Plaid paid people $500 for their employer payroll logins

&gt; <a href="https:&#x2F;&#x2F;www.eff.org&#x2F;cases&#x2F;facebook-v-power-ventures" rel="nofollow">https:&#x2F;&#x2F;www.eff.org&#x2F;cases&#x2F;facebook-v-power-ventures</a><p>While it is bad and unethical to encourage sharing credentials, I really hope we don&#x27;t <i>continue</i> to criminalize intermediary services that act on the user&#x27;s behalf. User&#x27;s should be able to use whatever product and services they want. If you don&#x27;t want consumer&#x27;s to use third party tools then either improve your own tools or implement better security.<p>On the bright side it sounds like in the Power Venture&#x27;s case they did a few other things to sort of &#x27;impersonate&#x27; Facebook in order to encourage user&#x27;s to use their product. So maybe things haven&#x27;t escalated too far yet... the outcome of this &amp; Plaid will certainly be interesting.

On the consumer side I can’t imagine ever giving my bank credentials to Plaid or any other company. Super unnerving that this is even a thing, it’s like the number one rule of passwords.

So this sounds like Plaid wanted to learn how to interface with the client-facing web interface of these payroll systems. So it paid people who have their own payroll on the system for access to that individual&#x27;s login to study the user interface in order to develop a system that can interoperate with it. This sounds... not so bad?

I thought duping customers [0] to think they were entering their credentials at their bank website while they were giving them to Plaid was bad. But this is some next level malice. How are they still in business?<p>[0] <a href="https:&#x2F;&#x2F;www.ctvnews.ca&#x2F;business&#x2F;td-bank-files-lawsuit-against-plaid-accusing-it-of-trying-to-dupe-consumers-1.5145326" rel="nofollow">https:&#x2F;&#x2F;www.ctvnews.ca&#x2F;business&#x2F;td-bank-files-lawsuit-agains...</a>

I bet many banks have similar language prohibiting sharing logins, so you could make the argument that the core business of Plaid could be considered hacking under CFAA. I hope that the legitimate use of tools to do things on the Internet will be normalized before this argument is tried in court.

The fact that Plaid even exists, and that their core business will probably continue to thrive for another decade makes me almost certain that the US will lose its stranglehold on innovation soon.<p>In the US, I have to pass through so many rent seekers to move some digits over (Plaid, Stripe, and Visa&#x2F;MasterCard). Meanwhile Europe has PSD2 now and China AliPay&#x2F;WeChat Pay. Even India, which in the past 3 months has unfortunately proven dysfunctional has UPI, which is orders of magnitude better than what we have.<p>When has the US recently passed legislation or standards that fosters innovation? (this is a serious good faith question - there seems to be a lot of govt grants for stuff like basic research, but a whiff of money churns out stuff like repealing net neutrality).

It&#x27;s hard to differentiate Plaids behaviour in getting user account details from those used by Amazon Refund Scams [1].<p>Their motive may be different but their actions just help make this sort of behaviour on the vulnerable (ie. non technically&#x2F;security literate) easier to repeat by the more unscrupulous.<p>[1] <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=le71yVPh4uk" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=le71yVPh4uk</a>

But people are fine with giving Plaid their bank credentials for some reason.

&gt; this was part of a pilot program to build &quot;consumer-permissioned tools that make it easier for consumers to securely share their information digitally.&quot;<p>What a useless statement. That could mean anything.

Probably why my employers payroll system is only available internally &#x2F; via a VPN