355 lines
21 KiB
Markdown
355 lines
21 KiB
Markdown
[//]: # (** DO NOT EDIT this file directly! ** It is auto-generated. Changes should be made to financial_institutions.sql or gen_fi_table.sh instead.)
|
|
|
|
# Directory of US-based insurers
|
|
## Whitelist
|
|
|
|
The following insurers have no significant ethical issues:
|
|
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|[American Family Insurance](https://www.amfam.com)|n|n|n|n|n||
|
|
|[Erie](https://www.erieinsurance.com)|n|n|n|n|n||
|
|
|[Homesite Insurance Group (aka Midvale Home & Auto)](https://go.midvaleinsurance.com)|n|n|n|n|n|affiliated with American Family Insurance; landing page is Fastly-hosted; quoting page is AWS-hosted & Tor-hostile but it's non-essential; login page has no issues|
|
|
|N&D Group|n|n|n|n|n|no website, only an access-restricted Facebook page|
|
|
|[The General](https://thegeneral.com)|n|n|n|n|n|parent: American Family Insurance; only writes auto policies; certified as [Great Place to Work](https://www.greatplacetowork.com/certified-company/7003720)|
|
|
|
|
## Graylist
|
|
|
|
These insurers would normally be blacklisted, but due to the short whitelist they are set aside as a less evil compromise to those blacklisted. They should still be avoided if possible.
|
|
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|[Allianz](https://allianz.com)|n|n|n|🕵|🧪|**Amazon AWS-hosted**|
|
|
|[Ameriprise Financial](https://www.ameriprise.com)|n|n|n|🕵|🧪|akamai hosted|
|
|
|[Berkshire Hathaway](https://berkshirehathaway.com)|n|n|n|n|🧪|Berkshire Hathaway is not directly an ALEC member, but BH wholly owns ALEC members (e.g. Geico and Fruit of the Loom)|
|
|
|[Gen Re](https://www.genre.com)|n|n|n|n|n|parent: Berkshire Hathaway; akamai hosted, but transactional site www.genre-connect.com is not. The documentation ("Knowledge" link) is CloudFlared.|
|
|
|[Grange Mutual](https://www.grangeinsurance.com)|n|n|n|n|🧪||
|
|
|Horace Mann|n|n|n|n|🧪|no website, only an access-restricted Facebook page|
|
|
|[MetLife](https://www.metlife.com)|n|n|n|🕵|🧪|**Amazon AWS-hosted**; transactional site identity.metlife.com is not AWS|
|
|
|[National General](https://www.nationalgeneral.com)|n|n|n|n|🧪|formerly GMAC|
|
|
|[New Jersey Manufacturers (NJM)](https://www.njm.com)|n|n|n|n|🧪|**Amazon AWS-hosted**; despite the name they are not limited to New Jersey|
|
|
|[Selective](https://www.selective.com)|n|n|n|n|🧪|pushes CloudFlare javascript, but apparently execution is optional.|
|
|
|[Shelter Insurance](https://web.archive.org/web/shelterinsurance.com)|n|n|n|n|🧪|CloudFlare name server is used, which means they can trivially flip a switch to become a CF site.|
|
|
|[Stewart Information Services Corporation](https://www.stewart.com/en.html)|n|n|n|n|🧪|**Amazon AWS-hosted**|
|
|
|
|
## Blacklist
|
|
|
|
These insurers have severe ethical or trust issues and should be boycotted:
|
|
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|21st Century|n|n|n|n|n|parent: Farmers|
|
|
|Aflac|👌|n|n|n|🧪|sponsors Fox News; transactional site is **Google Cloud-hosted**|
|
|
|Allied|n|👁|n|🕵|🧪|**Amazon AWS-hosted**; parent: Nationwide|
|
|
