214 lines
13 KiB
Markdown
214 lines
13 KiB
Markdown
|
|
# Whitelist
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|[American Family](https://www.amfam.com)|n|n|n|n|n||
|
|
|[Erie](https://www.erieinsurance.com)|n|n|n|n|n||
|
|
|N&D Group|n|n|n|n|n|no website, only an access-restricted Facebook page|
|
|
|[The General](https://thegeneral.com)|n|n|n|n|n||
|
|
|
|
# Graylist
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|[Allianz](https://allianz.com)|n|n|n|🕵|🧪|**Amazon AWS-hosted**|
|
|
|[Ameriprise Financial](https://www.ameriprise.com)|n|n|n|🕵|🧪|akamai hosted|
|
|
|[Berkshire Hathaway](https://berkshirehathaway.com)|n|n|n|n|🧪||
|
|
|[First American Insurance Agency](https://www.faiagency.com)|n|n|n|n|🧪||
|
|
|[Gen Re](https://www.genre.com)|n|n|n|n|n|parent: Berkshire Hathaway; akamai hosted, but transactional site www.genre-connect.com is not. The documentation ("Knowledge" link) is CloudFlared.|
|
|
|[Grange Mutual](https://www.grangeinsurance.com)|n|n|n|n|🧪||
|
|
|Horace Mann|n|n|n|n|🧪|no website, only an access-restricted Facebook page|
|
|
|[MetLife](https://www.metlife.com)|n|n|n|🕵|🧪|**Amazon AWS-hosted**; transactional site identity.metlife.com is not AWS|
|
|
|[National General](https://www.nationalgeneral.com)|n|n|n|n|🧪|formerly GMAC|
|
|
|[Selective](https://www.selective.com)|n|n|n|n|🧪|pushes CloudFlare javascript, but apparently execution is optional.|
|
|
|[Shelter Insurance](https://web.archive.org/web/shelterinsurance.com)|n|n|n|n|🧪|CloudFlare name server is used, which means they can trivially flip a switch to become a CF site.|
|
|
|[Stewart Information Services Corporation](https://www.stewart.com/en.html)|n|n|n|n|🧪|**Amazon AWS-hosted**|
|
|
|[Travelers](https://www.travelers.com)|n|n|n|🕵|🧪|akamai hosted|
|
|
|
|
# Blacklist
|
|
| *insurer* | *ALEC member* | *Tor-hostile* | *sensitive info exposed to CloudFlare* | *supported CISPA* | *forced drug testing of staff* | *notes* |
|
|
|---|---|---|---|---|---|---|
|
|
|21st Century|n|n|n|n|n|parent: Farmers|
|
|
|Allied|n|👁|n|🕵|🧪|**Amazon AWS-hosted**|
|
|
|Allstate|n|👁|n|🕵|🧪|akamai hosted|
|
|
|American Modern|n|n|🌩|n|n|**Google Cloud-hosted** landing page, which is CloudFlare-free but the transactional host my.doculivery.com is CFd|
|
|
|Amica|n|👁|n|n|n||
|
|
|Brown & Brown Insurance|n|n|🌩|🕵|n||
|
|
|Esurance|n|n|n|n|n|parent: Allstate; akamai hosted|
|
|
|Farmers|👌|n|n|n|🧪|akamai hosted|
|
|
|Foremost|n|n|n|n|🧪|parent: Farmers|
|
|
|Geico|👌|n|n|n|🧪|akamai hosted but transactional site ecams.geico.com is not.|
|
|
|Harleysville Group|n|n|n|n|n|parent: Nationwide|
|
|
|Hartford|n|👁|n|🕵|🧪|akamai hosted|
|
|
|Infinity|n|👁|n|n|🧪||
|
|
|Lexington|👌|👁|n|n|n|landing page allows Tor access but all links therein refuse Tor; AIG partner|
|
|
|Liberty Mutual|👌|👁|n|🕵|n|akamai hosted|
|
|
|Mercury|n|👁|n|n|🧪||
|
|
|Nationwide|👌|👁|n|🕵|🧪|**Amazon AWS-hosted**|
|
|
|Progressive|n|👁|n|n|🧪||
|
|
|Safe Auto|n|👁|n|n|n|**Tor-hostile** sign-in page despite Tor-friendly landing page.|
|
|
|Safeco|n|👁|n|n|n|parent: Liberty Mutual; akamai hosted|
|
|
|State Farm|👌|👁|n|🕵|🧪|edgecast-hosted|
|
|
|Titan|n|n|n|n|n|parent: Nationwide|
|
|
|USAA|n|👁|n|🕵|🧪||
|
|
|Western Mutual|n|n|🌩|n|n||
|
|
# Why ALEC members are blacklisted
|
|
|
|
American Legislative Exchange Council ("ALEC") is a right-wing super PAC and bill mill that puts corporate interests above the interest of human beings. ALEC:
|
|
|
|
* [fights environmental protections](https://www.alecexposed.org/wiki/Environment,_Energy,_and_Agriculture)
|
|
* [fights gun control](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
|
|
* [fights healthcare](https://www.alecexposed.org/wiki/Health,_Pharmaceuticals,_and_Safety_Net_Programs)
|
|
* [fights immigration](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration)
|
|
* [fights worker's rights](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
|
|
* [fights consumer protections](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights)
|
|
* [fights public education](https://www.alecexposed.org/wiki/Privatizing_Public_Education,_Higher_Ed_Policy,_and_Teachers)
|
|
* fights womens rights
|
|
* fights voter rights ([supports voter suppression policy](https://www.alecexposed.org/wiki/Democracy,_Voter_Rights,_and_Federal_Power))
|
|
* [finances republicans](https://www.sourcewatch.org/index.php?title=ALEC_Civil_Justice_Task_Force#Politicians)
|
|
* supports the NRA
|
|
|
|
Countless companies were ALEC members historically, but most of them discontinued membership and renounced it likely to avoid boycott.
