cyberMonk
/
liberethos_paradigm
2
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

fixed links on CF rap sheet + bank privacy policy updates.

This commit is contained in:
cyberMonk 2021-01-30 13:54:28 -05:00
parent d4a6fd061a
commit 53612f0df4
4 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rap_sheets/amazon.md
View File

@ -43,3 +43,5 @@ Amazon is the root of abuses of privacy, freedom, human rights, civil liberties,
1. Amazon is **anti-consumer** and anti-competitive
1. Amazon [sold diapers at a loss](https://www.currentaffairs.org/2020/12/how-amazon-destroys-the-intellectual-justifications-for-capitalism) to drive Quidsi out of business.
1. Amazon spent $4.38 million to [lobby against antitrust law](https://www.bloomberg.com/news/articles/2020-07-21/amazon-sets-new-lobbying-record-as-tech-antitrust-scrutiny-grows)
See also Richard Stallman's [Amazon RAP sheet](https://stallman.org/amazon.html), which we will one day merge into the above.

20
rap_sheets/cloudflare.md
View File

@ -1,10 +1,10 @@
# CloudFlare
CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the worlds largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences:
CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the world's largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences:
1. CloudFlare mounts mutlifaceted attacks on **privacy**
1. CloudFlare is a man-in-the-middle who [sees all traffic](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem) including usernames, unhashed passwords, and financial data within the HTTPS tunnel. This is done surreptitiously. CloudFlare sees [all the traffic](https://cypherpunk.is/2015/04/02/why-cloudflare-is-probably-a-honeypot).
1. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. [Collateral damage is high](https://blog.torproject.org/trouble-cloudflare). Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else.
1. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. [Collateral damage is high](https://blog.torproject.org/trouble-cloudflare). Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else. The impact is not only privacy while visiting the CloudFlare site. CloudFlare has proliferated to the point that users opt to abandon Tor entirely because solving 50+ CAPTCHAs every day is wholly impractical. For a user to be effectively forced to abandon Tor is a colossal loss of privacy.
1. CloudFlare helps spy orgs conduct illegal surveillance two ways:
* damage to anonymity: CF deployed an [anonymity compromising](https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm) Google reCAPTCHA from 2009 to mid-2020. Apart from the direct compromise by the CAPTCHA, Tor users are also [driven off](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf) Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality).
* centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to [foam at the mouth](https://www.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/ejxmmhq) -- and they will get access to it one way or another.
@ -22,7 +22,7 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CloudFlare discriminates unfairly against Tor users, those who use non-graphical browsers, and those who deploy beneficial robots.
1. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section)
1. CloudFlare's detriment to **human rights**
1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizens attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizen attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
1. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines):
| ***WCAG Principle*** | ***How the Principle is Violated*** |
|---|---|
@ -53,28 +53,28 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CloudFlare's detriment to **democracy**
1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org. Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes.
1. Voter suppression: CF impedes voter registration in 8 US states (16% of voter registration sites).
1. CloudFlare's **censorship**
1. CloudFlare's **censorship** and impact on education
1. CloudFlare restricts access to scientific papers.
1. Universities outsource ebooks to [Proquest](ebooks.proquest.com), a Tor-hostile CloudFlare site. [RUC](ruc.dk) is an example of a university that closed their library during the pandemic, while online access to books is subject to CloudFlare's terms and privacy abuses.
1. Universities outsource ebooks to [Proquest](http://ebooks.proquest.com), a Tor-hostile CloudFlare site. [RUC](http://ruc.dk) is an example of a university that closed their library during the pandemic, while online access to books is subject to CloudFlare's terms and privacy abuses.
1. ACM's Digital Library is jailed in CloudFlare's exclusive walled-garden despite ACM's intent to be ["open" during a pandemic](https://www.scott-a-s.com/acm-digital-library-should-remain-open). The perverse affect is that privacy-seekers are subject to CF's privacy abuses when attempting to access [a paper about privacy abuse](https://dl.acm.org/doi/10.1145/3319535.3354198).
1. CloudFlare [attacks freedom of expression](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=2).
1. When a review exposed CloudFlare's doxxing of whistle blowers, CF [censored](https://nitter.net/phyzonloop/status/1178836176985366529) the review.
1. CloudFlare is a burden on the **environment**
1. Images account for the [most significant](http://www.aptivate.org/webguidelines/Images.html) burden on Internet bandwidth. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web.
1. Images account for the [most significant](http://www.aptivate.org/webguidelines/Images.html) burden on Internet bandwidth and power consumption as a result. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web.
1. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs.
1. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle.
1. CloudFlare stifles innovation and culture. Robots are a crucial component to innovation. CF's attack on robots means people can't even use wget to download files. As a consequence, mp3 files (for example) can only be downloaded one at a time by manually clicking on each file.
1. **False statements, deceptive practices, and poor character of CloudFlare**
1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit.
1. False errors when j/s is disabled.
1. False errors are displayed when j/s is disabled.
1. CloudFlare [deceives](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/) website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd.
1. CloudFlare has been caught making false statements to the public. CF said in their [FaQ](https://web.archive.org/web/20180926003344/https://blog.cloudflare.com/cloudflare-onion-service/#why-should-i-trust-cloudflare): "*Why should I trust Cloudflare? You dont need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers,*" the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust.
1. CloudFlare [deceives](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=4) users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware."
1. Lack of human decency -- CF's mean-spirited CEO [displays](https://nitter.net/eastdakota/status/1273277839102656515) [schadenfreude](https://en.wikipedia.org/wiki/Schadenfreude) amid the grief his company has caused innovative people who use the web non-maliciously.
1. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). (see "CloudFlare shelters criminals")
1. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers [receive spam](https://nitter.net/thexpaw/status/1108424723233419264) from CF without express consent and possibly contrary to privacy policies.
1. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers [receive spam](https://nitter.net/thexpaw/status/1108424723233419264) from CF without express consent and possibly contrary to privacy policies. This is deceptive because spam mitigation is one of CloudFlare's selling points.
1. When a large profit-driven tech giant uses a non-profit fund raising platform to [solicit donations](https://web.archive.org/web/20191112033605/https://opencollective.com/cloudflarecollective#section-about) to feed their own staff at events, it's clear that professionalism is in short supply at CloudFlare Inc.
1. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). (see "CloudFlare shelters criminals" below)
1. CloudFlare **shelters criminals**
1. CF [protects](https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis) pro-ISIS websites from attack.
1. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually [doxxed](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) the people who reported it. CloudFlare revealed the whistle blowers identities directly to the website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5).
1. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually [doxxed](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) the people who reported it. CloudFlare revealed the whistle blowers' identities directly to the dubious website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5).