|Allstate|n|👁|n|🕵|🧪|sponsors Fox News; akamai hosted; [accused](https://www.consumerreports.org/car-insurance/allstate-car-insurance-pricing-michigan-regulators-raise-objections) by Michigan regulators of profiling customers unlikely to shop out insurance to charge them more, and accused in Texas of having a "suckers list"; [uses "personalized pricing" in 10 states](https://www.consumerreports.org/car-insurance/why-you-may-be-paying-too-much-for-your-car-insurance).|
|
|
|American Modern|n|n|🌩|n|n|**forced h/reCAPTCHA**; **Google Cloud-hosted** landing page, which is CloudFlare-free but the transactional host my.doculivery.com is CFd|
|
|
|American Strategic Insurance (ASI)|n|n|n|n|n|parent: Progressive; no website, only an access-restricted MS LinkedIn page|
|
|
|Amica|n|👁|n|n|n||
|
|
|Brown & Brown Insurance|n|n|🌩|🕵|n|**forced h/reCAPTCHA**|
|
|
|CUNA Mutual|n|n|n|n|n|Feeds LMG through TruStage.|
|
|
|Esurance|n|n|n|n|n|sponsors Fox News; parent: Allstate; akamai hosted|
|
|
|Farmers|👌|n|n|n|🧪|akamai hosted; [caught](https://web.archive.org/web/20210102154321/https://publicintegrity.org/politics/republican-lawmakers-posh-hideaway-bankrolled-by-secret-corporate-cash) financing the Cloakroom project.|
|
|
|First American Insurance Agency|n|n|n|n|🧪|parent: Liberty Mutual; [data breach in 2019](https://gizmodo.com/885-million-sensitive-records-leaked-online-bank-trans-1835016235) (warning: Gizmodo link has popups-- better source needed)|
|
|
|Foremost|n|n|n|n|🧪|parent: Farmers|
|
|
|Geico|👌|n|n|n|🧪|sponsors Fox News; parent: Berkshire Hathaway; akamai hosted but transactional site ecams.geico.com is not.|
|
|
|Harleysville Group|n|n|n|n|n|parent: Nationwide|
|
|
|Hartford|n|👁|n|🕵|🧪|akamai hosted|
|
|
|Infinity|n|👁|n|n|🧪||
|
|
|Lexington|👌|👁|n|n|n|landing page allows Tor access but all links therein refuse Tor; AIG partner|
|
|
|Liberty Mutual|👌|👁|n|🕵|n|sponsors Fox News; akamai hosted|
|
|
|Main Street America Insurance|n|👁|n|n|n|parent: American Family Insurance; Landing page allows Tor but the transactional host does not|
|
|
|Mercury|n|👁|n|n|🧪||
|
|
|Nationwide|👌|👁|n|🕵|🧪|sponsors Fox News; **Amazon AWS-hosted**|
|
|
|Pemco|n|👁|n|n|🧪||
|
|
|Progressive|n|👁|n|n|🧪|sponsors Fox News|
|
|
|Safe Auto|n|👁|n|n|n|**Tor-hostile** sign-in page despite Tor-friendly landing page.|
|
|
|Safeco|n|👁|n|n|n|parent: Liberty Mutual; akamai hosted|
|
|
|State Farm|👌|👁|n|🕵|🧪|sponsors Fox News; edgecast-hosted|
|
|
|Titan|n|n|n|n|n|parent: Nationwide|
|
|
|Travelers|n|n|n|🕵|🧪|**forced h/reCAPTCHA**; akamai hosted|
|
|
|TruStage|n|n|n|n|n|parent: CUNA Mutual; home and auto policies underwritten by Liberty Mutual (LMG)|
|
|
|USAA|n|👁|n|🕵|🧪|sponsors Fox News|
|
|
|Western Mutual|n|n|🌩|n|n|**forced h/reCAPTCHA**|
|
|
|
|
[banklist]: <usa_banks.md>
|
|
[RAP-amazon]: <rap_sheets/amazon.md>
|
|
[RAP-cf]: <rap_sheets/cloudflare.md>
|
|
[RAP-pp]: <rap_sheets/paypal.md>
|
|
|
|
# Why ALEC members are blacklisted
|
|
|
|
American Legislative Exchange Council ("ALEC") is a right-wing super
|
|
PAC and bill mill that prioritizes corporate interests above the
|
|
interest of human beings. Specifically, ALEC:
|
|
|
|
* [fights environmental protections](https://www.alecexposed.org/wiki/Environment,_Energy,_and_Agriculture)
|
|
* [fights gun control](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
|
|
* [fights healthcare](https://www.alecexposed.org/wiki/Health,_Pharmaceuticals,_and_Safety_Net_Programs)
|
|
* [fights immigration](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
|
|
