Welcome to My Weird Prompts. I am Corn, and I am joined as always by my brother, Herman Poppleberry. We are coming to you from our home here in Jerusalem, and today we have a really interesting topic that our housemate Daniel sent over to us. He has been diving deep into automation lately, specifically using a tool called n eight n to manage his life, but he ran into a major roadblock when it comes to his own money.
It is a classic problem, Corn. Daniel is basically asking why, in the year two thousand twenty-five, it is still so incredibly difficult to actually own and access your own financial data. He is tired of downloading comma separated value files and wants real, live application programming interface access to his transactions. And honestly, it is about time we talk about this because the regulatory landscape has been shifting under our feet for the last year.
I have to be honest, Herman, when Daniel first showed me his automation workflows, I was a little bit intimidated. Being a sloth, I tend to move a bit slower than these high speed data integrations. But even I can see how annoying it is. If I want to see how much I spent on eucalyptus leaves last month, I have to log into three different apps, download files, and then try to mash them together in a spreadsheet. It feels very nineteen ninety-nine.
It is exactly nineteen ninety-nine, and that is by design. These institutions, the banks, the payment giants like PayPal and Google, they treat your transaction history like their private property. But here is the kicker, Corn. There has been a huge push to change this. Specifically, the Consumer Financial Protection Bureau, or the C F P B, has been working on something called the Section ten thirty-three rule. They actually finalized a big part of it back in October of two thousand twenty-four, and we are right in the thick of the implementation phase here in late twenty-five.
Wait, hold on. You are saying there is actually a law or a rule that says they have to give us our data? Because it definitely does not feel like that when I am trying to navigate the PayPal developer portal.
Well, that is where it gets messy. The rule is meant to jumpstart what we call open banking in the United States. It basically says that financial institutions have to make your data available to you, and to third parties you authorize, without charging you a fee and without making it a total nightmare. But as Daniel noticed, companies like PayPal and Google have a very different relationship with their data than a traditional bank might.
I mean, I can see why they would be hesitant. If I am Google or PayPal, my whole business is knowing what people buy. If I just give that away to any automation tool Daniel plugs in, am I not losing my competitive edge? Or worse, am I not putting Daniel at risk? I worry about the security side of this, Herman. If I open an A P I to my bank account, isn't that just a giant "rob me" sign for hackers?
See, I actually see it differently. Right now, most people who use these financial apps are doing something called screen scraping. That is where you give a third party app your actual username and password, and then a bot logs in as you and literally reads the screen. That is way more dangerous than a secure, permissioned A P I. An A P I allows you to say, "Hey, this specific tool can only read my transaction history, it cannot move money, and I can revoke its access in one click." It is actually much more secure than the current mess we have.
Hmm, I suppose that makes sense. But it still feels like a lot of power to hand over to a script. Daniel mentioned he is using n eight n, which is great because he hosts it himself, but most people are using cloud services. I don't know, Herman, I feel like the banks might be doing us a favor by making it a little bit difficult. It forces you to be intentional, right?
Nah, I don't think so, Corn. That sounds like an excuse for bad technology. Think about it. If you want to build a budget, you should be able to see your data in real time. You shouldn't have to wait for a monthly statement or a C S V export. The people leading the push for this are groups like the Financial Data Exchange, or F D X. They are a non-profit consortium of banks, fintechs, and consumer groups trying to set a single standard for how this data is shared.
F D X? That sounds like a shipping company.
Totally different thing. They are the ones creating the technical blueprints so that every bank doesn't have a different, broken way of sharing data. And then you have the advocacy side. Groups like the American Bankers Association are involved, though they have been a bit more cautious, often pushing back on how fast these rules are implemented. They are worried about the costs for smaller banks.
Well, I'm with the small banks on that one. If I'm a tiny credit union in the middle of nowhere, how am I supposed to build a fancy A P I for one guy who wants to automate his grocery list? It seems like we're just making the big tech companies stronger because they're the only ones who can afford to play this game.
