#!/bin/bash

# lobbying data to incorporate in the future: https://disclosurespreview.house.gov/

typeset -r db_file=$(mktemp --dry-run --suffix=.db)

table_populate()
{
    # fiTbl: "financial institution table"
    sqlite3 "${db_file}" <<'EOF'
create table if not exists fiTbl (name        text primary key not null,
                                  url         text,
                                  fi_kind     text check(fi_kind    in ('bank', 'brokerage', 'CU', 'insurer'))          not null default 'brokerage',
                                  lst_kind    text check(lst_kind   in ('black', 'gray', 'white'))                      not null default 'white',
                                  hrecaptcha  text check(hrecaptcha in ('unavoidable', 'non-essential tasks', 'never')) not null default 'never',
                                  parent      text,
                                  cflogin     boolean default 0,
                                  antitor     boolean default 0,
                                  alec        boolean default 0,
                                  forced_nfsw boolean default 0,
                                  aws         boolean default 0,
                                  cispa       boolean default 0,
                                  dt          boolean default 0,
                                  notes       text);

/* BEGIN BROKERAGES */

/* insert into fiTbl (name,notes) values ("Evertrade","Where's the website? Sold to TIAA-CREF?");*/

insert into fiTbl (name,url,aws,notes) values ("Janus Henderson","https://www.janushenderson.com",1,"transactional web host (www.secureaccountview.com) is not AWS, but it is Tor-hostile; it's possible to work offline and receive gratis paper statements.");
insert into fiTbl (name,url,dt,notes) values ("Vanguard","https://investor.vanguard.com",1,"");
insert into fiTbl (name,url,notes) values ("Rich Uncles","https://richuncles.com","Real estate investing only");

insert into fiTbl (name,url,aws,notes) values
  ("Stash","https://stash.com",1,
   "no mutual funds; no options; no crypto; maintenance fee: $1/month");

insert into fiTbl (name,url,aws,notes) values
  ("nvstr","https://www.nvstr.com",1,
   "maintenance fee: $4/month; promos: $15-150 for funding, random bonus awards, referral bonuses");

insert into fiTbl (name,url,aws,notes) values
  ("tastyworks","https://tastyworks.com",1,
   "TIRA; RIRA; no forex; no crypto; no non-US stocks; open/close fee= $0/0; commission=$5/stock trade (closing trades gratis), $1/option trade; promo: funding (100 shares [$1-6ea, avg:$200-220]), referral=$75");

insert into fiTbl (name,url,aws,notes) values
  ("Webull","https://www.webull.com",1,"TIRA; RIRA; crypto; no forex");

insert into fiTbl (name,url,aws,notes) values
  ("TradeStation","https://www.tradestation.com",1,
   "crypto; min. invest=$500 ($2k for bonus); open/close fee= $0/0; commission=$0.50/option trade; commission=$0-5/stock trade");

insert into fiTbl (name,url,cispa,notes) values
  ("E*Trade","https://us.etrade.com",1,
   "covers: Canada, France, Germany, Hong Kong, Japan, United Kingdom, and United States; funding bonus ($5k=>$50; $10k=>$100; $20k=>$150)");

insert into fiTbl (name,url,notes) values
  ("Greenvest","https://greenvest.com",
   "RIRA; min. investment to avoid fees: $100k; [B corp](https://bcorporation.net/directory/greenvest)");

insert into fiTbl (name,url,aws,notes) values
  ("Robinhood","https://robinhood.com/us/en/",1,"[Fined $65M](https://nypost.com/2020/12/17/sec-slaps-robinhood-app-with-65m-fine-for-misleading-users) for misleading users; They may have used CloudFlare in the past but apparently that changed");

insert into fiTbl (name,url,notes) values
  ("InteractiveBrokers","https://interactivebrokers.com",
   "min. investment to avoid fees: $100k per account; has a ""impact"" feature to analyze the portfolio's ESG factors w.r.t. the user's ethical views; covers Australia, Belgium, Canada, France, Germany, Hong Kong, Italy, Japan, Mexico, Netherlands, Singapore, South Korea, Spain, Sweden, Switzerland, United Kingdom, and United States; website is **partially Tor-hostile** but the site can be avoided for most operations after sign-up");

