keep all your data localized to your own system.

    Tom Freeman
    Infinite Kind Support

  3. 3 Posted by Julien on 25 Feb, 2018 04:15 PM

    Julien's Avatar

    I have some residual doubts about the fact that Moneydance keeps all data localized to the user own system ...

    As testing your software, I see the existence of some file named:
    "<user>/.moneydance/Documents/<account>/safe/tiksync/out/<year><month><day><hour><minute><second>_xxx.txn-tmp".
    This file was created automatically, without that I was informed about it.
    This seems designed for synchronization.

    Furthermore, in the software folders is the file named:
    "Moneydance/jars/dropbox-core-sdk-3.0.3.jar"

    I believe that any synchronization features should be added on a voluntary basis by the user, typically by downloading a synchronization plugin.
    By default, the software should be unable of performing any synchronization.

    As described in other messages, TXN files in some folders are designed to sync data. As I cannot see a server component, I assume this synchronization is done through Infinite Kind's server(s) or thir-party servers (Dropbox?, Amazon S3?, ...).

    I assume you have some Cloud projects or Big data ones (if not already done).

    I have no problem purchasing good software, even if more expensive than MoneyDance is, as long as it is fully standalone without privacy risks.

    Sorry being so suspicious, but I have not been fully reassured by the answers of the team on the forum, especially since users are discouraged deleting the TXN files.

    Users need to know exactly what is done with their data, where they are stored and which data transfers are possibly done behind the scenes.

    Thank you.

    Related threads:

    http://help.infinitekind.com/discussions/general-questions/18790-txn-files-in-data-set-and-user-control-of-data

    http://help.infinitekind.com/discussions/general-questions/18786-should-i-upgrade-to-2015-please-tell-me-the-truth#comment_36577558

  4. 4 Posted by derekkent23 on 25 Feb, 2018 05:04 PM

    derekkent23's Avatar

    I am not support staff, just a user.

    The only time Moneydance uses the cloud, say Dropbox is if you elect to sync your data to another computer or a mobile device say a phone. Their the files you are seeing, they are created even if you don't sync in case you elect to at a later date. When Moneydance uses Dropbox, it is automatically uses end to end symmetric AES256 encryption. As used by governments and banks for example. Keys (syncing encryption passphrase) are not held in the cloud, only on your devices. Moneydance never sends data to their server, they don’t have the encryption key. If Dropbox was to be hacked, hackers would only get an encrypted set of files.
    If you don’t use syncing your data never leaves your hard drive. If you set a password on your data file your data on your hard drive is encrypted. Don’t forget this password as Moneydance will not be able to retrieve this password.
    Also take a look at this article https://infinitekind.com/blog/online-banking-privacy-security
    Support should be able to tell you more.

    Hope this helps.

  5. 5 Posted by r.gelzer on 25 Feb, 2018 05:07 PM

    r.gelzer's Avatar

    I'm eagerly looking forward to a response to Julien's observation regarding apparent synch functions.
    RDGelzer 

    Sent from my Verizon, Samsung Galaxy smartphone
    -------- Original message --------From: Julien <[email blocked]> Date: 2/25/18 11:16 AM (GMT-05:00) To: [email blocked] Subject: Re: Privacy? [Switching to Moneydance #8167]

  6. 6 Posted by dwg on 25 Feb, 2018 09:36 PM

    dwg's Avatar

    I'm a fellow user.

    I'm not convinced I'll be able to satisfy you but will give it a shot.

    The Moneydance data structures have been designed so that synchronizing of data can be achieved. If you are thinking there should be two separate structures - one designed for people who make use of the feature and one for those that do not I think that is an realistic expectation. A structure that is designed to facilitate to feature will work quite happily if you do not use the function, but alas not the other way around.

    Moneydance has a core data file then the .TXN files you see, periodically these files are rolled into the main data file FWIW, What happens is that Moneydance reads the trunk file then reads the TXN files for newer data, these TXN just contain one or more transactions, so it is working somewhat like a journaling system. When you add transaction the software writes out TXN files

    In day to day operations when syncing data it is these TXN files that are copied between systems.

    Moneydance uses a drop and pick up technique to replicate the data. The primary requirement is to have some sort of shared location that can be used for the central location to make this work.

    There are three possibilities.

    Shared folder is one where you must have a location you can see from your machine, some sort of file share generally. This type of approach is geared towards say a LAN that all machines are connected to when using Moneydance. Clearly this is an environment you have to create to work.

    Dropbox folder is the next. You have to install the Dropbox client for this to work.

    The third is Dropbox connection. for this to work you have to provide a dropbox Username/password to access it.

