devinsit's comments

This is basically the main reason why I built uFincs (https://ufincs.com/) without any sort of bank integration. As a Canadian myself, the privacy implications of letting a third party like Plaid take my bank password to get my data were, indeed, rather sketchy. I've been looking forward to the day that open banking gets pushed here, so this is definitely good news that uFincs (and every other personal finance app) nmight eventually get some secure bank integrations.

Although, knowing how these things usually go, I'm sure the "2023" target is a little optimistic...

I built uFincs (https://ufincs.com) basically because I got fed up with GnuCash's UX. It only supports importing CSVs right now, but I'm open to adding other formats. It's also a web app rather than a desktop app, but you're free try it out/use it without an account (https://ufincs.com/noaccount) and all of your data will just be kept in your browser.

Thanks, glad to hear you enjoyed it!

Thank you!

Yep, that's basically how it's said.

Oh I'm well aware of the disconnect. I just disagree that there are only people who care about privacy to the degree that they have to self-host everything. I believe there's room to ride the line between being 'privacy-first' (in that we care about privacy, first and foremost) and offering convenience (i.e. providing a web app).

I'm sure my customers who signed up with ProtonMail and Fastmail addresses can attest to that fact.

And for those who do fall all the way to the self-hosting side, well, there's plenty of other options on the market! Of course, there's nothing stopping us from being one of those options, it's just not our priority at this very moment.

Firefly III (https://www.firefly-iii.org/) in particular is a pretty good self-hosted solution.

I totally understand that. And I knew, when making the decision to not do any integrations, that there's a ton of people just like you that value automating everything as much as possible.

But I also made the bet that there would be people just like me who value entering things manually. Certainly far fewer people, but hopefully still people.

In any case, I also hope that the app you described eventually gets built; certainly never hurts to have more privacy-friendly options available!

The marketing site (https://ufincs.com) uses React + NextJS + Tailwind. The app itself (https://app.ufincs.com) uses a design system that I built completely custom (with plain old Sass).

I can definitely see where you're coming from regarding the whole syncing thing. Personally, I've gotten into a habit of recording my transactions right after they happen (or at worst, at the end of the day), but somehow I get the feeling that I'm particularly crazy for doing that.

In any case, I agree that we could do better as far as showing examples/features altogether, but I figured (at least for the time being), just letting people use the app without an account (https://ufincs.com/noaccount) is as good a demo as any.

Definitely useful feedback, thanks!

Yeah, deciding to go straight-shooter with some of copy was definitely a risk, but thanks for letting me know that you appreciate it :)

And yeah, the pricing section could definitely be made clearer on that. Thanks for the feedback.

Privacy in the sense that, while the bank may own your data already, third-parties like Plaid do not. And at least up in here Canada, we're a bit weaker on the whole 'bank API' system, so it generally turns into a wonderful game of "hand over your bank account credentials".

Anyways, I definitely understand where you're coming from. Plenty of other products that do have bank integrations though, so at least of there's lots of options for you!

And thanks for the design feedback :)

Yep, I agree. If you want perfect security and a 100% trust-less solution, then uFincs certainly isn't it.

But I like to think that, at least when put in contrast with other products on the market, choosing to do these privacy/security related things is better than not.

I elaborate on this further in our security doc (https://ufincs.com/policies/security#the-catch) and the FAQ (https://ufincs.com/faq#is-a-ufincs-a-trustless-system).

Thanks for the feedback on the UI! Definitely put some time into trying to get that right.

And yep, we have plans for dedicated mobile/desktop apps for sometime this year. Android will almost certainly come before iOS though.

Absolutely none at all! uFincs is all about manual entry (although CSV import + recurring transactions makes things a bit easier).

I made a deliberate choice to not support any bank integrations for privacy reasons (although simplicity is also a big factor).

Thanks! The app itself is all React + Redux + TypeScript. Backend API is Node + Feathers + TypeScript. So certainly nothing fancy.

Hey HN! I'm excited to (officially) show off the project I've been working on (for far too long): uFincs, a privacy-first personal finance app! https://ufincs.com

Yes, it's another personal finance app. Yes, there sure are a lot of them. But when I got tired of using GnuCash a couple years ago, I figured I should try something a little different and throw my hat in the ring.

The result? No banks, no budgets, no data collecting. Just a clean UI, a privacy-first attitude, and good old double-entry accounting.

