I like the idea of a less profit-driven business that is maybe more community-focused but I wonder if they have the same capability as a bank? Have you been able to do your banking needs at a credit union? Was the customer service decent?
I like the idea of a less profit-driven business that is maybe more community-focused but I wonder if they have the same capability as a bank? Have you been able to do your banking needs at a credit union? Was the customer service decent?
The US has a similar law, but in both places if you dont notice it for some number of months, you’re fucked. Even if the bank didn’t ask you to authorize the fraudulent withdrawal.
Personally I can’t check all my accounts that often. I review them once per year, so I’d rather rely on technical security. Also paper isn’t an option for me. I live in a country abroad that doesn’t have a postal system.
Where did you get your list of banks (and their websites) to start with your research?
This would be a good project on GitHub. Something like Alec Muffett’ss real world onions. Its a github repo that queries websites Onion Services (over Tor) every day and tells their uptime.
https://github.com/alecmuffett/real-world-onion-sites
Someone could probably just fork that and replace the sites with a list of banking websites
These could help with that:
US fed banks
US state-specific lists
(edit) well shit… some of those links have gone to shit… Cloudflare, anti-tor, etc. But you can perhaps dig up archives.
You may also want to checkout privacy post. They explicitly focus on security. They’ll use proton to send you scans of your paper mail with e2ee.
https://privacypost.io/
They’re pricy, though. I haven’t used them or their alternates yet.
thanks! I did not know about that one.
Those mail services are a minefield in general. Most are compromised by Cloudflare. It’s crazy how companies handling inherently sensitive info like that are exposing their customers to Cloudflare.
What do you usually suggest as an alternative to CF?
I used to work for a bank and managed to convince management to use a local company for DDOS protection. That bypassed the NSL risk of a US company, but it still gave a third party mitm power.
Best I’ve seen is some in-house interstitial PoW page, like “Heray” – a proprietary system used by hetzner. But I haven’t found any FOSS solutions that are well documented and fairly trivial to deploy.
I’ve never been on the other side of that problem. And it’s not my problem, so I never looked too deeply into it. I just know if a bank or CU is using Cloudflare I am not using it.
Extremely useful. Thanks!