[Feature request] Associate bank accounts to users #1317
Comments
|
Hi, thanks for opening this discussion. I understand how having bank accounts listed in ihatemoney could be useful, thanks for proposing it. My main concern on this is related to security: these information can be useful for potential attackers, and would increase the interest of the data we have. In practice, would that be a problem for other folks? |
|
That's a nice thought! I'd ask the following 2 questions: a) Does stealing the Bank Account ID can lead to any security incidents or actual issues? On their own Account IDs are not enough to withdraw money or log into any account - at least in Europe, not sure about other parts of the world. b) After a breach, can this data be used against the user for things like phishing, etc? At least that's my 2cents. And of course it's not a necessary feature to use in case someone is concerned about leaks. |
|
Thanks for the follow-up questions.
I believe it is, yes. DoxingCollecting data on people in order to better impersonate them is called doxing. It is a thing for sure. From the same wikipedia article:
So, the question is not really if it is a thing, but how could we prevent it, and how should we make the people aware this exists. As it is right now, the current data contained in ihatemoney is not very sensitive, you have names, and of course you have the list of bills. It is indeed already something. Direct debitIt seems totally possible to use this data to for instance setup a direct debit for a subscription service. It seems used in the wild, and as such it is also a thing. So the question isn't really if this is a problem, I believe it is clear that it could be one, but how should we handle this. I'm thinking about different ways this can be circumvented:
I'm curious about the inputs of other folks, especially @zorun, on the matter. |
|
Hi! (Long time, no see!) It's not very clear for GDPR if IBAN is a personal identifying data, but this site says so: https://www2.deloitte.com/fr/fr/pages/risque-compliance-et-controle-interne/articles/livre-blanc-gdpr.html I wasn't able to find any other valuable resources :( ihatemony is currently storing 2 kind of informations:
Users are free to export and remove any data at any time, so there's no worry for this. However, as @almet said, data is not encrypted, so any data exfiltration can be an issue. I would advise not to store those kind of informations. |
You're correct and I agree that it's an extra "attack vector" that an attacker can use if the server gets pwned or the password gets leaked/bruted. However... I know it's not a professional point of view, but I can't see how an IBAN (eg, a Revolut ID) can be used for shaming. If it's about being a link in a chain (so someone can link together maybe a shaming purchase with your ihatemoney details), that's correct. Still, practically everything can be a link between doxable items, especially PRIVATE purchases and "debts" you owe to your friends.
I disagree with this because ihatemoney lets you input anything to the bill and users can easily input sensitive data there. Not to mention using the full name as a nickname, which is also sensitive. One can even LINK full photos of bills too... Sensitive data can be there as well, eg. tax numbers etc.
I only know my example, but isn't it common in the world (I honestly don't know) to use SMS or a Bank application to first approve the transaction? I thought it was the default. I know for sure I wouldn't be able to subscribe anywhere without 2FA. Also, Don't take my word for granted, but - at least in EU - I think it's a must for banks to use 2fa: Round 2 about direct debit. I'll just leave my previous message, but I just read about the topic and found this: eg. I just found this: "A direct debit instruction must in all cases be supported by some sort of authorization for the payee to collect funds from the payer's account. There are generally two methods to set up the authorization:
I understand that cryptography would improve security a littlebit, but I think there are 2 cases again: a) Password gets leaked/brutforced/somehow-hacked b) Server gets hacked Not to mention that the admin PW is stored in plaintext, so in case of a server attack, one can just simply use the admin password... (If it's enabled) So, in my opinion, the case of protecting ihatemoney on a hacked server is bleeding from way too many wounds, but I do agree on the thing that encryption is not going to make things worse :)
Adding a regular "user comment" could be a nice "bypass" around the problem, because this way ihatemoney won't advise people to put private things in there, however, the frontend could simply warn you explicitly NOT TO PUT anything private, because it's stored in an unsafe way on the server. (Ps.: I do understand that implementing a comment feature instead is just a workaround and taking off liability from ihatemoney's shoulders) |
|
I just read the issue about the encryption topic, and I agree with it. Not sure if it's really like that, but I feel like ihatemoney and its own hosted version is a nice demo, but obviously I wouldn't put all my sensitive data in there. As long as it's a self-hosted version, encryption isn't adding too much security if it adds anything at all. |
It'd be really great if we could add bank account numbers or Revolut IDs or any similar things to users, so if someone wants to pay, it's easier to copy the ID from the "profile" and simply transfer the money :)
Just to clarify, I don't think any special new thing, like a new profile or similar. Instead an extra field is perfectly enough for the participant, where you can specify various Bank account related information that would also show up somehow on the UI.
So it's hopefully a small feature-ish with hardly any great impact, and also extremely useful :)
(Ps.: The software is really great, thank you very much for maintaining it! I'll do my part by translating it to my language)
The text was updated successfully, but these errors were encountered: