mention TDA data leaks

2021-02-19 11:44:53 -05:00 · 2021-02-19 11:44:53 -05:00 · 8832d19123
parent 6402192352
commit 8832d19123
4 changed files with 16 additions and 14 deletions
--- a/input_data/financial_institutions.sql
+++ b/input_data/financial_institutions.sql
@ -82,7 +82,7 @@ insert into fiTbl (name,url,cflogin,notes) values ('M1 Finance','https://www.m1f
   'They censor posts in their Reddit sub that expose the risks of passing sensitive financial data through CloudFlare.');

 insert into fiTbl (name,url,parent,dt,notes) values ('Merrill Edge','https://www.merrilledge.com/','Bank of America',1,
-   'Owned by one of the [most evil](us_banks.md) banks in the world (Bank of America)');
+   'Owned by one of the [most evil](usa_banks.md) banks in the world (Bank of America)');

 insert into fiTbl (name,url,aws,notes) values ('nvstr','https://www.nvstr.com',1,
   'maintenance fee: $4/month; promos: $15-150 for funding, random bonus awards, referral bonuses');
@ -111,10 +111,12 @@ insert into fiTbl (name,url,aws,notes) values ('tastyworks','https://tastyworks.
   'TIRA; RIRA; no forex; no crypto; no non-US stocks; open/close fee= $0/0; commission=$5/stock trade (closing trades gratis), $1/option trade;'||
   ' promo: funding (100 shares [$1-6ea, avg:$200-220]), referral=$75');

-insert into fiTbl (name,url,lst_kind,notes) values ('TD Ameritrade','https://www.tdameritrade.com','black',
-   'Majority owned by Charles Schwab, a firm that [supports](us_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility'||
-   ' (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](us_banks.md);'||
-   ' [Uses MS Github to host s/w](https://github.com/TDAmeritrade/stumpy)');
+insert into fiTbl (name,url,lst_kind,notes) values ('TD Ameritrade (TDA)','https://www.tdameritrade.com','black',
+   'Majority owned by Charles Schwab, a firm that [supports](usa_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility'||
+   ' (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](usa_banks.md);'||
+   ' [uses MS Github to host s/w](https://github.com/TDAmeritrade/stumpy); TDA has had several '||
+   '[data breaches](https://www.zdnet.com/article/report-td-ameritrade-data-leak-started-in-2005), one occurance of which leaked email addresses'||
+   ' [impacting 6.2 million customers](https://web.archive.org/web/20130501215431/www.computerworld.com/s/article/9037083/TD_Ameritrade_was_warned_of_possible_data_breach_months_ago) led to ransom demands and pump ''n'' dump stock scams');

 insert into fiTbl (name,url,antitor,notes) values ('TIAA-CREF','https://tiaa-cref.org',1,'Whole site is Tor-hostile; uses Ally Bank for banking');

@ -132,7 +134,7 @@ insert into fiTbl (name,url,hrecaptcha,notes) values ('Wealthfront','https://www

 insert into fiTbl (name,url,cflogin)               values ('Wealthsimple','https://wealthsimple.com',1);
 insert into fiTbl (name,url,aws,notes)             values ('Webull','https://www.webull.com',1,'TIRA; RIRA; crypto; no forex');
-insert into fiTbl (name,url,parent,cispa,dt,notes) values ('Wellstrade','https://wellstrade','Wells Fargo',1,1,'Owned by Wells Fargo, an [evil](us_banks.md) bank.');
+insert into fiTbl (name,url,parent,cispa,dt,notes) values ('Wellstrade','https://wellstrade','Wells Fargo',1,1,'Owned by Wells Fargo, an [evil](usa_banks.md) bank.');
 insert into fiTbl (name,url,cflogin)               values ('Zackstrade','https://zackstrade.com',1);

