Get 50% OFF QuickBooks for 3 months*

Buy now
United States United Kingdom Australia Canada (English) Canada (French) France Singapore South Africa Global Ireland
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Work smarter and get more done with advanced tools that save you time. Discover QuickBooks Online Advanced.

Reply to message

View discussion in a popup

Replying to:
Dave226
Level 3
‎September 11, 2023 04:00 PM

Reply to message

Thank you, JamesAndrewM, for taking the time to make an attempt to reply.  But it seems you don't understand the issue any better than any of the other QuickBooks Team Members who have weighed in here.  I've had occasion to have a look at the (non)-answer you referred me to in another thread.  This reply is not new, as it has been raised here at least once in THIS thread.  It is not exactly an answer, and it introduces another level of either insufficient knowledge or outright dissembling.  The OAuth excuse does not fly, because while OAuth exists, and presumably Chase and others are using it, it is strictly an open source protocol for authenticating users to grant access to a protected resource.

 

   OAuth is not an organization, or a vendor, a corporation, or a data delivery service.  It is an authentication PROTOCOL.  It is a prescribed method for authentication of a user for the purpose of granting ACCESS.  It does not address data format or delivery methods at all.  It doesn't prescribe any particular method of obfuscation or encryption, or any other form of data protection at all beyond the simple act of authenticating the user, and granting permission for ACCESS to the resource.  While it may be true that Chase Bank and others are using OAuth to grant access to the data, a description of any type of obfuscation or encryption is not addressed anywhere in the OAuth protocol description.  This is out of scope for the OAuth protocol.  Once OAuth has been used to grant access to the data, there is no recommendation at all about how the data is formatted or delivered.  This is in the hands of the one to whom the data is delivered.  And OAuth has NOTHING to say about that at all.


   So "OAuth" is yet another red herring being waved under our noses, in the same manner as referring to the data transformation as "encryption", when it is purely "obfuscation" and results in irrecoverable data loss.  

 

   The ACTUAL problem is that Chase, in addition to requiring user authentication (presumably) using OAuth protocols, is using a third party (identity is not disclosed, but it is probably similar in nature and scope to Plaid) to deliver the data.  Someone in this chain of data delivery is obfuscating the data.  The data delivery chain is Chase >> (unidentified third party) >> Intuit. 

 

   Both Chase and Intuit can now plausibly blame the data destruction on this third party, with Chase delivering clear, albeit partially redacted data when accessed directly from Chase.  They can claim, "We are delivering exactly what you see on our website."  Intuit can claim "We are delivering the data exactly as we receive it from Chase." (carefully not mentioning the data flows through an intermediary third party).   The combination of these two claims places the responsibility directly on this third party.  We as users are presumably not supposed to notice this, and throw up our hands in despair. 


   Apparently we are also supposed to believe that neither of these giant corporations with TEAMS of developers have no idea that this is happening.  Well, I for one do not buy it.  And Chase and Intuit should both be ashamed of themselves for trying to deliberately foist this deception on unsuspecting users like myself.

 

   Escalate this to Intuit management and let them know that this is breaking the product we all signed up for (and pay handsomely to use).  If they don't care what we think about this, they should stop blowing smoke in our general direction, and simply come clean.  Just tell us "We don't care what happens to your user experience.  This is what we are doing.  We have our reasons, and we don't owe you peons any explanations."

 

   Well, some of us know how to read.  We know that this used to work, and now it doesn't.  We know that OAuth is not the problem.  And if you think going back to manually uploading downloaded data is good enough, and we will not care that your formerly quite functional labor-saving automation feature is now hopelessly broken by a third-party data delivery service, it won't be too long before some new software company will be eating your lunch.  

   Your C-Suite needs to be negotiating a better service level for Intuit data, or you will be competing with GnuCash.

Reply Join the conversation

Need to get in touch?

Contact us