|
|
Companies that continue to renew their ALEC membership are right-wing die-hards unlikely to join team humanity. So they are blacklisted.
|
|
|
|
The OK hand sign (👌) indicates that the financial institution still today supports the above-mentioned right-wing agenda through ALEC membership.
|
|
# Why Tor-hostile FIs are blacklisted
|
|
|
|
Financial institutions that are aggressively Tor-hostile are automatically blacklisted.
|
|
|
|
<details>
|
|
<summary>Why access to banks, brokerages, and insurance companies over Tor matters</summary>
|
|
If Tor were used exclusively for anonymity, it would be useless in the
|
|
context of consumers accessing and controlling their financial
|
|
accounts. But that's not the case. Tor prevents your ISP from
|
|
snooping on where you bank. ISPs collect data on their own customers
|
|
and exploit it for profit in the US. Under Obama it became illegal
|
|
for an ISP to sell data collected on their customers without express
|
|
consent. As if that's not already useless thanks to an abundant supply
|
|
of consumers who will agree to anything without reading it, Trump
|
|
<a href="https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316">reversed</a>
|
|
Obama's policy in 2017 to render consumers completely powerless. Tor
|
|
is a free tool to protect from excessive disclosure of where your
|
|
assets are. Thus when a financial institution blocks Tor, it prevents you
|
|
from taking basic self-defense measures. This trend undermines the
|
|
supplier-client relationship whereby we expect the supplier to serve
|
|
the customer's interest. It's not just anti-privacy, it's
|
|
anti-consumer.
|
|
|
|
Non-Tor users generally reveal their physical location to their bank or insurance company
|
|
every time they login. If all banks and insurance companies didn't care where you reside,
|
|
this wouldn't be a problem. But some financial institutions care more than others and
|
|
beyond reason. Banks typically
|
|
[collect your IP address](https://web.archive.org/web/20201024203113/www.decorahbank.com/legal-information/privacy-policy)
|
|
and one bank even outright admits in their
|
|
[privacy policy](https://web.archive.org/web/20210206141004/https://beneficialstatebank.com/uploads/files/BSB-Consumer-Privacy-Act-CCPA-Privacy-Notice-Current-6.4.2020.pdf#page=2)
|
|
that they collect geolocation data from customers' IP addresses. For
|
|
nomads/world travelers banks can make their lives hell if their
|
|
profile doesn't seem to match up with their lifestyle. Some banks
|
|
will close an account if a customer moves out of their service area.
|
|
Insurance companies will question whether you're still eligible for
|
|
the policy you have, as they may want to raise your premiums or cancel
|
|
your policy if they suspect you're not where your policy is written.
|
|
If you want to take a job away from home for a year or two, Tor gives
|
|
you the necessary privacy to do that free of hassle and nannying.
|
|
</details>
|
|
|
|
<details>
|
|
<summary>Why non-Tor users should also boycott Tor adversaries</summary>
|
|
Suppose you never leave home, and you're not bothered if your ISP
|
|
collects data on where you bank to then sell to data brokers who can
|
|
then sell it to debt collectors. If you're ethical nonetheless, then
|
|
you still boycott those who marginalize Tor users. These quotes
|
|
elaborate on that moral duty:
|
|
|
|
"*If you are neutral in situations of injustice, you have chosen the
|
|
side of the oppressor. If an elephant has its foot on the tail of a
|
|
mouse, and you say that you are neutral, the mouse will not appreciate
|
|
your neutrality.*" --Desmond Tutu
|
|
|
|
"*Arguing that you don't care about the right to privacy because you
|
|
have nothing to hide is no different than saying you don't care about
|
|
free speech because you have nothing to say.*" --Edward Snowden
|
|
|
|
To expand on Snowden's philosophy, it's extremely selfish to refuse to
|
|
defend a right that others need on the basis that you don't personally
|
|
need it now or in the future. Moreover, indirect benefits should not
|
|
be overlooked. Human rights activists need civil liberties more than
|
|
others, but we all need activists to make the world better for
|
|
everyone. Moral duties to you derive from that.