    In all three cases you have to configure the system for it to begin the replication process, you have to select the method that is being used as part of the setup process.

    A Plug in for synchronization I do not see as viable. It is operating here at the basic level of data file handling and that is not a level I see a plugin operating at. I see plug-ins adding features and functionality at a much higher level. The capability of Synchronization I see as being a core part of the software functionality - even though I do not personally use it - and therefore part of the basic software.

  7. Support Staff 7 Posted by Tom Freeman on 26 Feb, 2018 05:39 PM

    Tom Freeman's Avatar

    I am passing this on to the developers. They can better explain the coding that I.

    Tom Freeman
    Infinite Kind Support

  8. Support Staff 8 Posted by Sean Reilly on 26 Feb, 2018 07:59 PM

    Sean Reilly's Avatar

    Hello,

    Pretty much everybody posting to this thread so far has been correct or has raised excellent questions. I seriously appreciate everyone's attention to privacy and can assure you that TIK is absolutely committed to maintaining customer privacy.

    The files under the "tiksync" folder are built using our own incremental storage system in which all changes are logged to encrypted files. Those would be the *.txn and *.mdtxn files. This was designed to be compatible with syncing, and especially with end-to-end encrypted syncing that can use any folder/file system, whether local or remote, for performing syncing. So customers can use any file storage mechanism (dropbox, box.net, SMB, afp, sftp, etc) and not have to rely on that storage system's encryption. Any synced files are fully encrypted based on a passphrase that you provide and using standard strong encryption algorithms.

    Using such an incremental system provides advantages even when no syncing is performed. For example, it is possible to "roll back" to a specific point in time or to revert specific changes just by deleting certain txn files. In addition, not re-writing the entire data file every time a change is made allows us to be much more efficient. We use up some of that efficiency to fully encrypt every bit of data that is stored with your file - something that no other finance app I'm aware of does.

    As for including the dropbox library with Moneydance, that's really the only practical way to do the syncing. If you don't want to do syncing, you don't need to turn it on, and you can use software like Little Snitch (on the mac) to monitor apps such as Moneydance to ensure we're not making any connections to our or other's servers. In the past we did separate out the syncing into a separate plugin/extension, but it was untenable as fixes to the syncing code would get out of sync (no pun intended) with the rest of the app's code. We'd have people using recent versions of Moneydance with a very old plugin, and vice versa. Basically, it was a mess.

    Moneydance (and basically all other modern apps) also include libraries to talk to any https server in the world, but separating any networking functions into an extension would be an even bigger mess and a terrible hassle for customers. Because syncing and downloading data from banks are core functions of Moneydance, it is reasonable that we'd include libraries that make it easier to talk to those services.

    I'd recommend using software (such as Little Snitch) that can monitor and limit network connections for any app. If you monitor Moneydance in such a way I think you'll find that we make no unexpected connections and share none of your information. To be clear, there are some third party extensions (paypal importer, and import list) that use a google analytics library to track how often the extension is loaded or used. We don't do that with any of the first-party or open source moneydance extensions, and I believe it is clearly labeled on the blurb for those extensions.

    To be honest, we don't want your information anywhere near our servers or any other computer that we control. It would be a huge liability and we'd rather just sell you the software. I really don't understand why so many other financial software providers are only too happy to upload even your online banking login and password to their own or third party services. That seems insane to me.

    In other words, I agree with your vigilant approach and can assure you that we take extreme care to preserve your privacy with the information you entrust to Moneydance.

    Thanks,

    Sean Reilly
    Developer, The Infinite Kind
    http://infinitekind.com

  9. 9 Posted by Julien on 26 Feb, 2018 09:17 PM

    Julien's Avatar

    Thank you to all of you for your messages and the very useful explanations.

    I'm very thankful to Sean for the very clear explanation he brought.
    I was delighted reading Sean's reassuring answer.

  10. 10 Posted by paul on 18 May, 2018 12:27 AM

    paul's Avatar

    I am also looking to leave Quicken and love all that I have read and researched about this software.

    However, security and privacy are of top concerns, especially when looking at putting my personal banking info at risk.

    After a lot of searching here, I finally found this thread. I HIGHLY suggest you advertise this fact. In fact you should have some sort of FAQ, and the first Q/A should be about the safety and security of my data.

    Thanks and I am going to try it out. Without finding this answer about the data being stored locally and safe, I would never had tried this software.

    Thanks,
    Paul

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

20 May, 2018 03:52 AM
20 May, 2018 01:58 AM
20 May, 2018 01:13 AM
20 May, 2018 12:45 AM
20 May, 2018 12:15 AM