Wednesday, July 20, 2011

Absolutely terrible, terrible TOS

I really loved Mint.com for a while because it helped me keep track of my finances. Eventually I had to turn away, mostly because it would never update. It's supposed to send you updates when your account balance is low, but it only updates your accounts when you are logged in....so kinda useless. In addition to that, it either takes 10+ minutes to update (no exaggerating) or it won't update at all and give you a vauge error message.

....anyway, I'd pretty much given up on finding an online service, especially one that syncs with your bank, until I found MonkeyPeanuts on AlternativeTo. It looked very promising:
It's free and anyone can join
Supports all major US banks and credit cards
...
Directly connects to your bank
...
Extensive use of AES encryption
Bank credentials are never stored online

Sounds awesome, right? Of course, it does handle my banking info and whatnot so I try to look into it a bit further, and I happened to run across their terms of use.

We've done our best to make this site as safe, secure, and reliable as possible.
While we strive to provide you with a safe, secure, and reliable service, we do not and cannot guarantee the safety or security of any information or data that you hand over to us.
By signing up and logging in, you've agreed to release us of any liablities that may result from the usage of, or is somehow related to the usage of our service, MonkeyPeanuts.com.
If this is unacceptable to you, please immediately delete any accounts you've registered with us and clear your browser cookies.
Thank you for your consideration, and we hope you enjoy MonkeyPeanuts.com.

Never mind the fact that they spelled "liabilities" wrong or that they use the term "hand over to us"...they start off by saying "safe" and "secure",  then they go into saying that they cannot guarantee the "safety" or "security." They're saying that they tried to do something, but they can't guarantee that they did it.

In order to compare this, I tried to read through Mint.com's TOS, and while it's written in legalese, I never see any part in it that says "You can sign up with us, but we don't promise that your data is secure or that we won't just sell it off or use it ourselves."

Social networking sites get in enough crap for leaking things like e-mail addresses and passwords. Imagine if they leaked your bank information. There's no question about it, sites that have to do with money HAVE to guarantee your safety. This is not leaking your Farmville information, this is leaking your identity, and while it's true that they can't truly promise safety because you never expect a security flaw, they at least have to take responsibility for it. They have to guarantee that your data is safe, knowing that if somehow their security is compromised, they're going to held responsible. Otherwise, what makes the user want to join? Obviously the developers don't care much about security because they don't have to care much about security: they told us that straight out!

Maybe it's just poor phrasing, but this put off so many bells and whistles. I was really stoked by the screenshots and the features listed, but with those Terms Of Service, I'm not even going to register an account to try it out.
-Bry

4 comments:

  1. Regarding Mint's TOS, its the same thing, but if legalese makes you feel secure than plain English, more power to you.

    Thanks for noticing the typo on liabilities :D


    https://www.mint.com/privacy/terms/#a-13

    INTUIT MAKES NO REPRESENTATIONS, WARRANTIES OR GUARANTEES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, RELIABILITY OR COMPLETENESS OF THE CONTENT ON MINT.COM OR OF THE SERVICE (WHETHER OR NOT SPONSORED), AND EXPRESSLY DISCLAIMS ANY WARRANTIES OF NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE. INTUIT MAKES NO REPRESENTATION, WARRANTY OR GUARANTEE THAT THE CONTENT THAT MAY BE AVAILABLE THROUGH THE SERVICE IS FREE OF INFECTION FROM ANY VIRUSES OR OTHER CODE OR COMPUTER PROGRAMMING ROUTINES THAT CONTAIN CONTAMINATING OR DESTRUCTIVE PROPERTIES OR THAT ARE INTENDED TO DAMAGE, SURREPTITOUSLY INTERCEPT OR EXPROPRIATE ANY SYSTEM, DATA OR PERSONAL INFORMATION.

    ReplyDelete
  2. Fair enough, W. I suppose what scares me even more is that I can't seem to find any record of anyone using MonkeyPeanuts.

    ReplyDelete
  3. That's what scares me the most. I don't care about the ToS, they are just covering their asses if they accidentally get hacked. They are honest and up front stating that NOBODY can fully guarantee your information. Which is true. They at least do not try to beat around the bush. The scary thing is that as you said, I can't find anyone that actually uses MonkeyPeanuts to ask how they feel about it.

    ReplyDelete
  4. If it makes you feel any better, MonkeyPeanuts.com is my site. I'm the developers, founder, etc. I can answer any questions for you.

    ReplyDelete