10
us_banks.md
View File

@ -39,12 +39,12 @@ hCAPTCHA:
| ***Financial institution*** | ***Values-based network*** | ***Blocks Tor*** | ***CloudFlared*** | ***hCAPTCHA*** | ***Locations*** | ***Notes*** |
|--|--|--|--|--|--|--|
| [Amalgamated Bank](https://www.amalgamatedbank.com) | [B Corp](https://bcorporation.net/directory/amalgamated-bank), [GABV](http://www.gabv.org/members/amalgamated-bank-usa)| 👁 ||| New York, Washington, D.C.||
| [Beneficial State Bank](https://www.beneficialstatebank.com) | [B Corp](https://bcorporation.net/directory/beneficial-state-bank), [GABV](http://www.gabv.org/members/beneficial-state-bank), ~~[CDFI](https://www.cdfifund.gov/Documents/CDFI%20Cert%20List%2001-14-2020%20Final.xlsx)~~ || 👁 || California, Oregon, Washington| It's in a hidden row on the CDFI spreadsheet. Does that imply deletion? |
| [Clearwater Credit Union](http://www.clearwatercreditunion.org) | [GABV](http://www.gabv.org/members/clearwater-credit-union) || 👁 | y | ? | hCAPTCHA is pushed by CloudFlare and thus triggered unpredictably. |
| [Decorah Bank & Trust Company](https://www.decorahbank.com) | [GABV](http://www.gabv.org/members/decorah-bank-trust-company) || 👁 || ? ||
| [First Green Bank](https://www.firstgreenbank.com) | ~~B Corp~~, [GABV](http://gabv.org) || 👁 | y | Florida | A 3rd party site said they were B Corp listed, but they aren't listed on the B Corp site. hCAPTCHA is pushed by CloudFlare and thus triggered unpredictably. |
| [Beneficial State Bank](https://www.beneficialstatebank.com) | [B Corp](https://bcorporation.net/directory/beneficial-state-bank), [GABV](http://www.gabv.org/members/beneficial-state-bank), ~~[CDFI](https://www.cdfifund.gov/Documents/CDFI%20Cert%20List%2001-14-2020%20Final.xlsx)~~ || 👁 | y | California, Oregon, Washington| It's in a hidden row on the CDFI spreadsheet. Does that imply deletion? They [claim](https://beneficialstatebank.com/web-accessibility): "we have taken definitive steps to follow Web Content and Accessibility Guidelines (WCAG)," but their CloudFlared login portal imposes an hCAPTCHA which violates WCAG. BSB admits in their [privacy policy](https://beneficialstatebank.com/uploads/files/BSB-Consumer-Privacy-Act-CCPA-Privacy-Notice-Current-6.4.2020.pdf#page=2) that they collect your IP address to track your geoloctation. They also vaguely state that they share your sensitive information with third parties, but they do not name the third parties (thus sharing with CloudFlare, Inc. is concealed). |
| [Clearwater Credit Union](http://web.archive.org/web/www.clearwatercreditunion.org) | [GABV](http://www.gabv.org/members/clearwater-credit-union) || 👁 | y | ? | hCAPTCHA is pushed by CloudFlare and thus triggered unpredictably. Their [vague privacy policy](https://web.archive.org/web/20201027053008/https://clearwatercreditunion.org/privacy-security-policy) conceals the fact that they share all web traffic with CloudFlare, Inc. |
| [Decorah Bank & Trust Company](https://web.archive.org/web/www.decorahbank.com) | [GABV](http://www.gabv.org/members/decorah-bank-trust-company) || 👁 || Iowa | Their [privacy policy](https://www.decorahbank.com/legal-information/privacy-policy) lies. Since CloudFlare sees all traffic, these are false statements: "we will not give your data to third parties without your permission."; "you will never be required to give information to a third party supplier." |