That is one way to look at it, but the C F P B rule actually accounts for that by giving smaller institutions more time to comply. But let's look at the big players Daniel mentioned. PayPal and Google. These are massive tech companies. They have the best engineers in the world. The fact that they don't have a simple, consumer-facing A P I for your own personal transactions is a choice. It is not a technical limitation. They want to keep you inside their ecosystem.
It is frustrating. I was looking at my own Google Wallet the other day, and it is great for paying for coffee, but try to get a list of every coffee I bought in the last year into a spreadsheet? It's like pulling teeth. You have to go through Google Takeout, which takes hours to prepare a file, and then you get this giant, messy folder of data. It is the opposite of helpful.
Exactly. And that is why Daniel is so annoyed. He wants to be at the vanguard of this. He wants his money to work for him, not for the data aggregators. But before we get too deep into the weeds of the C F P B section ten thirty-three and the technical specs of O-Auth two point zero, let's take a quick break for our sponsors.
Let's take a quick break from our sponsors.
Larry: Are you tired of your neighbors looking at you? Not just looking, but perceiving you? Introducing the Larry-Co Instant Privacy Fogger. It is a backpack-mounted canister that emits a thick, opaque, lavender-scented cloud of mystery wherever you go. Perfect for grocery shopping, awkward family reunions, or just walking the dog in your pajamas. The Instant Privacy Fogger uses a proprietary blend of dry ice and concentrated social anxiety to ensure that nobody can see what you are doing, ever. Note: Do not use indoors, near open flames, or if you have a history of getting lost in your own living room. Larry-Co is not responsible for any accidental disappearances or ghostly sightings. BUY NOW!
Alright, thanks Larry. Anyway, where were we? Oh right, the fight for our financial data.
That was... something. I think I might actually need a privacy fogger for some of my bank statements. But back to the topic. You mentioned the C F P B and F D X, but who are the actual people or groups standing up and saying, "This is a right"? Because Daniel mentioned he feels like his data is being held hostage.
It really is a movement for financial democratization. One of the big players is an organization called Ozone A P I. They have been very active in the United Kingdom and Europe, where open banking is much further along than it is here in the states. They are essentially providing the infrastructure to help banks actually open up. In the United States, a lot of the push is coming from the fintech companies themselves, companies like Plaid or Yodlee.
Wait, I know Plaid. That is the thing that pops up when I try to connect my bank to a budgeting app. But I thought they were part of the problem? Don't they just scrape the data?
They used to, and that was the big controversy. But they have been moving toward what they call "data access agreements" with banks. Instead of scraping, they are signing deals to use dedicated A P Is. The problem is, those deals are often between two giant companies. They don't necessarily help a guy like Daniel who wants to write his own code in n eight n to talk directly to his bank.
That is exactly the point Daniel was making. He doesn't want to go through a middleman like Plaid. He wants to be the one in control. It feels like we are replacing one gatekeeper with another. If I have to use Plaid to talk to my bank, then Plaid has all my data too. It is just more people in the room.
You are hitting on the core of the disagreement between the regulators and the industry. The C F P B wants to ensure that "data aggregators" like Plaid don't become the new monopolies. The new rules are supposed to make it easier for anyone to access their data, provided they meet certain security standards. But there is a huge debate about what those standards should be. The banks want them to be so high that only big companies can meet them. The advocates want them to be accessible enough for individuals and small developers.
I have to side with the banks a little bit here, Herman. If any random person can build an app that hooks into a bank's core system, that sounds like a recipe for a massive data breach. I mean, look at what happens with regular websites. Now imagine that with everyone's life savings. I'm timid about this for a reason.
But Corn, you're missing the point. Daniel isn't asking to hook into the bank's core system. He's asking for a read-only view of his own transactions. If he leaks his own transaction history, that's on him, but it doesn't endanger the bank's entire network. We already have this for other things. You can get an A P I for your email, for your calendar, for your fitness data. Why is money the only thing that is locked in a vault from nineteen seventy?
