Hacker News new | past | comments | ask | show | jobs | submit | rubyfan's comments login

_2 can be as bad as _1

They might argue they provide Safari for free and as part of their business model earn a fee for referring users to the preferred search engine vs something substandard. This is a very common business model on just about every web publisher today.

I am pretty sure that if Apple lawyers to present this argument. Then DOJ will find it a gift when they file a monopoly case around apple monopolistic position and restrictions of non-Safari/Webkit based browsers (probably app store too). Because this will make it harder for Apple to present the case about security or privacy of the users if they just said before in a court that they do this as part of their business model to earn money.

Defaulting the search to Google in Safari in no way impairs the users ability to choose an alternative search engine. Apple have always left the search setting changeable, for a long time have allowed 3rd party browsers and have allowed other browsers to be the default system browser. This is hardly a monopoly and it’s no secret that Google is paying them gobs of money to be the default. It’s a separate issue from their appstore business entirely where security and privacy are legitimate arguments for the control they exert on that business.

"3rd party" browsers on iOS are just safari/webkit. They do not allow browsers that don't use safari/webkit.

Nothing is stopping those Google users from installing Chrome.

The DoJ is forcing Google to sell Chrome, so that won’t necessarily use Google search either.

Sure maybe, but that depends the DOJ’s actions. Also depends on the buyer, the search engine alternatives, whether DOJ allow Google to pay to be the default, etc.

> But nevertheless the laws are structured so that everyone realistically must buy a car, whether they want to or not.

Do you mean lack of government subsidies supporting better public transportation? Or something else?


The car industry has been lobbying congress and locales for 50+ years. Laws like jaywalking were at the behest of car companies, and that alone makes walking legally very difficult in nearly any area with a downtown.

The lack of subsidies certainly don't help. Neither does the insatiable appetite for new cars.


Do you know anyone who has ever been cited for jaywalking?


If it was a business model then people would charge, but it’s not a business model it’s an ideal that leads to a common good.

There are parallels to funding education and scholarship programs in public universities. Corporations often rely on human resources around office locations and they spend in order to ensure a steady flow of talent development. Funding open source is not that different of an issue. One challenge here is IT/Tech departments are often cost centers that are strictly budget controlled and it’s harder to make a case for non-essential costs like funding open source.


I don’t code for a living anymore so this looks fun.


What do you do then?


Insurance


For us normies, IMU = Inertial measurement unit

https://en.m.wikipedia.org/wiki/Inertial_measurement_unit


I wish we could stop looking for someone to blame or complain about and start looking for solutions. I think that’s the spirit of volunteering here.


Part of looking for solutions requires root cause analysis. Which can be "blameless" but there is at some point a need to figure out where the holes are in a system to be able to patch them. Otherwise people will never know if they're paying for a problem to occur (taxes) and then paying to help fix them too (donations + volunteering)!


Now, this is a good point! I'm actually willing to pay taxes to ensure they are used for the common good. My offspring no longer is school age, but i am STILL willing to pay taxes that pay for elementary school, and such...Because it helps society and the common good in so many ways. But, i think we have to have discussions when those infra.-level things are not providing the benefits because those in power keep making awful decisions...and the next steps don't involve removing said efforts, but rather improving them, bettering their implementations, etc...and that can start with a post-mortem, or RCA, even a simple 5 Whys, whatever it takes to help society stay safe, improve well-being for all, give societal particiapnts a chance at propserity, etc. :-)


I was lamenting the state of society, that's all. I think any volunteers - regardless of area - are true champions. But, i was simplky casting shade to those in power for their failings, and allowing things to trickle to what i believe is a sad state of affairs. I'm just some rando on the web yelling at (the men who "created") the clouds. ;-)


> Yotta marketed itself as a "bank" where every time you deposited to savings you would get a free lotto ticket for the month based on how much you deposited.

The archive link shows something a little more nuanced than Yotta presenting as a bank.

The archive link in gp has a hero text that says “banking” and then a few lines down says: Yotta is a financial technology company, not a bank. Banking services provided by Evolve Bank & Trust and Thread Bank; Members FDIC.”

If I’m reading this as a consumer I’m thinking my money is protected but this Yotta thing is a lottery incentive to put deposits into those banks, maybe some loyalty incentive or marketing scheme on top of it?