insert into fiTbl (name,url,lst_kind,notes) values
  ("TD Ameritrade","https://www.tdameritrade.com","black",
   "Majority owned by Charles Schwab, a firm that [supports](us_banks.md) republicans, CISPA, drug tests their staff, and treats Tor users with hostility (but note that TDA functions over Tor). Schwab outsources banking operations to PNC bank, which is [quite evil](us_banks.md); [Uses MS Github to host s/w](https://github.com/TDAmeritrade/stumpy)");

insert into fiTbl (name,url,hrecaptcha,aws,notes) values ("Fundrise","https://fundrise.com","unavoidable",1,"Unavoidable CAPTCHAs");
insert into fiTbl (name,url,aws,cispa,alec,dt) values ("Prudential","https://www.prudential.com",1,1,1,1);
insert into fiTbl (name,url,cflogin,aws) values ("Ellevest","https://www.ellevest.com",1,1);
insert into fiTbl (name,url,cflogin) values ("Euro Pacific Capital","https://europacbank.com",1);
insert into fiTbl (name,url,cflogin) values ("Zackstrade","https://zackstrade.com",1);
insert into fiTbl (name,url,cflogin) values ("Stockpile","https://www.stockpile.com",1);
insert into fiTbl (name,url,cflogin) values ("Tradingblock","https://tradingblock.com",1);
insert into fiTbl (name,url,cflogin) values ("Wealthsimple","https://wealthsimple.com",1);

insert into fiTbl (name,url,notes) values
  ("Finhabits","https://www.finhabits.com",
   "[B corp](https://bcorporation.net/directory/finhabits); Hosted on Google Cloud; outsources to Apex; uses Equifax for address verification");

insert into fiTbl (name,url,hrecaptcha,notes) values
  ("Wealthfront","https://www.wealthfront.com","unavoidable","Registration imposes Google reCAPTCHA; [caught](https://www.jpost.com/Breaking-News/US-regulator-sanctions-robo-advisers-Wealthfront-Hedgeable-on-false-disclosures-575044) making false disclosures and [charged](https://www.eastbaytimes.com/2018/12/21/bay-area-robo-adviser-firm-wealthfront-charged-by-sec-with-false-advertising) for false advertising.");

insert into fiTbl (name,url,cflogin,aws,notes) values
  ("Axos Invest","https://www.axosinvest.com",1,1,
   "Axos Bank is jailed in CloudFlare and Axos Invest will be soon. Investors who get blocked by that will have to pay $5/month for paper statements.");

insert into fiTbl (name,url,antitor,notes) values
  ("Firstrade","https://firstrade.com",1,"whole site is Tor-hostile (468 error)");

insert into fiTbl (name,url,antitor,notes) values
  ("TIAA-CREF","https://tiaa-cref.org",1,"Whole site is Tor-hostile");

insert into fiTbl (name,url,antitor,cispa,notes) values
  ("Ally","http://www.ally.com/",1,1,"whole site is Tor-hostile (403 error)");

insert into fiTbl (name,url,cflogin,notes) values
  ("SoFi","https://sofi.com/",1,
   "They censor posts in their Reddit sub that expose the risks of passing sensitive financial data through CloudFlare; also [caught](https://www.ftc.gov/news-events/press-releases/2018/10/online-student-loan-refinance-company-sofi-settles-ftc-charges) in a deceptive advertizing scandal.");

insert into fiTbl (name,url,cflogin,notes) values
  ("M1 Finance","https://www.m1finance.com",1,
   "They censor posts in their Reddit sub that expose the risks of passing sensitive financial data through CloudFlare.");

insert into fiTbl (name,url,cflogin,notes) values ("Lightspeed","https://www.lightspeed.com",1,"");

insert into fiTbl (name,url,hrecaptcha,notes) values
  ("Betterment","https://www.betterment.com","unavoidable",
   "Imposes hCAPTCHA just to read the landing page. They censor posts in their Reddit sub that complains about this instead of offering support.");

