Any interest in a "import from bank website" command?

Wed Dec 12 22:02:09 EST 2007

Totally fair concerns.  I'll take each in turn:

- As for the certificates, yes, I forgot to add the context that was part of
my initial discussion on the gnucash-devel list: it's still very early and
the final certificate hasn't yet been worked out.  But I agree, that's not a
huge confidence builder, so perhaps it was premature to let people at it.

- As for phishing, you're completely right: I've got a challenge ahead of me
to prove it's not a scam.  Other than being transparent about who I am
(David Barrett, 846 Bush St #15, San Francisco, CA 94108, 801.860.0540), I
think the best way is to show I've got "enough to lose" to honor my word.
This is just one piece of a bigger system, so hopefully as I release other
components I'll cross this nebulous line-of-trust in the near future.

- As for the fundamental issue of "can any gateway be trusted?" I realize
that this list is probably more skeptical than most on this point.  However,
I initially came to consider adding it to GnuCash when I noticed that other
software -- like MS Money -- supports a gateway like this out of the box.
Likewise, there are other web services (eg, mint.com) which provide
interesting financial gateway services that are very popular.  So I know
that *some* people like these features in other contexts; the question is if
there are enough of these people in the GnuCash userbase to warrant the
creation of the feature in this context.

- And finally, though I haven't heard any confusion on this point but I
realize I didn't spell it out in my original email: this feature differs
from the existing OFXDirectConnect/AqBanking feature in that it's much
simpler to set up (just your regular bank domain/username/password),
requires no premium banking accounts, and focuses exclusively on the task of
downloading transaction histories.  Thus if you just want to quickly import
or update your transaction history with minimal fuss, use this, but use
OFXDirectConnect for more powerful online banking scenarios.

Thanks for all the feedback.  With the above clarifications, and assuming I
can over time earn your trust, are there users on this list who would be
interesting in using this feature?

Basically, is the existing online banking featureset of GnuCash entirely
adequate for existing users, or is there interest in a more trimmed down,
streamlined transaction history import function?

-david

> -----Original Message-----
> From: Greg Troxel [mailto:gdt at ir.bbn.com]
> Sent: Wednesday, December 12, 2007 5:11 PM
> To: David Barrett
> Cc: gnucash-user at gnucash.org
> Subject: Re: Any interest in a "import from bank website" command?
> 
>   To see what I mean, I've got a basic web-based interface up at:
> 
>           http://expensify.com
> 
>   The importer would simply provide an interface to this via a new "File
> ::
>   Import" command.
> 
>   If I build this, will you use it?
> 
> At this point, I'd say the burden is on you to prove you aren't a
> phisher.  I don't think that's the case, but that sure seems to have a
> non-trivial likelihood.
> 
> If not, then I'd still have to question your judgement about security
> and wonder if you're making reasonable decisions in the code --- asking
> people to enter banking data on your website is simply beyond crazy.
> Plus the SSL certificate is misconfigured.
> 
> If you'd like to offer code that others can run to do the screen
> scraping, that would probably be well received.