 /* END BROKERAGES */
--- a/rap_sheets/cloudflare.md
+++ b/rap_sheets/cloudflare.md
@ -24,13 +24,13 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
 1. CloudFlare's detriment to **human rights**
    1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans.  The labor violates the 13th amendment of the US Constitution due to involuntary servitude.  The most perverse manifestation is when a citizen attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
    1. CF discriminates against people with impairments and disabilities
-        1. CF attacks robots that help provide an alternative user interface for users that are impaired or handicapped.
+        1. CF attacks robots that help provide an alternative user interface for users that are impaired or handicapped.  This attack violates some WCAG 2.0 principles mentioned in the next table regardless of the role of CAPTCHA (which itself violates WCAG 2.0 principles).
        1. CF imposes a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines):
        | ***WCAG Principle*** | ***How the Principle is Violated*** |
        |---|---|
        | *1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.* | hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.|
        | *1.2: Time-based media: Provide alternatives for time-based media.* | hCAPTCHA has an invisible timer that the user cannot control.|
-        | *1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*| When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable.  The website's content is thus also inaccessible.|
+        | *1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*| When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable.  The website's content is thus also inaccessible. Moreover, CloudFlare attacks robots -- robots that could help provide an alternative user interface for users that are impaired or handicapped. Robots often use wget or cURL to obtain data that is presented to the user in a more useful way. |
        | *2.1: Make all functionality available from a keyboard.* | The hCAPTCHA does not accept answers from the keyboard. |
        | *2.2: Provide users enough time to read and use content.* | If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit. |
        | *3.1: Make text content readable and understandable.* | When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like?  When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped).  Another image showed a scooter with a faring that resembled a sports bike.  Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram.  Some people consider a subway to be a train underground, while others don't equate the two.  The instructions are also sometimes given in a language the user doesn't understand.|
@ -47,7 +47,7 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
        1. E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
        1. E.g.2: the puzzle is expressed in a language the viewer doesn't understand.
    1. The CAPTCHAs block all robots indiscriminately causing collateral damage to beneficial (non-malicious) robots.
-    1. GUI CAPTCHAs deny service to users of text-based web browsers.  E.g. CloudFlare's GUI CAPTCHA breaks `torsocks lynx 'https://www.simplyrecipes.com/recipes/buffalo_wings'`. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable.
+    1. GUI CAPTCHAs deny service to users of text-based web browsers.  E.g. CloudFlare's GUI CAPTCHA breaks `torsocks lynx 'https://www.opensecrets.org'`. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable.
    1. CloudFlare uses punitive collective judgement as a consequence of mislabeling Tor traffic.
        1. "[Experts say that group punishment is ineffective, counterproductive, lazy and unethical](https://mypointexactly.wordpress.com/2009/07/21/group-punishment-ineffective-unethical)"
        1. CloudFlare's use of this technique is acutely and perversely abusive because they harm potentially as many as 70,000 users in the course of countering just one single bad actor. And worse, unlike typical uses of collective punishment this is not in the slightest a situation where the other 70,000 have any shred of influence over the one malicious user.
--- a/usa_brokerages.md
+++ b/usa_brokerages.md
@ -45,18 +45,18 @@ These brokerages have severe ethical or trust issues and should be boycotted:
 |IEX|n|👁|n|n|n|an alternative to conventional stock markets; **Google-Cloud hosted**|
 |Lightspeed|n|n|🌩|n|n||
 |M1 Finance|n|n|🌩|n|n|They censor posts in their Reddit sub that expose the risks of passing sensitive financial data through CloudFlare.|
-|Merrill Edge|n|n|n|n|🧪|Owned by one of the [most evil](us_banks.md) banks in the world (Bank of America)|
+|Merrill Edge|n|n|n|n|🧪|Owned by one of the [most evil](usa_banks.md) banks in the world (Bank of America)|
 |Prudential|👌|n|n|🕵|🧪|**Amazon AWS-hosted**|
 |Siebert|n|n|🌩|n|n||
 |SoFi|n|n|🌩|n|n|They censor posts in their Reddit sub that expose the risks of passing sensitive financial data through CloudFlare; also [caught](https://www.ftc.gov/news-events/press-releases/2018/10/online-student-loan-refinance-company-sofi-settles-ftc-charges) in a deceptive advertizing scandal.|
 |Sogotrade|n|n|🌩|n|n||
 |Stockpile|n|n|🌩|n|n||
-|TD Ameritrade|n|n|n|n|n|Majority owned by Charles Schwab, a firm that [supports](us_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](us_banks.md); [Uses MS Github to host s/w](https://github.com/TDAmeritrade/stumpy)|
+|TD Ameritrade (TDA)|n|n|n|n|n|Majority owned by Charles Schwab, a firm that [supports](usa_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](usa_banks.md); [uses MS Github to host s/w](https://github.com/TDAmeritrade/stumpy); TDA has had several [data breaches](https://www.zdnet.com/article/report-td-ameritrade-data-leak-started-in-2005), one occurance of which leaked email addresses [impacting 6.2 million customers](https://web.archive.org/web/20130501215431/www.computerworld.com/s/article/9037083/TD_Ameritrade_was_warned_of_possible_data_breach_months_ago) led to ransom demands and pump 'n' dump stock scams|
 |TIAA-CREF|n|👁|n|n|n|Whole site is Tor-hostile; uses Ally Bank for banking|
 |Tradingblock|n|n|🌩|n|n||
 |Wealthfront|n|n|n|n|n|**forced h/reCAPTCHA**; Registration imposes Google reCAPTCHA; [caught](https://www.jpost.com/Breaking-News/US-regulator-sanctions-robo-advisers-Wealthfront-Hedgeable-on-false-disclosures-575044) making false disclosures and [charged](https://www.eastbaytimes.com/2018/12/21/bay-area-robo-adviser-firm-wealthfront-charged-by-sec-with-false-advertising) for false advertising.|
 |Wealthsimple|n|n|🌩|n|n||
-|Wellstrade|n|n|n|🕵|🧪|Owned by Wells Fargo, an [evil](us_banks.md) bank.|
+|Wellstrade|n|n|n|🕵|🧪|Owned by Wells Fargo, an [evil](usa_banks.md) bank.|
 |Zackstrade|n|n|🌩|n|n||

 # Why ALEC members are blacklisted
@ -82,7 +82,7 @@ The OK hand sign (👌) indicates that the financial institution still today sup

 ## Why Tor-hostile FIs are blacklisted

-Financial institutions that are aggressively Tor-hostile are automatically blacklisted.
+Financial institutions that are part of the blockade against innocent Tor-users are automatically blacklisted.

 <details>
 <summary>Why access to banks, brokerages, and insurance companies over Tor matters</summary>
--- a/usa_insurance_companies.md
+++ b/usa_insurance_companies.md
@ -91,7 +91,7 @@ The OK hand sign (👌) indicates that the financial institution still today sup

 ## Why Tor-hostile FIs are blacklisted

-Financial institutions that are aggressively Tor-hostile are automatically blacklisted.
+Financial institutions that are part of the blockade against innocent Tor-users are automatically blacklisted.

 <details>
 <summary>Why access to banks, brokerages, and insurance companies over Tor matters</summary>