insert into fiTbl (name,url,cflogin,notes) values ("Siebert","https://www.siebert.com",1,"");

insert into fiTbl (name,url,parent,dt,notes) values
  ("Merrill Edge","https://www.merrilledge.com/","Bank of America",1,
   "Owned by one of the [most evil](us_banks.md) banks in the world (Bank of America)");

insert into fiTbl (name,url,parent,cispa,dt,notes) values
  ("Wellstrade","https://wellstrade","Wells Fargo",1,1,"Owned by Wells Fargo, an [evil](us_banks.md) bank.");

insert into fiTbl (name,url,cflogin,notes) values
  ("Sogotrade","https://sogotrade.com",1,"");

insert into fiTbl (name,url,forced_nfsw,notes) values
  ("FUTU","fututrade.com",1,
   "support.fututrade.com is CloudFlared; no web app; mobile app is GPS-iOS-only; desktop is Mac/Windows only");

insert into fiTbl (name,url,forced_nfsw,notes) values
  ("Gatsby","trygatsby.com",1,"no web app; no desktop app; mobile app is GPS-iOS-only");

/* END BROKERAGES */
/* BEGIN INSURERS */

insert into fiTbl (fi_kind,name,url,parent)                       values ("insurer","21st Century","https://www.21st.com","Farmers");
insert into fiTbl (fi_kind,name,url,cispa,dt,aws)                 values ("insurer","Allianz","https://allianz.com",1,1,1);
insert into fiTbl (fi_kind,name,url,cispa,dt,aws,antitor)         values ("insurer","Allied","https://www.alliedinsurance.com",1,1,1,1);
insert into fiTbl (fi_kind,name,url,cispa,dt,antitor,notes)       values ("insurer","Allstate","https://www.allstate.com",1,1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,url)                              values ("insurer","American Family","https://www.amfam.com");
insert into fiTbl (fi_kind,name,url,cflogin,notes)                values ("insurer","American Modern","https://www.amig.com",1,"**Google Cloud-hosted** landing page, which is CloudFlare-free but the transactional host my.doculivery.com is CFd");
insert into fiTbl (fi_kind,name,url,cispa,dt,notes)               values ("insurer","Ameriprise Financial","https://www.ameriprise.com",1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,url,antitor)                      values ("insurer","Amica","https://www.amica.com",1);
insert into fiTbl (fi_kind,name,url,dt)                           values ("insurer","Berkshire Hathaway","https://berkshirehathaway.com",1);
insert into fiTbl (fi_kind,name,url,hrecaptcha,cflogin,cispa)     values ("insurer","Brown & Brown Insurance","https://bbinsurance.com",'unavoidable',1,1);
insert into fiTbl (fi_kind,name,url)                              values ("insurer","Erie","https://www.erieinsurance.com");
insert into fiTbl (fi_kind,name,url,parent,notes)                 values ("insurer","Esurance","https://www.esurance.com","Allstate","akamai hosted");
insert into fiTbl (fi_kind,name,url,alec,dt,notes)                values ("insurer","Farmers","https://www.farmers.com",1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,url,dt)                           values ("insurer","First American Insurance Agency","https://www.faiagency.com",1);
insert into fiTbl (fi_kind,name,url,parent,dt)                    values ("insurer","Foremost","http://www.foremost.com","Farmers",1);
insert into fiTbl (fi_kind,name,url,alec,dt,notes)                values ("insurer","Geico","https://www.geico.com",1,1,"akamai hosted but transactional site ecams.geico.com is not.");
insert into fiTbl (fi_kind,name,url,parent,notes)                 values ("insurer","Gen Re","https://www.genre.com","Berkshire Hathaway","akamai hosted, but transactional site www.genre-connect.com is not. The documentation (""Knowledge"" link) is CloudFlared.");
insert into fiTbl (fi_kind,name,url,dt,notes)                     values ("insurer","National General","https://www.nationalgeneral.com",1,"formerly GMAC");