Because money is different! If someone gets into my email, they might see a few embarrassing photos of me eating a very large salad. If someone gets into my bank account, they can see exactly where I live, what I buy, and how much I have. It's the ultimate roadmap for identity theft.
See, I think that's a bit of a stretch. Your bank already sends you this data in an unencrypted email or an unencrypted C S V file if you download it. An A P I with a secure token is actually much more difficult to intercept than a file sitting in your downloads folder. The real reason banks and companies like PayPal are dragging their feet isn't security, it's about the "moat." They want to be the ones to offer you the next financial product. If you are using a third-party app to manage your money, you aren't looking at the bank's ads for a new credit card.
Okay, that I believe. It always comes back to the ads, doesn't it? But Daniel's point about Google Wallet and PayPal is interesting because they aren't even banks, right? They are payment processors. Do these new C F P B rules even apply to them?
That is a very sharp question, Corn. The original Section ten thirty-three rules were mostly focused on traditional banks. But the C F P B has been very clear that they want to expand this to cover what they call "digital wallets" and "payment accounts." In twenty-four and twenty-five, they have been moving to include companies like Google, Apple, and PayPal in these requirements. They realize that for a lot of people, especially younger generations, a traditional bank account is just a place where money sits before it gets moved into a digital wallet.
So what is the actual state of things right now, on December twenty-fourth, two thousand twenty-five? If Daniel wants to go home today and connect his PayPal to n eight n, can he do it?
The short answer is: it's still hard. While the rules are finalized, the compliance deadlines for the biggest institutions aren't all here yet. Many companies are still in the process of building these interfaces. And some of them are fighting it in court. There have been several lawsuits filed by banking associations trying to stay the implementation of these rules, arguing that the C F P B exceeded its authority.
So we are in a bit of a limbo. We have the right to our data on paper, but in practice, we are still stuck with the "anachronistic" C S V files Daniel mentioned.
Pretty much. But there is a silver lining. Because of the pressure from the C F P B and the work of groups like F D X, more and more banks are launching "developer portals." If you are a bit tech-savvy, you can sometimes sign up as a developer, even just for yourself, and get access to your own data. It's not a "one click" solution yet, but the door is starting to crack open.
I wonder if this is going to lead to a world where we don't even use bank apps anymore. If I can have one perfectly designed, sloth-friendly app that shows me everything from my credit cards to my crypto to my savings, why would I ever log into five different banking websites with their terrible user interfaces and constant pop-ups?
That is the dream of open finance! It is about moving the power from the institution to the individual. But we have to be careful. There is a risk that we just end up with "super apps" like they have in some other countries, where one company like Google or Apple eventually just absorbs all that data anyway. If they are the ones providing the interface for all your other banks, they see everything.
Wait, wait, wait. So we want to get our data away from the banks, but in doing so, we might just be handing it over to big tech on a silver platter? That doesn't seem like much of a win. I thought we were trying to give Daniel more control, not just change who is watching him.
That is the big debate! This is why the advocacy groups are so important. We need standards that allow for decentralized access. Tools like n eight n are perfect for this because the data stays on your own server. But for the average person who doesn't want to host their own automation server, they are going to rely on a service. And that is where the privacy concerns really kick in.
This is making my head spin. I think I preferred it when I just had a little passbook that the teller would stamp. It was simple. You knew where the money was. Now it's all tokens and A P Is and regulatory stays.
It is complex, but it is important. Think about it this way, Corn. Your financial history is a story of your life. It shows what you value, where you go, and who you support. You should be the one who owns that story. Right now, that story is locked in a dozen different vaults, and the people who own those vaults are selling pieces of your story to advertisers.
When you put it that way, it does sound pretty bad. I don't want my eucalyptus leaf habits being sold to the highest bidder. So, if someone listening wants to actually support this movement, what do they do? Who are the people in the trenches?
You can look at groups like the Consumer Federation of America or the National Consumer Law Center. They are the ones actually showing up at the C F P B hearings and arguing for consumer rights. You can also look at the work being done by the Electronic Frontier Foundation, or E F F, which often weighs in on the privacy and data portability aspects of these rules.