* [fights worker's rights](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
|
|
* [fights consumer protections](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
|
|
* [fights public education](https://www.alecexposed.org/wiki/Privatizing_Public_Education,_Higher_Ed_Policy,_and_Teachers)
|
|
* fights women's rights
|
|
* fights voter rights ([supports voter suppression policy](https://www.alecexposed.org/wiki/Democracy,_Voter_Rights,_and_Federal_Power))
|
|
* [finances republicans](https://www.sourcewatch.org/index.php?title=ALEC_Civil_Justice_Task_Force#Politicians)
|
|
* supports the NRA
|
|
|
|
Countless companies were ALEC members historically, but most of them discontinued membership and renounced it likely to avoid boycott.
|
|
Companies that continue to renew their ALEC membership are right-wing die-hards unlikely to join team humanity. So they are blacklisted.
|
|
|
|
The OK hand sign (👌) indicates that the financial institution still today supports the above-mentioned right-wing agenda through ALEC membership.
|
|
|
|
## Why Tor-hostile FIs are blacklisted
|
|
|
|
Financial institutions that are part of the blockade against innocent Tor-users are automatically blacklisted.
|
|
|
|
<details>
|
|
<summary>Why access to banks, brokerages, and insurance companies over Tor matters</summary>
|
|
If Tor were used exclusively for anonymity, it would be useless in the
|
|
context of consumers accessing and controlling their financial
|
|
accounts. But that's not the case. Tor prevents your ISP from
|
|
snooping on where you bank. ISPs collect data on their own customers
|
|
and exploit it for profit in the US. Under Obama it became illegal
|
|
for an ISP to sell data collected on their customers without express
|
|
consent. As if that's not already useless thanks to an abundant supply
|
|
of consumers who will agree to anything without reading it, Trump
|
|
<a href="https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316">reversed</a>
|
|
Obama's policy in 2017 to render consumers completely powerless. Tor
|
|
is a free tool to protect from excessive disclosure of where your
|
|
assets are. Thus when a financial institution blocks Tor, it prevents you
|
|
from taking basic self-defense measures. This trend undermines the
|
|
supplier-client relationship whereby we expect the supplier to serve
|
|
the customer's interest. It's not just anti-privacy, it's
|
|
anti-consumer.
|
|
|
|
Non-Tor users generally reveal their physical location to their bank
|
|
or insurance company every time they login. If all banks and
|
|
insurance companies didn't care where you reside, this wouldn't be a
|
|
problem. But some financial institutions care more than others and
|
|
beyond reason. Banks typically [collect your IP address](
|
|
https://web.archive.org/web/20201024203113/www.decorahbank.com/legal-information/privacy-policy)
|
|
and one bank even outright admits in their [privacy policy](
|
|
https://web.archive.org/web/20210206141004/beneficialstatebank.com/uploads/files/BSB-Consumer-Privacy-Act-CCPA-Privacy-Notice-Current-6.4.2020.pdf#page=2)
|
|
that they collect geolocation data from customers' IP addresses. For
|
|
nomads/world travelers banks can make their lives hell if their
|
|
profile doesn't seem to match up with their lifestyle. Some banks
|
|
will close an account if a customer moves out of their service area.
