Of course, if it was necessary or added some great benefit, the risk might be justified, but I just don’t see it…
If you don’t trust the app… the thing that has direct access to all your money… then might as well not have an account at all.
That’s another potential issue.
My initial response related to the potential motive for Monzo doing this being debated, with “data capture” being a very unlikely reason in my view (unless, of course, you don’t trust Monzo, but I didn’t trust them to a certain extent, I wouldn’t use them as my main account).
With enough effort anything can be hacked, this isn’t news. It’s helpful to keep these situations in perspective - what’s the cost / benefit ratio? (that’s a rhetorical question)
To me, Monzo using phone numbers to attempt to match other users to one another makes sense for P2P payments and for joint accounts and any other situation where one user needs to match another user. I’d actually take it further personally and do this kind of matching with peoples email addresses (and any other publically shared uniquely identifying information) if possible
To me, these data are not really “privileged information” which is not to say its a good idea to go plastering it all over the place but that attempts to hide them from others rarely really work well (probably because they are information designed be shared to allow others to contact you - like a street address)
Couldn’t care less who can see my contacts, particularly if sharing that info gives me features I find easier to use / beneficial
This is very much the dividing line. Some people are going to be of your pursuasion, some of mine. The question is, why make the line at all if you don’t have to?
Absolutely, how would you prefer us to be able to make P2P payments and open joint accounts with another Monzo user?
Joint accounts - you could just enter a phone number. Single piece of data instead of your whole phone book.
Not sure about p2p - I’m only interested in monzo.me. For monzo.me, I can’t see why you would need contacts at all. It’s just a payment link.
There are a lot of regulations around money meaning an evil bank can’t just steal it even if they wanted to.
No such protections exist for personal data like contacts (GDPR remains to be enforced, just like any privacy directive before it).
So you could very well trust an entity with money but not personal data.
Maybe I’m in the wrong generation, but I don’t really understand the secrecy about contacts? I am personally not bothered since there isn’t much personal info in there.
If you don’t trust Monzo with contact data (which even then they don’t fully receive- it’s encrypted and only partially shown), would letting them see transaction data then be a concern? Eg spending insights and locations. Just trying to understand why you’re focusing on this as a potential privacy/data concern.
but I don’t really understand the secrecy about contacts?
It being an unique fingerprint for you and your relationships that you can’t easily change? You could always change your name, email or phone, but can you change all your friends?
Some people have valid reasons not to share their contacts and they should have the option not to. Both Monzo’s and Starling’s approaches to setting up joint accounts are inadequate - what’s wrong with falling back to displaying an account ID and letting the user manually communicate that to the joint account partner?
Just trying to understand why you’re focusing on this as a potential privacy/data concern.
Principle of least privilege I assume. The same reason why most server software drops superuser privileges as soon as it starts, or why your browser app on which you’re reading this is not running as superuser either.
This is an interesting one.
Most of my contacts share my details with Facebook, even though I have never consented to it, nor am I on Facebook.
I do agree with you though on the need to allow sign ups for a joint account via another route, if a user chooses not to enable “Monzo with Friends”, and the contact access permissions that come with it.
That’s a fair point, during the Facebook Cambridge Analytica scandal many had their info compromised even though they had never used it- because their friends had.
If access to all contacts is needed during the sign-up process then perhaps this can be adjusted for when Joint Accounts leave the labs for people who aren’t comfortable with this.
If all your contacts were stolen, how silly would you sound
“I shared all my contacts to open a joint current account with my girlfriend/boyfriend/significant other”
Whilst I’m not disagreeing with you as such, what would be the worst thing that could happen if all of your contacts were indeed stolen?
Again, that will depend on who you are and who your contacts are.
If you’re building a bank, you should probably build for as wide a spectrum of people as possible.
Maybe the mindset here is that all monzo users are or should be tech savvy and used to living life online in a very trusting way without much fear of the consequences. Share all your contacts? Oh, I’ve done that loads of times!
In current times, such attitudes are a bit strange.
I guess I hadn’t thought of this part so much, because if you are someone who does have sensitive information, you probably wouldn’t be signing up to a very new digital bank.
Let’s not forget Monzo is in the early stages of a current account, and the joint account is still in a beta stage.
So whilst your points are valid for the long term perhaps, and it’s always good to raise them, I think we are years away from it being a necessity.
Although Monzo have already said the way they open joint accounts will change.
There seem to be a few issues popping up which seem to try and get Monzo to cater for absolutely every situation and circumstance - It’s just not viable right now, and the reality is, if it doesn’t work for you at the moment, it’s probably best to avoid.
That’s not to say it won’t change of course, but there is SO much to develop already, that inevitably, you will need to cater for the wider audience before drilling down into the niche examples.
Time to install a Faraday cage
Why would I need to change them if someone knew who my contacts are? Still struggling to see the issue?