insert into fiTbl (fi_kind,name,url,dt)                           values ("insurer","Grange Mutual","https://www.grangeinsurance.com",1);
insert into fiTbl (fi_kind,name,url,parent)                       values ("insurer","Harleysville Group","https://www.harleysvillegroup.com","Nationwide");
insert into fiTbl (fi_kind,name,url,antitor,cispa,dt,notes)       values ("insurer","Hartford","https://www.thehartford.com",1,1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,dt,notes)                         values ("insurer","Horace Mann",1,"no website, only an access-restricted Facebook page");
insert into fiTbl (fi_kind,name,url,antitor,dt)                   values ("insurer","Infinity","https://infinityauto.com",1,1);
insert into fiTbl (fi_kind,name,url,antitor,alec,notes)           values ("insurer","Lexington","https://www.lexingtoninsurance.com",1,1,"landing page allows Tor access but all links therein refuse Tor; AIG partner");
insert into fiTbl (fi_kind,name,url,antitor,alec,cispa,notes)     values ("insurer","Liberty Mutual","https://www.libertymutual.com",1,1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,url,antitor,dt)                   values ("insurer","Mercury","https://www.mercuryinsurance.com",1,1);
insert into fiTbl (fi_kind,name,url,cispa,dt,aws,notes)           values ("insurer","MetLife","https://www.metlife.com",1,1,1,"transactional site identity.metlife.com is not AWS");
insert into fiTbl (fi_kind,name,notes)                            values ("insurer","N&D Group","no website, only an access-restricted Facebook page");
insert into fiTbl (fi_kind,name,url,antitor,aws,alec,cispa,dt)    values ("insurer","Nationwide","https://nationwide.com",1,1,1,1,1);
insert into fiTbl (fi_kind,name,url,antitor,dt)                   values ("insurer","Progressive","https://progressive.com",1,1);
insert into fiTbl (fi_kind,name,url,antitor,notes)                values ("insurer","Safe Auto","http://www.safeauto.com",1,"**Tor-hostile** sign-in page despite Tor-friendly landing page.");
insert into fiTbl (fi_kind,name,url,parent,antitor,notes) values ("insurer","Safeco","https://safeco.com","Liberty Mutual",1,"akamai hosted");
insert into fiTbl (fi_kind,name,url,dt,notes)                     values ("insurer","Selective","https://www.selective.com",1,"pushes CloudFlare javascript, but apparently execution is optional.");
insert into fiTbl (fi_kind,name,url,dt,notes)                     values ("insurer","Shelter Insurance","https://web.archive.org/web/shelterinsurance.com",1,"CloudFlare name server is used, which means they can trivially flip a switch to become a CF site.");
insert into fiTbl (fi_kind,name,url,antitor,alec,cispa,dt,notes)  values ("insurer","State Farm","https://www.statefarm.com",1,1,1,1,"edgecast-hosted");
insert into fiTbl (fi_kind,name,url,aws,dt)                       values ("insurer","Stewart Information Services Corporation","https://www.stewart.com/en.html",1,1);
insert into fiTbl (fi_kind,name,url)                              values ("insurer","The General","https://thegeneral.com");
insert into fiTbl (fi_kind,name,url,parent)                       values ("insurer","Titan","https://titaninsured.com","Nationwide");
insert into fiTbl (fi_kind,name,url,cispa,dt,notes)               values ("insurer","Travelers","https://www.travelers.com",1,1,"akamai hosted");
insert into fiTbl (fi_kind,name,url,antitor,cispa,dt)             values ("insurer","USAA","https://www.usaa.com",1,1,1);
insert into fiTbl (fi_kind,name,url,hrecaptcha,cflogin)           values ("insurer","Western Mutual","https://www.westernmutual.com",'unavoidable',1);