|
|
It's worth noting the fine print at the bottom of the [Simmons Bank
|
|
website](https://www.simmonsbank.com), which states "This site is
|
|
directed at, and intended to be used by, persons in the United States
|
|
of America only." As another demonstration, try accessing the [Marcus
|
|
website](https://www.marcus.com) from outside the US; it will reveal
|
|
that Marcus denies their clients access to their accounts even if they
|
|
simply leave the US for a vacation. Insurance companies will question
|
|
whether you're still eligible for the policy you have, as they may
|
|
want to raise your premiums or cancel your policy if they suspect
|
|
you're not where your policy is written. If you want to take a job
|
|
away from home for a year or two, Tor gives you the necessary privacy
|
|
to do that free of hassle and nannying. </details>
|
|
|
|
<details>
|
|
<summary>Why non-Tor users should also boycott Tor adversaries</summary>
|
|
Suppose you never leave home, and you're not bothered if your ISP
|
|
collects data on where you bank to then sell to data brokers who can
|
|
then sell it to debt collectors. If you're ethical nonetheless, then
|
|
you still boycott those who marginalize Tor users. These quotes
|
|
elaborate on that moral duty:
|
|
|
|
"*If you are neutral in situations of injustice, you have chosen the
|
|
side of the oppressor. If an elephant has its foot on the tail of a
|
|
mouse, and you say that you are neutral, the mouse will not appreciate
|
|
your neutrality.*" --Desmond Tutu
|
|
|
|
"*Arguing that you don't care about the right to privacy because you
|
|
have nothing to hide is no different than saying you don't care about
|
|
free speech because you have nothing to say.*" --Edward Snowden
|
|
|
|
To expand on Snowden's philosophy, it's extremely selfish to refuse to
|
|
defend a right that others need on the basis that you don't personally
|
|
need it now or in the future. Moreover, indirect benefits should not
|
|
be overlooked. Human rights activists need civil liberties more than
|
|
others, but we all need activists to make the world better for
|
|
everyone. Moral duties to you derive from that.
|
|
|
|
Tor is becoming less usable because the growing majority non-Tor users
|
|
are patronizing businesses that marginalize Tor users.
|
|
|
|
"*Under observation, we act less free, which means we effectively are
|
|
less free.*" --Edward Snowden
|
|
|
|
To neglect to use Tor is to subject yourself to unnecessary
|
|
observation. In the context of banking and finance, this in turn
|
|
reduces your freedom of movement.
|
|
</details>
|
|
|
|
<details><summary>Special case: Homesite Insurance Group</summary>
|
|
An exception to blacklisting is given to Homesite Insurance Group (aka
|
|
Midvale Home & Auto) because only the quoting page blocks Tor users
|
|
and it's separate from all other resources. Since you can get quotes
|
|
over the phone we relaxed the blacklisting in their case. Consumers
|
|
are of course free to make their own choice anyway.
|
|
</details>
|
|
|
|
<details><summary>Special case: InteractiveBrokers</summary>
|
|
InteractiveBrokers's (IB) trading platform supports proxies over Tor
|
|
which makes it possible to use Tor for trading. It's also possible to
|
|
receive electronic statements and paper tax documents without using
|
|
the website. So the Tor-blocking website is not an obstical to most
|
|
routine operations. Nonetheless, it's a considerable problem that
|
|
initial registration and configuration can't be done over Tor. And
|
|
you may need to login to the website after registration to modify data
|
|
subscriptions, initiate a funds transfer, or read messages. We don't
|
|
have a dark gray list, so we ultimately blacklisted IB. Consumers are
|
|
of course free to make their own choice anyway.
|
|
</details>
|
|
|
|
The eye (👁) indicates that account access is restricted and exclusive to non-Tor users,
|
|
who must expose their IP address to the FI and who must expose their FI to their ISP.
