aburka 🫣all security people forever: never enter your password on a different site
services nowadays: give your bank password to this sketchy third-party data harvesting company to enable payments
so the service I'm posting about (#Yardi) has a secret override where it says "you only have 3 attempts to add a bank account!!" but what it really means is if you try 3 times (but just cancel without logging in to a bank) then it stops trying to get you to use the sketchy third-party data harvesting company and lets you use the normal routing number + test deposit method
there should be a company like Privacy but instead of virtual credit cards it would let you generate virtual checking account numbers, and then set monthly withdrawal limits etc
apparently you can sorta use cashapp for this, but not in an automated way https://www.reddit.com/r/personalfinance/comments/z3fsjf/comment/ixlz6ie/
d@nny disc@ mc²@aburka a classic of the genre
jiub 
@aburka when i first encountered plaid, i was like "oh ok, it must use some sort of an oauth type thing to do an api call to the banks it supports to get some limited info"
was i ever wrong that it actually does a mitm attack on your bank with the actual login info. fucking clown shit
and they don't delete that info either, made the mistake of using it once, then like a year later my bank listed a login from an aws ip. i contacted the aws abuse email and the login was from plaid, no idea what the fuck they were doing tho. immediately changed my password after that
it's unfortunately common to require using these services when getting an apartment now, so that's good info that you can bypass it by failing to login three times
was i ever wrong that it actually does a mitm attack on your bank with the actual login info. fucking clown shit
and they don't delete that info either, made the mistake of using it once, then like a year later my bank listed a login from an aws ip. i contacted the aws abuse email and the login was from plaid, no idea what the fuck they were doing tho. immediately changed my password after that
it's unfortunately common to require using these services when getting an apartment now, so that's good info that you can bypass it by failing to login three times
@jiub Even still it blows my mind that mitm-as-a-service is a real segment of the industry and it's accepted by most people
@aburka exactly! i assumed that these banks worth hundreds of billions of dollars wouldn't like their customers giving out their passwords to random companies scraping their site
and i can't blame users for using these services, they're kind of forced to and aren't explained the implications of how it works
and i can't blame users for using these services, they're kind of forced to and aren't explained the implications of how it works
bazkie 👩🏼💻 bitplanes 🎵