Lesson learned, don't trust “not a bank” to deposit your money into the bank for you.


Should I be suspicious that Wealthfront Cash accounts will fail as well?

What about Fidelity Cash Management Accounts?

>Wealthfront isn’t a bank, but we work with partner banks to get you an industry-leading APY, the security of FDIC insurance, and a full array of fee-free, no-strings-attached checking features — all wrapped up into one label-defying package we call a Cash Account.

https://www.wealthfront.com/cash

>The Fidelity Cash Management Account is not a bank account. It is a brokerage account that allows you to spend, save, and invest. The account offers competitive rates as well as spending and money movement features including a free debit card, checkwriting, Bill Pay, and more.

https://www.fidelity.com/spend-save/fidelity-cash-management...


Just casually reading r/fidelity on Reddit (which is a subreddit run by Fidelity) would make me run fast and far from using their cash management account for anything. Widespread check fraud has caused Fidelity to be extremely cautious -- read slow -- in giving people access to checks they deposit into their CMAs. I'm not saying this is a bad thing, at least Fidelity is being cautious about taking care of their customers' money, but it's created a good deal of pain and anger for people who are depending on Fidelity for everyday banking-style transactions. I'll invest with Fidelity, but I prefer to keep my everyday money in a traditional bank or credit union.


if you have investments at fidelity you can just use the brokerage account as cash management. the brokerage account can access funds using a debit card and ACH just fine; I do still recommend opening a CMA for ATM fee reimbursements though.

none of these funds availability problems can happen if you have margin enabled; note that you won't pay any margin interest either as funds on hold are tradable immediately.


These could have similar issues with gaps in FDIC protections due to money is being “managed” by intermediaries or because of the type of account. Their fine print discloses as much.

As a sibling comment points out, Fidelity is seemingly a reputable enterprise with other business that would be adversely effected by poor management of this product and the reputation harm that would come with it.

Among other features Wealthfront are trying to manage around the $250K FDIC limit for you by moving your money into multiple insured accounts - this is probably a new area with not enough regulation.


Any comment on what issues there are with paying somebody to open accounts for you with, I assume- a power of attorney allowing them to do explicitly that?

At that point the only thing at risk is fraudulent use of said POA, and whatever funds are held outside of actual accounts.


> At that point the only thing at risk is fraudulent use of said POA, and whatever funds are held outside of actual accounts

Which exactly the reason why the FDIC didn't intervene in the article: the Fintech startup didn't deposit the unaccounted(!) millions of customer funds into FDIC-insured accounts. The law should be tightened up to prohibit claims of FDIC protection without meeting the reporting and deposit process requirements.


The two scenarios: 1) handing a business your life savings to manage, a 2) authorizing a company to manage your finances so they're in FDIC insured accounts

Are completely different. There's no laws to update, and the FDIC isn't skittering out of paying on a technicality.

And, frankly, if anybody reading this is looking at option #2- do yourself a favor and get an accountant and a wealth manager that both have fiduciary duties. Might as well find a lawyer as well.


Fidelity is very regulated, and large. If something happened it would be a systemic event that the government would definitely get involved. Wealthfront may be fine too, I just don't know.


To put it differently, Yotta’s customer’s misfortunes are because they are poor and not politically connected. If Fidelity fails, their customers are rich and they vote: they must be made whole.

Kind of like the SVB failure. SVB customers were made whole. Systematic risk and all that.


Fidelity’s brokerage business would be covered by SIPC, which would include its cash management accounts. They also likely sweep cash out to FDIC-insured accounts. More importantly though, Fidelity is large enough that you’re unlikely to need that insurance, and that’s really how I’d prefer to approach this.

Yeah we can look at 2008 and say no institution is safe, but if there’s risk everywhere, I’ve just got to try and minimize that as best I can. Fidelity didn’t give me any sort of scare that year fwiw. Disclosure: I’ve been using Fidelity for basically all of my money for most of my career now, including cash management.


Over and over we've seen the same financial scam play out:

a) company starts up that explicitly avoids being a bank

b) company does something where some amount of money is placed in FDIC-insured banks, and it TRUMPETS on its website: "FDIC INSURED" over and over

c) consumers are misled into thinking their money is safe

d) regulators do not act

e) consumers lose all their money

f) profit (for a very specific set of individuals)

The company can even fake up a bunch of social media accounts to tell people reassuring lies right up until the scam collapses.

