OpenAI is connecting ChatGPT to bank accounts via Plaid(firethering.com) |
OpenAI is connecting ChatGPT to bank accounts via Plaid(firethering.com) |
Bad actor at plaid gets access to X accounts. Then sells data? Does unauthorized transfers? Create political or religious dossier on every account?
I assume my balance would be returned if someone hacked but what if they wrote checks with signatures which is fraud and that's different. My understanding is no. Fraud doesn't return the balance.
I have my money in 3 accounts. Most I lose is 33% of my total wealth.
The alternative that illegals in the area use are gold and cash and those ladies get mugged and robbed constantly because others know they stash their valuables on their neck and under their bed.
Without a bank the options are limited. Everything is online. Swiss accounts are toast. Crypto has similar problems as gold. Storage and protection is complicated.
I'm inclined to build an LLC type asset and insure the liquidity or something.
All my info can be purchased or captured through my phone or mail and that is enough info to write a check or take out a loan of $50k in my name.
I am not sure the laws and banks protect me in the event someone successfully claims to be me. I wouldn't mind mandatory in person wet signatures for anything over $1k-5k or >5% of my account
"Leadership" today is monkey-see, monkey-do.
See also: Sign in with Google on every web site, even if you don't have a Google account; and Cloudflare interrupting your web surfing every six minutes to make sure you haven't be absorbed by the Borg.
It feels like an arms race on who’s gonna become the Microsoft of the 90s, trying to own and provide everything.
I think it will play out in the same way
For example, Coinbase requires logging in with Plaid to... setup auto-pay for their credit card statements. No way to just provide account/routing numbers the good ole way.
There's lots of issues with Plaid but one big one is that banks (e.g big ones like BofA) can lock your account due to suspicious login with Plaid.
Needless to say that it was my last stay with Airbnb.
I'm not the most privacy-focused individual, not nearly as paranoid as I could be, but Plaid's model is an OBVIOUS step too far.
Requesting full account access for anything other than maybe budgeting software should just not be legal.
Of course, you're not obligated to use Plaid but I do find the concerns around this quite strange since you're likely exposing account information already.
Also, the routing+account numbers just let them deposit/withdraw money, not snoop on all my transactions and harvest my data...
HR just sees a single savings account that I strictly use for direct deposit. They don’t see my actual savings account or my other purpose-specific checking accounts.
At least there is a process for unauthorized ACH debits. For this blatant breach of privacy, there is nothing.
Currently, there is no aligned format for sharing your bank transaction history with other financial institution of your choice. Your current bank is the one who purposely makes it hard (only allowing you to share it through the same bank login) so that you are more locked-in in their eco system.
I used to work with Plaid as a provider, and you will notice certain banks who really do not like their customers using Plaid in sharing their bank transaction history with competitors will often have unscheduled maintenance that Plaid wouldn’t work so that you as a user would find friction using someone else and stay with only using products within their ecosystem.
I think the real question is less about why are we using Plaid to share our transaction information. If we are to have an open format to share our banking transaction history, what should be that format and what would be the lock and key for it?
Instant transfer (sub-second) for free is available to everyone. (Up to a certain limit)
It's usually still persistent full access, and given that, the question of whether the user's password also leaks in the process is almost besides the point.
The result is that I attempt, at all cost to not use anything that requires plaid or their competitors since I know how that sausage is made.
Handing my finances over to a company like that is a hard no for me, I can't imagine ever doing business with someone who required it.
This is far more valuable, they can see what political affiliation you have based on your campaign donations, predict things like cheating on your wife & the impending divorce, what vices you have and they can also build shadow profiles of all the people you give and receive money from even if they don't use the product.
The difference is that banking records are harder to falsify, so there’s that.
You can get a pretty good estimate just by looking at other demographic factors like age, education level, income, and zip code. Moreover, how many people actually donate to campaigns?
>predict things like cheating on your wife & the impending divorce, what vices you have and they can also build shadow profiles of all of the people you give and receive money from even if they don't use the product.