| [First Green Bank](https://web.archive.org/web/www.firstgreenbank.com) | ~~B Corp~~, [GABV](http://gabv.org) || 👁 | y | Florida | A 3rd party site said they were B Corp listed, but they aren't listed on the B Corp site. hCAPTCHA is pushed by CloudFlare and thus triggered unpredictably. They don't even have a proper privacy policy, but their "[privacy commitment](https://web.archive.org/web/20201129095019/https://www.firstgreenbank.com/privacy-commitment)" statement conceals the fact that all web traffic is shared with CloudFlare, Inc. |
| [Mascoma Savings Bank](http://www.mascomabank.com/) | [B Corp](https://bcorporation.net/directory/mascoma-bank) | 👁 || ? | New Hampshire, Vermont |||
| [Missoula Federal Credit Union](https://missoulafcu.org/) | ~~[GABV](http://gabv.org/the-community/members/banks)~~, ~~CDFI~~ || 👁 || Montana | A 3rd party site said they were a GABV member, but they aren't listed on the GABV site. They also don't exist in the [CDFI spreadsheet](https://www.cdfifund.gov/Documents/CDFI%20Cert%20List%2001-14-2020%20Final.xlsx) |
| [Missoula Federal Credit Union](https://web.archive.org/web/missoulafcu.org/) | ~~[GABV](http://gabv.org/the-community/members/banks)~~, ~~CDFI~~ || 👁 | y | Montana | A 3rd party site said they were a GABV member, but they aren't listed on the GABV site. They also don't exist in the [CDFI spreadsheet](https://www.cdfifund.gov/Documents/CDFI%20Cert%20List%2001-14-2020%20Final.xlsx) |
| [National Cooperative Bank](http://www.ncb.coop) | [GABV](http://www.gabv.org/members/national-cooperative-bank) ||| y | ? | hCAPTCHA pushed to Tor users (untested for non-Tor users) |
## Graylisted banks

16
us_brokerages.md
View File

@ -125,12 +125,16 @@ anti-consumer.
Non-Tor users generally reveal their physical location to their bank
every time they login. If all banks didn't care where you reside,
this wouldn't be a problem. But some banks care more than others and
beyond reason. For nomads/world travelers banks can make their lives
hell if their profile doesn't seem to match up with their lifestyle.
Some banks will close an account if a customer moves out of their
service area. If you want to take a job away from home for a year or
two, Tor gives you the necessary privacy to do that free of hassle and
nannying.
beyond reason. Banks typically
[collect your IP address](https://www.decorahbank.com/legal-information/privacy-policy)
and one bank even outright admits in their
[privacy policy](https://beneficialstatebank.com/uploads/files/BSB-Consumer-Privacy-Act-CCPA-Privacy-Notice-Current-6.4.2020.pdf#page=2)
that they collect geolocation data from customers' IP addresses. For
nomads/world travelers banks can make their lives hell if their
profile doesn't seem to match up with their lifestyle. Some banks
will close an account if a customer moves out of their service area.
If you want to take a job away from home for a year or two, Tor gives
you the necessary privacy to do that free of hassle and nannying.
</details>
<details>