I like the idea of a less profit-driven business that is maybe more community-focused but I wonder if they have the same capability as a bank? Have you been able to do your banking needs at a credit union? Was the customer service decent?
I like the idea of a less profit-driven business that is maybe more community-focused but I wonder if they have the same capability as a bank? Have you been able to do your banking needs at a credit union? Was the customer service decent?
I never finished the code and my partial results would be uselessly stale by now. But I hope to one day resurrect the attempt.
If that were true a crawler would have the same problem.
You can manually check by going through the motions of a manual login at a bank website. Clicking forgot password usually ensures you connect to the host of the portal.
But note that even if you find a usable bank, you need to think of it as temporary. So the most important feature to look for is gratis paper statements and gratis paper checks, so when enshitification happens you can land on your feet and stay functional.
In terms of SEPA pulls (“direct debits”) have a little known benefit: consumers can demand a no-questions-asked refund on demand up to 8 weeks following the settlement date, guaranteed by EU law. That’s even better than pushing a “credit transfer” because those are non-refundable the moment they execute. But indeed in the US AFAIK you’re screwed if you want to take an ACH back.
In any case, it would be useful to have a healthy project to separate tor-friendly banks from the shitty ones, which would require ongoing maintenance.
The US has a similar law, but in both places if you dont notice it for some number of months, you’re fucked. Even if the bank didn’t ask you to authorize the fraudulent withdrawal.
Personally I can’t check all my accounts that often. I review them once per year, so I’d rather rely on technical security. Also paper isn’t an option for me. I live in a country abroad that doesn’t have a postal system.
Where did you get your list of banks (and their websites) to start with your research?
This would be a good project on GitHub. Something like Alec Muffett’ss real world onions. Its a github repo that queries websites Onion Services (over Tor) every day and tells their uptime.
https://github.com/alecmuffett/real-world-onion-sites
Someone could probably just fork that and replace the sites with a list of banking websites
These could help with that:
US fed banks
US state-specific lists
(edit) well shit… some of those links have gone to shit… Cloudflare, anti-tor, etc. But you can perhaps dig up archives.
You may also want to checkout privacy post. They explicitly focus on security. They’ll use proton to send you scans of your paper mail with e2ee.
https://privacypost.io/
They’re pricy, though. I haven’t used them or their alternates yet.
thanks! I did not know about that one.
Those mail services are a minefield in general. Most are compromised by Cloudflare. It’s crazy how companies handling inherently sensitive info like that are exposing their customers to Cloudflare.
What do you usually suggest as an alternative to CF?
I used to work for a bank and managed to convince management to use a local company for DDOS protection. That bypassed the NSL risk of a US company, but it still gave a third party mitm power.
Best I’ve seen is some in-house interstitial PoW page, like “Heray” – a proprietary system used by hetzner. But I haven’t found any FOSS solutions that are well documented and fairly trivial to deploy.
I’ve never been on the other side of that problem. And it’s not my problem, so I never looked too deeply into it. I just know if a bank or CU is using Cloudflare I am not using it.
Extremely useful. Thanks!