frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Net worth tracker to replace your spreadsheet, E2E, no bank logins

https://usequantive.app/demo
1•pedromlsreis•2h ago
I started tracking my net worth when I started working in 2019 and I used a spreadsheet for that. But, having accounts in multiple currencies and updating it every month got old. I wanted to look at the numbers on my phone in a queue, but ended up rebuilding formulas at my laptop every month. Also, I didn't want to hand my bank logins to a third-party aggregator to get there. So I built the tool I've always wanted: without bank connections, syncing the same dashboard on every device, and making sure the data was encrypted in my browser so the server can't read it.

You submit your balances or start by uploading an Excel file, and Quantive gives you the things a spreadsheet makes you fight for, like the constantly evolving allocation by asset type and liquidity, drawdown stats and forecasts, and multi-currency totals where a balance from 3 years ago is valued at that day's FX rate (not today's). It syncs across devices, so you can now check those numbers also from your phone.

The part I cared most about was for your portfolio to be encrypted in your browser with a key derived from your password before anything reaches the server. The server only stores ciphertext, so a passive database leak reveals nothing about your financials, and there's no third-party aggregator on my side. XChaCha20-Poly1305 and Argon2id (via libsodium), an optional 24-word recovery code, and the crypto module is MIT. The full threat model, including what I deliberately do not defend against can also be found in the design doc below. That's the part I'd most like critique on.

Live: https://usequantive.app

Try it on a mock portfolio with no sign-up: https://usequantive.app/demo

Repo: https://github.com/pedromlsreis/quantive (crypto module MIT; the rest source-available under PolyForm Noncommercial 1.0.0)

Design doc, with the threat model and what's tested vs not: https://github.com/pedromlsreis/quantive/blob/main/docs/secu...

The Free tier will remain forever, and I will never be cutting down on usability. Pro adds full history, forecasting, benchmarks against EU inflation and the S&P 500, a PDF report, and CSV/Excel exports. Also, in line with the privacy philosophy, all the existing analytics are opt-in and anonymous - everything disclosed in the /privacy page. I'd be happy to hear your comments, especially from anyone who has wrestled with this in a spreadsheet before.

Comments

pedromlsreis•2h ago
This was a solo project, for about a few months of evenings. What it does not defend against, up front: an actively malicious server (the JS-delivery problem that basically every browser-E2E app shares), a compromised device, etc. Those are in the design doc.

I'd most like feedback on the threat model, and on the auth path: login still goes through a normal password-to-server handshake, and moving to a PAKE (OPAQUE/SRP) so the password never reaches the server is the obvious open item I have not done yet. Happy to get into the cryptography also, the no-bank-connection decision, or why it is bootstrapped and not VC scaled.