/* END INSURERS */

update fiTbl set lst_kind = 'gray'  where lst_kind = 'white' and (aws or cispa or dt or (notes is not null and (notes like '%tor_hostile%' or notes like '%equifax%' or notes like '%google_cloud_hosted%')));
update fiTbl set lst_kind = 'black' where cflogin or alec or antitor or forced_nfsw or hrecaptcha = 'unavoidable' or parent in ('Bank of America','Wells Fargo');
update fiTbl set lst_kind = 'black' where parent in (select name from fiTbl where lst_kind = 'black');
update fiTbl set lst_kind = 'gray'  where parent in (select name from fiTbl where lst_kind = 'gray') and lst_kind = 'white';
update fiTbl set notes = 'parent: '||parent||case when notes is null then '' else '; '||notes end
             where parent is not null and (notes is null or notes not like '%'||parent||'%');
update fiTbl set notes = '**Amazon AWS-hosted**'||case when notes is null then '' else '; '||notes end where aws;
/* update fiTbl set notes = '**Tor-hostile** resources'||case when notes is null then '' else '; '||notes end where antitor and (notes is null or notes not like '%tor_hostile%');*/
EOF
};#table_populate

gen_md()
{
    local fi_kind=$1
    #local red_circle='🔴'
    local red_circle=$'\xF0\x9F\x94\xB4'
    #local green_circle='🟢'
    local green_circle=$'\xf0\x9f\x9f\xa2'
    #local test_tube='🧪'
    local test_tube=$'\xf0\x9f\xa7\xaa'
    #local cloud_lightening='🌩'
    local cloud_lightening=$'\xf0\x9f\x8c\xa9'
    #local detective='🕵'
    local detective=$'\xf0\x9f\x95\xb5'
    #local okhand='👌'
    local okhand=$'\xF0\x9F\x91\x8C'
    #👁
    local eye=$'\xf0\x9f\x91\x81'
    
    printf '\n%s\n' '# Whitelist'
    printf %s '| *'"$fi_kind"'* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|---|---|---|---|---|---|---|
'
    sqlite3 "${db_file}" "select case when url like '_%' then '|['||name||']('||url||')' else '|'||name end,
                               case when alec    then '$okhand' else 'n' end,
                               case when antitor then '$eye'    else 'n' end,
                               case when cflogin then 'y'       else 'n' end,
                               case when cispa   then 'y'       else 'n' end,
                               case when dt      then 'y'       else 'n' end,
                               case when notes is null then '|' else notes||'|' end
                          from fiTbl where fi_kind = '$fi_kind' and lst_kind = 'white'
                          order by name collate nocase;"

    printf '\n%s\n' '# Graylist'
    printf %s '| *'"$fi_kind"'* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|---|---|---|---|---|---|---|
'
    sqlite3 "${db_file}" "select case when url like '_%' then '|['||name||']('||url||')' else '|'||name end,
                               case when alec    then '$okhand'                 else 'n' end,
                               case when antitor then '$eye'                    else 'n' end,
                               case when cflogin then 'y'                       else 'n' end,
                               case when cispa   then '$detective'              else 'n' end,
                               case when dt      then '$test_tube'              else 'n' end,
                               case when notes is null then '|' else notes||'|' end
                          from fiTbl where fi_kind = '$fi_kind' and lst_kind = 'gray'
                          order by name collate nocase;"
    
    printf '\n%s\n' '# Blacklist'
    printf %s '| *'"$fi_kind"'* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|---|---|---|---|---|---|---|
'
    sqlite3 "${db_file}" "select '|'||name,
                               case when alec    then '$okhand'             else 'n' end,
                               case when antitor then '$eye'                else 'n' end,
                               case when cflogin then '$cloud_lightening'   else 'n' end,
                               case when cispa   then '$detective'          else 'n' end,
                               case when dt      then '$test_tube'          else 'n' end,
                               case when notes is null then '|' else notes||'|' end
                          from fiTbl where fi_kind = '$fi_kind' and lst_kind = 'black'
                          order by name collate nocase;"

    cat <<'EOF'
# Why ALEC members are blacklisted

American Legislative Exchange Council ("ALEC") is a right-wing super PAC and bill mill that puts corporate interests above the interest of human beings.  ALEC:

* [fights environmental protections](https://www.alecexposed.org/wiki/Environment,_Energy,_and_Agriculture)
* [fights gun control](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
* [fights healthcare](https://www.alecexposed.org/wiki/Health,_Pharmaceuticals,_and_Safety_Net_Programs)
* [fights immigration](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
* [fights worker's rights](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
* [fights consumer protections](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
* [fights public education](https://www.alecexposed.org/wiki/Privatizing_Public_Education,_Higher_Ed_Policy,_and_Teachers)
* fights womens rights
* fights voter rights ([supports voter suppression policy](https://www.alecexposed.org/wiki/Democracy,_Voter_Rights,_and_Federal_Power))
* [finances republicans](https://www.sourcewatch.org/index.php?title=ALEC_Civil_Justice_Task_Force#Politicians)
* supports the NRA

Countless companies were ALEC members historically, but most of them discontinued membership and renounced it likely to avoid boycott.
Companies that continue to renew their ALEC membership are right-wing die-hards unlikely to join team humanity. So they are blacklisted.