The main thing that makes us so 'privacy-first' is the fact that we do client-side encryption: all of the financial data that you enter is encrypted before it leaves your browser and hits our servers. That way, you maintain sole ownership of your data. Want more of the juicy technical details? Check out our security overview: https://ufincs.com/policies/security

If you want to skip past all of the marketing fluff, feel free to drop into using the app right away: https://ufincs.com/noaccount. Since uFincs is offline-first and a PWA, we can offer the ability to use the app completely without an account, for free! Of course, if you want to easily access your data on all your devices, that's where a paid account comes in handy :)

And if you're getting some mad déjà vu from all this, it's because I commented about uFincs a couple weeks ago: https://news.ycombinator.com/item?id=26970716

Finally, since I know some people were hesitant about the pricing, I decided to throw together a special coupon just for you guys: "HN15". It's 15% off, forever, on any of the plans, for the first 100 new sign-ups.

If you have any questions, feel free to check out out the FAQ (https://ufincs.com/faq), but I'll be here all day to respond to any comments!

The 'error', as you put it, is that the password change process (i.e. the changing of the KEK and the re-encryption of the DEK into the EDEK) all happens client-side (except for the part where we verify your old password against the hashed version in the database, for obvious reasons).

'We' have 'access' to your DEK at all times — if you define 'we' as the 'client-facing portion of the app'. All of the encryption/decryption, key management, etc happens on the client-side (i.e. in-browser). Remember, as part of signing in to the app, the EDEK is transmitted from our servers and decrypted client-side so that the client can then use that DEK to decrypt your data.

If we instead redefine 'we' to be the backend servers, database, or even myself personally, then 'we' never have access to your keys nor data.

The fact is, there's nothing special about the password change process itself. It's essentially the same as the sign-up process. Nothing is especially exposed during the password change process that isn't exposed during the sign-up process (again, the DEK is present on the client-side the moment you sign up or sign in, although the KEK is slightly more ephemeral than that).

However, I do understand the implication you're making here, and here's the darker side of it: 'we' (uFincs) could change the client-facing portion of the app to steal your DEK (or your password, or even your data) and send it off elsewhere. This is... just true of any piece of software. It just so happens that, since web apps can be arbitrarily updated, it's a lot easier for us to act maliciously if we so chose (although, at least with web apps, inspecting network requests is quite easy).

So indeed, there is an element of trust here. You trust that I (or the entity known as 'uFincs') won't change the code in such a way that the security of the app is compromised. You also have to trust that we have such security measures in place that make it harder for some third-party malicious actor to forcefully change the operation of the app.

uFincs is not a trust-less system. Unfortunately, due to the nature of web apps (or even most apps for that matter), it simply cannot be. Anytime the code can be updated (and can't be audited), there is effectively zero security (for those who are particularly security-conscious). So if your (the general 'your') financial data is so sensitive that any chance of a leak would be utterly catastrophic, then don't even think of using uFincs.

But I like to think that putting these measures in place (particularly, using client-side encryption, not connecting to banks, not using any in-app analytics beyond our own, etc) is at least a step better — in terms of security and privacy — than what most other services do. And I like to think that, even if it's not perfect, it was still worth doing. Otherwise, I wouldn't have 'wasted' 2+ years of my life building uFincs :)

Hmm, that's a good question to add to the Security doc!

Not quite. See, we make use of a scheme called envelope encryption. That means we have two separate keys: one to encrypt your data (the 'data encryption key' or DEK) and one to encrypt the DEK (the 'key encryption key' or KEK). We use the KEK to encrypt your DEK to get something called the 'EDEK' (or 'encrypted data encryption key'). The EDEK is what we store in our database.

Something that never changes after you sign up is your DEK. This is completely random and not dependent on your password.

What is dependent on your password is your KEK. So when you change your password, all that actually changes is your KEK. With your new KEK, we just re-encrypt your DEK to get a new EDEK, and we store that new EDEK in our database. Again, the Security doc (https://ufincs.com/policies/security) outlines the basic process.

So no, all your data isn't passed back to the browser to be decrypted and re-encrypted when you change your password, but thanks for the question!

Yep, I agree, it's a pretty big upcharge. That's precisely why our 'free tier' is the 'no account' option (https://ufincs.com/noaccount). I'm not kidding when I say it's the full version of uFincs; the only (real) difference is that you don't have an account to sync to. And if you make sure to never log out (or take the time to export/import your data every time), then you can basically simulate having an account. It's just a free tier of 'inconvenience' rather than 'features' or some such.

But yeah, there's definitely some pricing psychology at play there. Thanks for taking the time to leave some feedback!