Comment by kojeovo
7 days ago
The privacy and security part is not inspiring confidence. Scrolling to the next section got me thinking "Don't get scammed at closing, get scammed before closing after uploading your mortgage documents to a random website."
Cool idea though.
Hey, Aaron the builder here.
The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.
The tool has already helped many people negotiate and get a better deal on their mortgage. Please before judging understand that 70% of buyers overpay in their mortgage 1-3% in closing costs and bad rates. It's mind boggling how much lenders get away with profiting in junk fees from stressed out homebuyers.
Allow me to expound on @kojeovo's remark. Please take this as a constructive criticism to improve your success potential. Much of it is from a quick glance, and am sure there are many other facets to improve.
A business is not just about the product.
Your Privacy Policy. There is no default way to download it (see 9.), and since it is window-ed cannot print entire doc. That means I cannot keep a copy of it for myself.
> We collect the following types of information:
> Mortgage Documents: Loan Estimates and Closing Disclosures you upload for analysis.
Okay, but
> 4. Data Security
> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
This means nothing. Are you ISO 27001:2022, NIST SP 800-53, CIS, CE+, Essential Eight, or something else? Have you been audited, and proof? Who is your ISP? What regs do you follow around data sovereignty?
Terms of Service. Again, no default way of download. Overall, I would never agree to this ToS. It demands all kinds of requirements on the user, but takes no responsibility for anything - or as described above, explain how you will protect your customers.
You have no reference anywhere where you are geographically. No address, no about us, no who you are. I would be very leery on uploading anything.
Would it matter if they had a "perfect" privacy policy? I don't believe there's anything legally that enforces it. So they can promise the moon then turn around and sell your data.
Maybe I'm wrong here, but, My mental model of privacy policies and the like has always been: This is a lie, the company will do whatever it wants with my data. And I will have no recourse.
As such I've always acted accordingly. And very few websites have legit info on me.
1 reply →
Thanks for the constructive feedback.
I just added a way to easily download the entire privacy policy and terms of service, also quickly added an about page with some info about me - https://closing.wtf/about
Eventually I'm going to get a certification and will keep your other points in mind.
3 replies →
Legitimately curious, what’s the worst they could do with this data?
33 replies →
FYI, this reads as a very aggressive response to someone raising legitimate privacy concerns and doesn't engender the trust you very likely deserve.
Rather than talking up the value of the tool as superceding the concerns, a more constructive approach might acknowledge the concerns and emphasize how you already do minimize risk or commitments you're willing to make towards doing so.
Being dismissive doesn't help worried or skeptical people feel more secure, and worried and skeptical people make perfectly good users too.
Interesting. I didn't read it as aggressive, and certainly not "very" aggressive. I read it as polite and perhaps mildly defensive. What about the response suggests aggression to you?
It is fair to describe the pains of not getting analysis on mortgage loan estimates, but what I think folks are looking for is some kind of authentic answer to the problem posed.
For example, you could advise the person uploading to remove PII prior to the upload, and link to pdf editing tools that allow them to do that.
You could say that not including PII like full name(s) found on just about every loan estimate does not take away from the value of the tool.
Another thing that could be done is to provide clear means for removing any data uploaded, or opt-out pre-upload of any data being used for training.
For example by creating an account first.
Providing some skin in the game such as putting the removal behavior in the terms of service and a personal guarantee to do everything to ensure sensitivity to privacy of this information will be handled carefully staking your reputation, probably would help.
Thank you for these suggestions, I'm going to advise users to remove PII before uploading and eventually allow users to purge their data.
> not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone. This is genuinely a pro buyer tool with no association with any 3rd party.
I have no reason to think you're not completely sincere in this!
But, realize it doesn't mean anything.
Unless that promise is backed by some ironclad contract, it means nothing. Companies grow and hire new people who don't care about the original values. Or they get acquired and all bets are off. Or they start running low on cash and suddenly decide monetizing all that data is a good idea after all. Or it becomes visible enough to attract attention of the government who shows up demanding copies of data. And so on.
I've been in one or more startups where all of these things have happened.
I am genuinely surprised by the comments in this thread.
Privacy concerns are real but the importance of that matter in your project is overestimated here by an absurd level.
What I read is not a constructive criticism and the suggestions laid down are not realistic nor business relevant at all. I feel like this is some sort of mass wishful thinking.
I think it's actually refreshing to see the top comments and constructive criticism be about privacy concerns. It shows that even for little "Show HN" projects, there is growing intolerance of half-assing it. Not saying OP in particular is half-assing it, but it's good to see these questions being regularly asked front and center. I honestly wish the Tech Media paid more attention to privacy and security instead of just copy-pasting companies' PR statements as "articles."