These scams will continue until regulators get serious about putting people in jail for them.

https://www.reddit.com/r/yotta/comments/1ctf25r/is_our_money...


Is this a job for regulators or just criminal prosecution? Sounds like step (b) is either fraud or not, depending on how the trumpeting gets done.


Criminal prosecution only works on poor people.

Crimes where the individual is elected president or just gets rich don't do anything of merit.


Unfortunately, the kleptomaniacs are in charge.

Please try again in 4 years


>These scams will continue until regulators get serious about putting people in jail for them.

Which is so much more likely under turmp.


It used to be I could be sure this was sarcasm. I miss those days.


Just seeing the phrase 'financial technology company' is a red flag.


Plaid is a financial technology company and many HNers are happy to hand over their account passwords to them for storage in cleartext.


I'd still consider Plaid a red flag. ;)


Could you elaborate? Red flag because of risk due to using Plaid, what it says about the fintech or something else?


Not parent but, what about this does not scream red bloody flag to you?

    hand over their account passwords to them
Give my banking password to some other company? That's a red bloody flag right there. Stop the presses. Nobody should ever do that. Not outside of very specific use cases like a password manager and in that case there better be seventeen million levels of encryption and such in place.

    for storage in cleartext.
Did we mention the color red? On a flag? I think we did. Cleartext, eh? Who thought this was a good idea?


Storage in cleartext would indeed be a huge red flag, but Plaid says they store it encrypted and I've seen no evidence that they are wrong about that.

That still might be a red flag but not as big a red flag. Cleartext means a database leak would leaks passwords. Encrypted, if done right, would mean a database leak would not leak passwords.


Can you share a link that describes what exactly they do?

What I would expect to be table stakes is that they only ever have an encrypted version of the data on their end (like a password manager) and that the encryption key is stored on my machine or if on their side that it by itself is protected by a passphrase that I have to enter each time plaid needs to do something. If we are talking storing the clear text password somehow coz they use screen scraping to implement their features for some banks.

All I find on their site (casually looking) is marketing fluff.

Also really I would expect that they never even need my password at all and that instead they have a proper API between them and the bank(s) where I authorize specific scopes only (preferably read only scoping being available) and my password stays with me and if something bad were to ever be done with a write scoped token from Plaid it would be traceable to their token authorizing it and they would be liable. When I give them my password they basically get full monetary power of attorney and the bank would always fault me ("we can see you logged in with your user and password. We tell you to keep your password/PIN secure and to never share it. Sorry, money gone".



Relevant section for the "we do store your password" case:

    In other cases, when you link a financial institution to an app via Plaid, you provide your login credentials to us. We store those credentials and use them to collect the data to power the services you’ve chosen and, when requested, securely share it with the app you’re using and establish a secure connection that you control. We then help keep your data safe and private with best-in-class encryption protocols.
Meaning exactly nothing. "encryption protocols" may simply mean that when they log in to screen scrape your bank's online banking they do so over HTTPS.

Sorry but this has zero meaning and I maintain: Red bloody flag. If there's any actual proof out there of them doing all this in a secure way, I'm happy to have my mind changed but this is just part of said marketing fluff.


Like Synapse, this sounds like the "put all your eggs in our digital basket" style of fintech "disruption" is bound to blow up in the faces of everyone involved.


Yep, that's what I was meaning.


Square, Stripe, Cash App, Venmo, Paypal, etc...


> Banking services provided by Evolve Bank & Trust and Thread Bank; Members FDIC.”

I just don't understand why on Earth it's legal to use the term "FDIC" one sentence away from "not a bank" without there being a regulatory framework defining minimum record keeping and reporting requirements to avoid exactly this type of failure.

The European "e-money" scheme seems to be exactly the opposite: Deposits are not insured (I believe there are requirements on the stability of the depository bank), but intermediaries, i.e. "financial technology companies", have to make detailed reports about their customers' balances available on a very short time frame to avoid exactly such problems.

Ideally, there would be a combination of both (pass-through insurance against bank failure and reporting requirements to reduce the blast radius of non-bank failure).


Seems pretty run of the mill. I can’t think of a good I’ve purchased recently that was made 100% by a single source.


Another thing here is that the open solution ends up being on the top.

This is not something we usually see.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: