Discussion in 'privacy general' started by TheWindBringeth, Feb 26, 2013.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    Yodlee (http://www.yodlee.com) has been around awhile but it has recently come to a bank near me so to speak. This bank added some "features" and I had an opportunity to glance at some things while checking out a Firefox install (Adblock Plus Blockable Items window up, Web Console up, Wireshark running). I initially didn't see any requests going to Yodlee, but every page at this financial institution had numerous things that were blocked by the Firefox config and it is possible that I would have if running a less secure config. The "fun" started when I went into the new section of the banking site and saw tools related to linking external accounts, getting breakdowns of expenses, etc, etc. That section uses flash and click-to-play was enabled so I didn't see much content. I didn't want to trigger any more data passing than what might have all ready happened so I got out of there immediately. I didn't notice any references to Yodlee on the visible elements of that page. What alerted me to the situation was the (reverse) DNS info displayed by Wireshark showing one or more Yodlee servers mapped to hostnames within the bank's domain. FWIW, the owner of the account didn't recall receiving any privacy policy updates or notices actively informing them of this (presumably new, but possibly not) relationship with Yodlee.

    It appears to me that Yodlee offers at least two classes of service. One appears to be a direct to consumer service where people can create a Yodlee account, link various types of external financial accounts to that Yodlee account, and then manage/review their finances, transactions, etc from Yodlee's site. The other class of service appears aimed at financial institutions, allowing them to provide Yodlee account like functionality via their own site and providing some other services. It appears to me that Yodlee's system is cloud based and thus the features, when accessed via Yodlee.com or a financial institution's site, result in sensitive information passing to/through Yodlee.

    A quick search turned up one late 2010 article that draws some attention to the privacy implications...

    Think Google knows your secrets? Meet Yodlee

    Which reinforced my immediate concern that a wide range of financial institutions might be using... sharing sensitive financial information with... Yodlee even when consumers don't knowingly and explicitly choose to opt-in to it.

    So for anyone who, like me, has not been paying much attention to this company and the expansion of such relationships... wake up time.
  2. Carver

    Carver Registered Member

    Feb 5, 2006
    I learned about Yodlee from this website http://onecentatatime.com/which-interest-checking-accounts-are-best/ when I got rid of Bank of America. I also learned that Mint dot com makes it's money through the ad's on it's software getting you to switch from what you have to what ever product their pushing. I share your concern in releasing sensitive financial information to other people over the web. It is necessary to have financial software on your computer to help keep track of your financial dealings
Thread Status:
Not open for further replies.