2 replies →
> Privacy concerns are real
This isn't about privacy, it's a security concern. People's life savings are on the line here, and the information OP is requesting is enough to pull off very sophisticated social engineering attacks. It's entirely reasonable to ask what they're going to do with that information and how they're keeping it secured, and their reaction to the questions is entirely inappropriate for someone who's asking for this degree of trust.
Title deposit wire fraud is a very big risk. The amounts are devastating to the victims, so the operator has to go above and beyond to secure the data because of the huge risks involved. Would you risk losing a 5-/6-digit amount to fraud in order to potentially save on a 4-digit closing fee?
Hey. I really don't care to compare the level of scamming nor the usefulness of the tool. I'm in the process of buying right now so I know it could be useful. That's besides the point. To clarify, here's a different thought. Reading the following copy, I am wondering "whats gonna happen to my data / file I upload?":
> We never sell or share data with third parties. All information is used solely to generate analyses to help borrowers analyze and optimize their mortgages.
I even looked further into the privacy policy, just to be diligent here.
> We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.
With how much info I have been provided, I'm just not gonna upload a document to your site. Like I said, just doesn't inspire confidence as I scroll your landing page. Could just be a copy change to fix this.
I love this idea (haven't tried it) and it seems like a killer app for AI. I can think of a lot of other things like health insurance, home owners insurance, and many other types of contracts for which an AI advisor can be built for. Imagine being able to rake over a complex document and make decisions that clearly benefit you. That's a rare privilege.
Your response is a lighthouse sized red flashing light to never use your tool.
Also, you have no control over decisions that any future owner might have, and you won't care because you've already cashed out.
What happens when you get hacked? Not if. To come back at someone with valid concerns with a "no, you don't understand my point of view" does nothing but a disservice to you.
Expecting people to just accept things is just not a good way to operate. When you receive push back, you need better responses than this. Will the vast majority of your users push back, sadly, probably not. However, you did post this to HN and then reacted poorly to valid criticism. Tsk tsk
Great idea and execution. I understand the privacy concerns, but I believe implementing a client-side redaction step could alleviate some of them. This step would allow users to preview their uploaded content before submitting it. While designing this feature, it’s crucial to ensure user trust and convince them of its benefits. Personally, I would feel more comfortable uploading a PDF knowing that it will be anonymized or redacted before being submitted.
Doesn't matter your promise, even though you may or may not be trusted, hackers can get it and steal it all. So it's not necessarily you or your service.
How can you get scammed on a mortgage? They're typically standard products from nationwide banks.
>The scamming that happens to homebuyers is not even comparable to the risk in uploading docs to a website which promises they won't share user data with anyone.
Well as long as you promise, my privacy fears are allayed!
/s
Ignore the haters, they will probably never be your customer.
Ah the Disney approach.
Bold strategy Cotton.
Owner did the smart thing and listened to the constructive criticism which made me feel infinitely better about using his tool.
Which I will now do, and would not have before. I am also his exact customer.
1 reply →
People are trying to increase the potential customer base of the author by pointing out where there is room to improve. That is incredibly valuable, and one of the major reasons to do a Show HN.
That is not being a "hater".
8 replies →
What sensitive data do you think is on a loan estimate? I've received a dozen over the years and it's literally just your name and the address of the property you want to buy. Both of which are public information if you do purchase the property.
We're talking about enough information to create a list of people who are in the process of making the largest purchase of their lives, coupled with the name of the businesses that they're considering sending money to and the exact dollar amounts that they're considering sending.
Scammers pay a lot of money to people who can get them those kinds of lists.
Except that's not how it works. You don't pay the mortgage company, you pay the seller.
As others have mentioned, title fraud. My recent closing disclosure has buyer, seller, agent, and title company. It'd be pretty easy to call the buyer claiming to be the title company and request a wire for exactly the right amount to a fraudulent location.
I'm skeptical anyone here has actually bought a house. That's not how it works at all.
2 replies →
Public info that you bought a property is entirely different from info about all the properties you are searching for and seriously considering. Especially being able to couple that with what you eventually did later.
If you're uploading a loan estimate you've already made a loan application for a specific house- this isn't going to give them information on every house you were considering, it is probably just the single house which accepted your offer and are shopping around for financing.
Why would a name and a random property address have value before the transaction, but not after it?
1 reply →
You are also signalling that you have enough money to buy said house and are actively in the process of doing so which makes you a mark. And if there is a whole DB of this info readily available...
Anyways the security could be fine. But if a user's primary action is uploading that document then maybe wanna have more than a quick sentence on it.