What's a better bug-bounty reward than money?


A tiny lego Storm Trooper eats a chocolate coin.

Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people?1 There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it,…

Continue reading →

Book Review: Die With Zero


Die With Zero book cover.

Spoiler Alert! We're all going to die. I'm the sort of person who buys a fancy jar of something delicious - and then I save it for a special occasion. Yet, somehow, those special occasions never seem special enough. And so the jar sits at the back of the cupboard waiting for a train that's…

Continue reading →

People Don't Want To Run Their Own Bank


Photos of some porcelain piggy banks in the shape of pigs in clothes. Photo taken by William Warby.

When I was young, I had a piggy bank. A piggy bank is incredibly secure. It's fairly big - so it is hard to lose. It is brightly coloured - so you can find it easily. No one else can see how much money there is in there. The only way to get money out…

Continue reading →

Authorisation vs Consent


A tiny lego Storm Trooper eats a chocolate coin.

I recently read this interesting, and distressing, story of a man who was drugged and robbed. A form of crime which has been going on for centuries. But the 21st Century twist is that the thieves forced him to transfer large sums of money via his phone's banking apps. While under the influence, the victim…

Continue reading →

Home brewing and Cryptocurrency


A tiny lego Storm Trooper eats a chocolate coin.

This is a thought experiment inspired by the sort of rambling and speculative conversations my wife and I have been having in lockdown. Most countries in the world place legal limits on alcohol production at home. There are, usually, several good reasons for this: Improperly brewed alcohol can cause severe health problems - including death.…

Continue reading →

Questions to ask before launching a crypto-payments feature


A tiny lego Storm Trooper eats a chocolate coin.

Messaging app Signal is launching a payment service in the UK. This will allow users to send each other money cryptocurrency. Many people have written about why this is a daft idea. But they've mostly talked about why cryptocoins corrupt everything they touch. I want to talk about why this is a shitty idea from…

Continue reading →

Why is there no "pay me directly" standard?


A tiny lego Storm Trooper eats a chocolate coin.

If you have a bank account, you probably have an IBAN - an International Bank Account Number. It is a well-structured text string which unambiguously identifies your account. A typical UK IBAN looks like GB33BUKB20201555555555 - with it, you can send money to that account from any bank in the world. OK, some banks make…

Continue reading →

Moneyed - a personal OpenBanking API


API Token generation screen.

After writing about how to use MoneyDashboard's unofficial API, the good folk at Moneyed told me about their officially supported API! So here's a quick review & howto guide. Moneyed is a slightly strange service. I think it is designed for companies to give as a benefit to their employees. But you can sign up…

Continue reading →

Unofficial MoneyDashboard Neon API


A tiny lego Storm Trooper eats a chocolate coin.

Yesterday, I wrote up how to use the MoneyDashboard Classic API. Read that blog post first before reading this one. MoneyDashboard have launched a new "Neon" service. The API is a bit more simple, but authentication is harder. Here's a quick guide to the bits of the API that I found useful. I've lightly redacted…

Continue reading →

Unofficial MoneyDashboard API


A tiny lego Storm Trooper eats a chocolate coin.

The OpenBanking specification is brilliant. It allows you to aggregate all of your financial accounts in one place. You can give read or write access to apps and services. Magic! API access is restricted to registered financial institutions. That's good, because it puts up a barrier to entry preventing dodgy companies slurping up your data…

Continue reading →