EOF
    cat <<EOF
The OK hand sign ($okhand) indicates that the financial institution still today supports the above-mentioned right-wing agenda through ALEC membership.
EOF
    cat <<'EOF'
# Why Tor-hostile FIs are blacklisted

Financial institutions that are aggressively Tor-hostile are automatically blacklisted.

<details>
<summary>Why access to banks, brokerages, and insurance companies over Tor matters</summary>
If Tor were used exclusively for anonymity, it would be useless in the
context of consumers accessing and controlling their financial
accounts.  But that's not the case.  Tor prevents your ISP from
snooping on where you bank.  ISPs collect data on their own customers
and exploit it for profit in the US.  Under Obama it became illegal
for an ISP to sell data collected on their customers without express
consent. As if that's not already useless thanks to an abundant supply
of consumers who will agree to anything without reading it, Trump
<a href="https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316">reversed</a>
Obama's policy in 2017 to render consumers completely powerless.  Tor
is a free tool to protect from excessive disclosure of where your
assets are.  Thus when a financial institution blocks Tor, it prevents you
from taking basic self-defense measures.  This trend undermines the
supplier-client relationship whereby we expect the supplier to serve
the customer's interest.  It's not just anti-privacy, it's
anti-consumer.  

Non-Tor users generally reveal their physical location to their bank or insurance company
every time they login.  If all banks and insurance companies didn't care where you reside,
this wouldn't be a problem.  But some financial institutions care more than others and
beyond reason.  Banks typically
[collect your IP address](https://web.archive.org/web/20201024203113/www.decorahbank.com/legal-information/privacy-policy)
and one bank even outright admits in their
[privacy policy](https://web.archive.org/web/20210206141004/https://beneficialstatebank.com/uploads/files/BSB-Consumer-Privacy-Act-CCPA-Privacy-Notice-Current-6.4.2020.pdf#page=2)
that they collect geolocation data from customers' IP addresses. For
nomads/world travelers banks can make their lives hell if their
profile doesn't seem to match up with their lifestyle.  Some banks
will close an account if a customer moves out of their service area.
Insurance companies will question whether you're still eligible for
the policy you have, as they may want to raise your premiums or cancel
your policy if they suspect you're not where your policy is written.
If you want to take a job away from home for a year or two, Tor gives
you the necessary privacy to do that free of hassle and nannying.
</details>

<details>
<summary>Why non-Tor users should also boycott Tor adversaries</summary>
Suppose you never leave home, and you're not bothered if your ISP
collects data on where you bank to then sell to data brokers who can
then sell it to debt collectors.  If you're ethical nonetheless, then
you still boycott those who marginalize Tor users.  These quotes
elaborate on that moral duty:

"*If you are neutral in situations of injustice, you have chosen the
side of the oppressor. If an elephant has its foot on the tail of a
mouse, and you say that you are neutral, the mouse will not appreciate
your neutrality.*" --Desmond Tutu

"*Arguing that you don't care about the right to privacy because you
have nothing to hide is no different than saying you don't care about
free speech because you have nothing to say.*" --Edward Snowden

To expand on Snowden's philosophy, it's extremely selfish to refuse to
defend a right that others need on the basis that you don't personally
need it now or in the future.  Moreover, indirect benefits should not
be overlooked.  Human rights activists need civil liberties more than
others, but we all need activists to make the world better for
everyone.  Moral duties to you derive from that.

Tor is becoming less usable because the growing majority non-Tor users
are patronizing businesses that marginalize Tor users.