|
|
|
|
Tor is becoming less usable because the growing majority non-Tor users
|
|
are patronizing businesses that marginalize Tor users.
|
|
|
|
"*Under observation, we act less free, which means we effectively are
|
|
less free.*" --Edward Snowden
|
|
|
|
To neglect to use Tor is to subject yourself to unnecessary
|
|
observation. In the context of banking and finance, this in turn
|
|
reduces your freedom of movement.
|
|
</details>
|
|
|
|
The eye (👁) indicates that account access is resticted and exclusive to non-Tor users,
|
|
who must expose their IP address to the FI and who must expose their FI to their ISP.
|
|
|
|
# Why FIs in CloudFlare's walled-garden are blacklisted
|
|
|
|
Financial institutions that proxy their services through CloudFlare are
|
|
blacklisted automatically for taking a profoundly stupid risk with
|
|
consumer's sensitive financial data. CloudFlare holds the SSL keys
|
|
for every connection and sees all the traffic including username and
|
|
unhashed password. CloudFlare has proven to be untrustworthy with
|
|
sensitive information (demonstrated by CloudFlare's doxxing of the
|
|
identities of child porn whistle blowers). Apart from the
|
|
unacceptably high security risk of having a CloudFlare MitM, there are
|
|
countless [ethical problems](rap_sheets/cloudflare.md) with being an
|
|
enabler of CloudFlare.
|
|
|
|
The storm cloud (🌩) indicates that account access is resticted and exclusive per CloudFlare's will and customers who do get access are forced to share sensitive transaction data with CloudFlare, Inc. (a privacy abuser).
|
|
|
|
# Why CISPA supporters are graylisted
|
|
|
|
The [Cyber Intelligence Sharing and Protection Act (CISPA)](https://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act)
|
|
was a bill to bypass the 4th amendment to promote a system of unwarranted
|
|
mass surveillance through information sharing between the government and private sector.
|
|
Congress blocked the bill, but it was later reincarnated as CISA and it passed.
|
|
Unlike ALEC lobbying, CISPA was a one-off event far in the past, and over 800 companies supported it.
|
|
Since it does not necessarily reflect the company's recent stance or influence,
|
|
supporters are graylisted instead of blacklisted. They should still be avoided in
|
|
favor of a whitelisted competitor, but they are considerably less evil than those that are blacklisted.
|
|
|
|
The spook (🕵) indicates that the financial institution lobbied for a police surveillance state in favor of CISPA.
|
|
|
|
# Why FIs that force their staff to take a drug test are graylisted
|
|
|
|
Drug testing employees is an assault on the privacy and lifestyle of employees and staff outside the workplace.
|
|
In most cases involving medicinal marijuana states, the drug test also harms the healthcare of employees by
|
|
intervening in doctors' prescriptions. Normally drug testing would justify blacklisting, but the problem is so
|
|
widespread nationwide that the whitelist tends to be overly small. Drug testing also does not do significant
|
|
harm to consumers, so companies that drug test are graylisted.
|
|
|
|
The test tube (🧪) indicates that the financial institution abuses their staff through forced drug testing.
|
|
|
|
# Why Amazon and Google-hosted FIs are graylisted
|
|
|
|
Amazon is behind [countless evils](rap_sheets/amazon.md). It's paramount to boycott
|
|
Amazon for anyone who cares about human rights, privacy, or the
|
|
environment. Amazon also has had several data breaches-- Capital One,
|
|
Juspay, Swiggy, etc., so it's a bad idea to trust custodians who use
|
|
AWS with the security of your money. Google is also evil. Not the degree of evil
|
|
that Amazon has achieved, but Google is in the fossil fuel business among
|
|
other evils. Google is also a central tech giant which (like Amazon) serves
|
|
as a central point of surveillance and also carries the risks of having
|
|
a huge number of insiders who can abuse the data. The size of the Amazon and Google
|
|
datacenters also makes them a likely target for outside hackers due to the high
|
|
rewards of compromise.
|
|
|
|
Akamai is not known to have a significant history of wrongdoing on the scale of Amazon or Google.
|
|
There is cause for concern in terms of security though because it's large enough to serve as a
|
|
central monitoring point where breaches and compromise is still considerable.
|
|
Akamai-hosted financial institutions are not graylisted for that reason alone.
|
|
In the end, you're the judge.
|
|
|
|
Financial institutions hosted on GAFAM (Google Amazon Facebook Apple Microsoft) are graylisted.
|
|
The wrongdoing is indirect and in the end taking a security risk doesn't necessarily lead to a breach.
|
|
Of course it's still ethically favorable to choose a whitelisted financial institution if possible.
|