|
|
|
|
## Why FIs in CloudFlare's walled-garden are blacklisted
|
|
|
|
Financial institutions that proxy their services through CloudFlare
|
|
are blacklisted automatically for taking a profoundly stupid risk with
|
|
consumer's sensitive financial data. CloudFlare holds the SSL keys
|
|
for every connection and sees all the traffic including username and
|
|
unhashed password. CloudFlare has proven to be untrustworthy with
|
|
sensitive information (demonstrated by CloudFlare's doxxing of the
|
|
identities of child porn whistle blowers). Apart from the
|
|
unacceptably high security risk of having a CloudFlare MitM, there are
|
|
countless [ethical problems][RAP-cf] with being an enabler of
|
|
CloudFlare.
|
|
|
|
The storm cloud (🌩) indicates that account access is restricted and
|
|
exclusive per CloudFlare's will and customers who do get access are
|
|
forced to share sensitive transaction data with CloudFlare, Inc. (a
|
|
privacy abuser).
|
|
|
|
## Why some FIs that force CAPTCHAs are blacklisted
|
|
|
|
Banks and brokerages that force customers to solve an hCAPTCHA or a
|
|
Google reCAPTCHA are blacklisted automatically. Use of these two forms
|
|
of CAPTCHA have an excessive detrimental impact on privacy and human
|
|
rights, which is outlined in the [CloudFlare rap sheet][RAP-cf].
|
|
|
|
Other forms of CAPTCHA aren't so invasive and aren't cause for
|
|
blacklisting.
|
|
|
|
## Why FIs that impose Google Playstore (GPS) or Apple are blacklisted
|
|
|
|
Banks and brokerages that force customers to obtain software from
|
|
Google Playstore or Apple are blacklisted automatically. Most brokers
|
|
have web access or a desktop app, in which case the mobile app can be
|
|
disregarded because customers have a viable means to avoid the privacy
|
|
abusing walled gardens.
|
|
|
|
FIs like FUTU and Gatsby are a problem. Gatsby has no means of access
|
|
apart from the mobile app, and no APK is available on their website or
|
|
in f-droid.org, so Android users have no choice but to buy mobile
|
|
phone service, trust Google with their phone number, then also trust
|
|
Google not to tell data brokers where you bank and invest. FUTU has a
|
|
desktop app but only for Mac or Windows, so linux users and those who
|
|
avoid non-free software are stuffed. (Caveat: the FUTU Windows app has
|
|
[not been tested on WINE](
|
|
https://web.archive.org/web/20210206141122/https://www.winehq.org/search?q=futu)
|
|
or ReactOS)
|
|
|
|
Google Playstore is
|
|
[scientifically proven](https://nsl.cs.waseda.ac.jp/wp-content/uploads/2018/04/submitted_wama2017.pdf)
|
|
to be relatively insecure compared to F-Droid in the "*Understanding
|
|
the Security Management of Global Third-Party Android Marketplaces*"
|
|
article. Also noteworthy is
|
|
[F-Droid: The privacy-friendly alternative to Google Play Store](https://android.izzysoft.de/articles/named/fdroid-intro-1).
|
|
Another [study](https://core.ac.uk/download/pdf/142058929.pdf#page=64)
|
|
found financial applications on Android to have a propensity to call
|
|
for over-priviledged permissions and to call the protected android
|
|
methods excessively.
|
|
|
|
## Why CISPA supporters are graylisted
|
|
|
|
The [Cyber Intelligence Sharing and Protection Act (CISPA)](
|
|
https://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act)
|
|
was a bill to bypass the 4th amendment to promote a system of
|
|
unwarranted mass surveillance through information sharing between the
|
|
government and private sector. Congress blocked the bill, but it was
|
|
later reincarnated as CISA and it passed. Unlike ALEC lobbying, CISPA
|
|
was a one-off event far in the past, and over 800 companies supported
|
|
it. Since it does not necessarily reflect the company's recent stance
|
|
or influence, supporters are graylisted instead of blacklisted. They
|
|
should still be avoided in favor of a whitelisted competitor, but they
|
|
are considerably less evil than those that are blacklisted.