"*Under observation, we act less free, which means we effectively are
less free.*" --Edward Snowden

To neglect to use Tor is to subject yourself to unnecessary
observation.  In the context of banking and finance, this in turn
reduces your freedom of movement.
</details>

EOF
    cat <<EOF
The eye ($eye) indicates that account access is resticted and exclusive to non-Tor users,
who must expose their IP address to the FI and who must expose their FI to their ISP.

EOF
    cat <<'EOF'
# Why FIs in CloudFlare's walled-garden are blacklisted

Financial institutions that proxy their services through CloudFlare are
blacklisted automatically for taking a profoundly stupid risk with
consumer's sensitive financial data.  CloudFlare holds the SSL keys
for every connection and sees all the traffic including username and
unhashed password.  CloudFlare has proven to be untrustworthy with
sensitive information (demonstrated by CloudFlare's doxxing of the
identities of child porn whistle blowers).  Apart from the
unacceptably high security risk of having a CloudFlare MitM, there are
countless [ethical problems](rap_sheets/cloudflare.md) with being an
enabler of CloudFlare.

EOF
    cat <<EOF
The storm cloud ($cloud_lightening) indicates that account access is resticted and exclusive per CloudFlare's will and customers who do get access are forced to share sensitive transaction data with CloudFlare, Inc. (a privacy abuser).

EOF
    cat <<'EOF'
# Why CISPA supporters are graylisted

The [Cyber Intelligence Sharing and Protection Act (CISPA)](https://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act)
was a bill to bypass the 4th amendment to promote a system of unwarranted
mass surveillance through information sharing between the government and private sector.
Congress blocked the bill, but it was later reincarnated as CISA and it passed.
Unlike ALEC lobbying, CISPA was a one-off event far in the past, and over 800 companies supported it.
Since it does not necessarily reflect the company's recent stance or influence,
supporters are graylisted instead of blacklisted.  They should still be avoided in
favor of a whitelisted competitor, but they are considerably less evil than those that are blacklisted.

The spook (🕵) indicates that the financial institution lobbied for a police surveillance state in favor of CISPA.

# Why FIs that force their staff to take a drug test are graylisted

Drug testing employees is an assault on the privacy and lifestyle of employees and staff outside the workplace.
In most cases involving medicinal marijuana states, the drug test also harms the healthcare of employees by
intervening in doctors' prescriptions.  Normally drug testing would justify blacklisting, but the problem is so
widespread nationwide that the whitelist tends to be overly small.  Drug testing also does not do significant
harm to consumers, so companies that drug test are graylisted.

The test tube (🧪) indicates that the financial institution abuses their staff through forced drug testing.

# Why Amazon and Google-hosted FIs are graylisted

Amazon is behind [countless evils](rap_sheets/amazon.md).  It's paramount to boycott
Amazon for anyone who cares about human rights, privacy, or the
environment.  Amazon also has had several data breaches-- Capital One,
Juspay, Swiggy, etc., so it's a bad idea to trust custodians who use
AWS with the security of your money.  Google is also evil.  Not the degree of evil
that Amazon has achieved, but Google is in the fossil fuel business among
other evils.  Google is also a central tech giant which (like Amazon) serves
as a central point of surveillance and also carries the risks of having
a huge number of insiders who can abuse the data.  The size of the Amazon and Google
datacenters also makes them a likely target for outside hackers due to the high
rewards of compromise.

Akamai is not known to have a significant history of wrongdoing on the scale of Amazon or Google.
There is cause for concern in terms of security though because it's large enough to serve as a
central monitoring point where breaches and compromise is still considerable.
Akamai-hosted financial institutions are not graylisted for that reason alone.
In the end, you're the judge.

Financial institutions hosted on GAFAM (Google Amazon Facebook Apple Microsoft) are graylisted.
The wrongdoing is indirect and in the end taking a security risk doesn't necessarily lead to a breach.
Of course it's still ethically favorable to choose a whitelisted financial institution if possible.
EOF
};#gen_md

table_populate

gen_md "${1,,}"; # the CLI arg must be one of: 'bank', 'brokerage', 'CU', or 'insurer'