Google has all this capability for at least a decade. What concrete harms have actually materialized?
Whenever I've been forced to use Plaid, I use a throw away "free-checking" bank account that has $1 in it.
I guess birds of a feather flock together.
BUT there’s just things that nobody should be doing ever, like give it access to your production system or bank account.
I think until proven otherwise, it's fair to consider financial data public information at this point. If we want to change that, I think it'll take way more than just not granting ChatGPT access to your bank account (although it'll definitely include it).
Nothing wrong about with giving them access to your bank or savings accounts /s
The endgame I see is that it will be illegal to communicate on the internet without having a proven bank account. At least in the USA where all ID verification is settling on banks (ie, Plaid). And the banks will tolerate 10,000 false positive denials of service to avoid a single false negative and be happy about it. Plaid even more so. Human beings will have no recourse as they are private companies. This really should be a service that the states of the federal government provide. It's a dark future we're speeding towards.
I wouldn't want to share my financial data with OpenAI but for the average consumer the ship has sailed.
OpenAI is just a new-ish player.
A single web search through LLM can now pull malicious instructions from the web into LLM context, and instruct it to exfiltrate financial information. This has been done already with LLM email integrations.
I used to use copilot.money which was a nice app. Nowadays though using a GUI is fairly tedious so I’d rather use an assistant but I want mostly personal cash flow and net worth visualization, and transaction review and this isn’t going to do it I think.
I never expected to be nostalgic for those days.
Don’t use debit cards online.
Reminds me of the underpant gnomes in many ways
Collect underpants ???AI??? Profit
I guess I’m not seeing the systemic failure mode with a Plaid hook-up? The worst case is it sends a bunch of peoples’ money into the aether. That sucks for them and for OpenAI. But I’m not seeing it e.g. collapsing a bank.
But yeah, can't have a systemic failure in the grift economy.
If it needs to see transactions, just have your salary deposited there, then an automatic transfer the same day to your real account?
This exactly the same shit Zuck did with Facebook. Hell with them all.
"ChatGPT Wants Access to Your Bank Account"
As an aside, I think each permission has to be granted explicitly in Plaid so it's not just getting "root" access to do simple transactions (unless you grant it)
In retrospect, they were maybe right on the competitive part, but the data privacy impact was disastrous.
Could be wrong though, as I never considered it'd be used for payments at all.
These things already exist and happen, it's about the data getting better and not having to build tools to query it and make projections, since you can just type a query into a box even if you're not a data scientist.
Any evidence google or meta actually sells customer data like that?
There's plenty of reporting on this if you care to look it up. It "works" too. Spending more time on Meta products results in having more body issues, poor self esteem, and suicidal ideations.
But if I remember right you work for a big ad tech company and have previously gone to the mat to defend such practices, so I suspect you aren't genuinely asking.
Meta has also decided "functionality needs to be provided though we have explicit confirmation from the (Burmese) government that they're going to use it against dissidents" which has historically included imprisonment and torture, so...
Plenty of concrete harms.
Which is hopefully nothing beyond looking at transaction data without 2FA.
They're literally proxying the bank's login page just like a phishing site would, and I assume they're also selecting the "trust this computer" option so their access is more persistent. My bank does require re-2FA for larger transfers, but there's still a lot of damage I can do on a "trusted" computer without triggering another 2FA prompt.
That's a commonly propagated falsehood. Both legally (Regulation E) and practically (all large card networks require issuers to extend a zero-liability policy to debit cards), consumer protections are very similar.
The big difference is that, as you say, with a debit card you're potentially out the money for a few days, which can be unpleasant if it makes the direct debit or check for your rent bounce.
It’s not a trivial difference.
It was very irritating!
Doing re-2FA for every outbound transfer, and mentioning the consequences of entering the 2FA code out of band (e.g. "enter code 123456 to confirm transfer of x$ to y" or "press OK to confirm transfer..." in a mobile app) should be the bare minimum these days.
The Plaid listing you linked doesn’t have a batch by their name.