|
|
|
|
The spook (🕵) indicates that the financial institution lobbied for a
|
|
police surveillance state in favor of CISPA.
|
|
|
|
## Why FIs that force their staff to take a drug test are graylisted
|
|
|
|
Drug testing employees is an assault on the privacy and lifestyle of
|
|
employees and staff outside the workplace. In most cases involving
|
|
medicinal marijuana states, the drug test also harms the healthcare of
|
|
employees by intervening in doctors' prescriptions. Normally drug
|
|
testing would justify blacklisting, but the problem is so widespread
|
|
nationwide that the whitelist tends to be overly small. Drug testing
|
|
also does not do significant harm to consumers, so companies that drug
|
|
test are graylisted.
|
|
|
|
The test tube (🧪) indicates that the financial institution abuses
|
|
their staff through forced drug testing.
|
|
|
|
## Why Amazon and Google-hosted FIs are graylisted
|
|
|
|
Amazon is behind [countless evils][RAP-amazon]. It's paramount to
|
|
boycott Amazon for anyone who cares about human rights, privacy, or
|
|
the environment. Amazon also has had several data breaches-- Capital
|
|
One, Juspay, Swiggy, etc., so it's a bad idea to trust custodians who
|
|
use AWS with the security of your money. Google had to ditch their
|
|
"don't be evil" slogan, but Amazon is still a greater evil. Both
|
|
Google and Amazon are in the fossil fuel business. Google is also a
|
|
tech giant which (like Amazon) serving as a central point of
|
|
surveillance and also carries the risks of having a huge number of
|
|
insiders who can abuse the data. The size of the Amazon and Google
|
|
datacenters also makes them a likely target for outside hackers due to
|
|
the high rewards of compromise.
|
|
|
|
Akamai is not known to have a significant history of wrongdoing on the
|
|
scale of Amazon or Google. There is cause for concern in terms of
|
|
security though because it's large enough to serve as a central
|
|
monitoring point where breaches and compromise is still considerable.
|
|
Akamai-hosted financial institutions are not graylisted for that
|
|
reason alone. In the end, you're the judge.
|
|
|
|
Financial institutions hosted on GAFAM (Google Amazon Facebook Apple
|
|
Microsoft) are graylisted. The wrongdoing is indirect and in the end
|
|
taking a security risk doesn't necessarily lead to a breach. Of
|
|
course it's still ethically favorable to choose a whitelisted
|
|
financial institution if possible.
|
|
|
|
## Why FIs that outsource to Equifax are graylisted
|
|
|
|
Equifax is the most reckless of all four credit bureaus with sensitive
|
|
credit data. A data breach of sensitive consumer records to the tune
|
|
of ~150 million Americans was leaked as a result of reckless security
|
|
procedures. The lawsuit yielded a disproportionately tiny settlement
|
|
by which most Americans were not compensated, even though they never
|
|
consented to Equifax collecting the data to begin with. Of those who
|
|
received compensation, most did not receive cash, but rather credit
|
|
protection service which ultimately feeds more money back into the
|
|
credit bureaus.
|
|
|
|
## An FI is only as good as its supply chain and ownership
|
|
|
|
Financial institutions like Merrill Edge, TD Ameritrade, and
|
|
Wellstrade have ethically controversial ownership. Merrill Edge and
|
|
Wellstrade are simply owned by extremely [unethical banks][banklist].
|
|
A large majority of TD Ameritrade is owned by Charles Schwab. Schwab
|
|
is not directly involved in the highly controversial financing that
|
|
other large banks are, but Schwab outsources banking to PNC bank,
|
|
which is an ALEC member with total disregard for humanity.
|
|
|
|
It's important for ethical consumption to consider the whole supply
|
|
chain to the extent of your awareness. When consuming a product or
|
|
service you're not just feeding the immediate customer-facing
|
|
business.
|
|
|
|
We track both the supply chain and ownership. We will not give a
|
|
subsidiary a higher rating than its parent.
|