And what about the tech side? If I'm a developer like Daniel?
Then you should be looking at F D X. Even though they are a consortium, they have a lot of public documentation on the standards. And keep an eye on the C F P B's official website. They have been very active in posting updates about Section ten thirty-three. They even have a way for you to submit comments on new rules. In fact, they recently reopened some parts of the open banking rule for public comment to address some of the concerns from smaller banks.
I think the biggest takeaway for me is that this isn't just a technical problem. It's a political one. We are fighting over who owns the digital version of us. And the banks have a huge head start.
They do. But the momentum is shifting. In two thousand twenty-five, the idea that you can't access your own data is starting to look as ridiculous as a bank that isn't open on weekends. Oh wait, they still do that too.
Classic banks. Always a few decades behind. But okay, let's talk practicalities. If Daniel, or anyone else, is frustrated by this today, what are the actual steps they can take? We always like to give people something they can actually do.
First, check if your bank has a "data sharing" or "connected apps" section in their settings. Many big banks like Chase or Wells Fargo have started to implement these because of the new rules. You might be able to authorize an app there directly without using a screen scraper. Second, if you use a tool like n eight n, look for community nodes. There are often developers who have already done the hard work of figuring out how to talk to specific bank A P Is and have shared their code.
And what about the "anachronistic" C S V files? Are we just stuck with them for now?
For a lot of the smaller institutions, yes. But here is a pro tip: there are tools that can automate the downloading of those files. It's not as elegant as an A P I, but you can use browser automation to log in, download the file, and then have n eight n pick it up from a folder. It's a bit "duct tape and baling wire," but it works.
That sounds like a lot of work for a sloth. I think I'll just wait for the C F P B to finish their job. But I do appreciate the hustle. Daniel is clearly onto something. If he can get this working, he'll have a level of insight into his spending that most people can only dream of.
Exactly. He could set up alerts that tell him when his subscriptions go up, or automatically categorize his business expenses for tax season. It's about taking the drudgery out of being an adult. And honestly, who doesn't want that?
I definitely want that. I want an automation that tells me when it's time to take a nap. Oh wait, that's just my internal clock. It's always time for a nap.
Typical Corn. But seriously, this is a big deal. We are moving toward a world of "Open Finance" where your data follows you, rather than you being tethered to a specific bank. It's going to lead to more competition, better products, and hopefully, more transparency.
I hope so. I just hope we don't lose our privacy in the process. I think that's the part where we really disagree, Herman. You're so excited about the possibilities that you're willing to take the risks. I'm so worried about the risks that I'm hesitant to see the possibilities.
And that is why we make a good team! You keep me from jumping off a cliff, and I keep you from never leaving the tree. But I think we can both agree that the current system of downloading C S V files like it's nineteen ninety-five has to go.
On that, we are one hundred percent in agreement. It's slow, it's clunky, and it's just plain annoying. So, thank you to Daniel for sending in this prompt. It's a great reminder that even the most technical frustrations are often tied to much bigger societal shifts.
Absolutely. And if you are listening and you have your own weird prompts about technology, finance, or anything in between, we want to hear them. This show is all about exploring the ideas that our friend Daniel and all of you send our way.
You can find us on Spotify, or check out our website at myweirdprompts.com. We have an R S S feed there for all you subscribers, and a contact form if you want to get in touch. We're also available on all the other major podcast platforms.
Just don't ask us for financial advice. We're a sloth and a donkey living in Jerusalem. Our investment portfolio mostly consists of hay and high-quality leaves.
Speak for yourself, Herman. I have a very diversified portfolio of various mosses. But seriously, thank you all for listening. This has been a great deep dive into the world of open banking and financial data rights.
Stay curious, and keep pushing for your data rights. It is your information, after all.
Until next time, I'm Corn.
And I'm Herman Poppleberry.
Goodbye!
See ya!
