
Show HN: Actual Budget, a finance app I built over the last two years - jlongster
https://actualbudget.com/
======
stephenr
> Seamlessly sync data between devices without ever thinking about it. If
> used, we only store a limited amount of your data and will encrypt it in the
> future.

Will encrypt it _in the future_? Who is trusting a finance app that stores
data in plain text on some random serve somewhere!?

~~~
ksmithbaylor
From my understanding, Actual does not maintain any servers that hold user
data. I believe this is referencing the fact that currently, data is stored
unencrypted on the device itself, but that in the future there are plans to
encrypt it at rest on your devices. More details here:
[https://actualbudget.com/syncing-devices/](https://actualbudget.com/syncing-
devices/)

~~~
stephenr
From the page you linked it’s clear to me:

> To allow sharing data across devices, we offer a service that enables
> syncing. View all available plans

> This service only tracks recent transaction history and never has full
> access to your data. Additionally, in the future it will be stored encrypted
> in a way that we can't even read it.

It’s clearly talking about the recent transactions stored on their servers.

~~~
jlongster
Yes, you are right. First of all, we're not talking about things like banking
passwords or even account numbers, only transactions that you've been charged.
But most importantly: this is completely opt-in. If you don't trust me yet,
you shouldn't use syncing until I encrypt everything end-to-end.

If you only use a single local app, all of your data is entirely local to your
device.

All other apps that host your data in the cloud have access to it, whether
it's encrypted internally or not. What encryption buys you is the case if a
hacker happens to get some of your data, they might not be able to decrypt it.
But considering that the backend of the app itself must be able to read the
data, the backend must be able to decrypt it, so a hacker could probably end
up decrypting the data anyway.

End-to-end encryption in Actual will be better than all other cloud apps: I,
even as someone with full access to the server, will not be able to read your
messages. Only your device can.

It sounds like what you're really worried about is storing banking passwords
unencrypted. We don't do anything like that at all.

~~~
stephenr
> All other apps that host your data in the cloud have access to it, whether
> it's encrypted internally or not.

> End-to-end encryption in Actual will be better than all other cloud apps: I,
> even as someone with full access to the server, will not be able to read
> your messages. Only your device can.

Claiming to be better than every single other similar thing is probably as big
a red flag as the lack of encryption.

~~~
jlongster
This is a basic architectural difference. I'm comparing apps that store your
data locally to apps that store your data in the cloud. It's a well-understood
difference that the former (with end-to-end encrypted syncing) absolutely
provides better privacy than apps that store data in the cloud that the
company can read.

------
flybayer
Nice, congrats on the launch!! I expect to switch over from YNAB once you
enable automatic bank import.

