Whitelist

+--------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+
|        insurer           |  ALEC    |  Tor-     |  sensitive info  |  supported  |  forced drug  |                             notes                            |
|                          |  member  |  hostile  |  exposed to      |  CISPA      |  testing of   |                                                              |
|                          |          |           |  CloudFlare      |             |  staff        |                                                              |
|American Family Insurance | n        | n         | n                | n           | n             |                                                              |
|(www.amfam.com)           |          |           |                  |             |               |                                                              |
|Erie                      | n        | n         | n                | n           | n             |                                                              |
|(www.erieinsurance.com)   |          |           |                  |             |               |                                                              |
|N&D Group                 | n        | n         | n                | n           | n             | no website, only an access-restricted Facebook page          |
|The General               | n        | n         | n                | n           | n             | parent:  American  Family  Insurance; only writes auto poli- |
|                          |          |           |                  |             |               | cies; certified as Great Place to  Work  (https://www.great- |
|                          |          |           |                  |             |               | placetowork.com/certified-company/7003720)                   |
|(thegeneral.com)          |          |           |                  |             |               |                                                              |
+--------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+

Graylist

+-------------------------------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+
|                    insurer                      |  ALEC    |  Tor-     |  sensitive info  |  supported  |  forced drug  |                             notes                            |
|                                                 |  member  |  hostile  |  exposed to      |  CISPA      |  testing of   |                                                              |
|                                                 |          |           |  CloudFlare      |             |  staff        |                                                              |
|Allianz                                          | n        | n         | n                | y           | y             | **Amazon AWS-hosted**                                        |
|(allianz.com)                                    |          |           |                  |             |               |                                                              |
|Ameriprise Financial                             | n        | n         | n                | y           | y             | akamai hosted                                                |
|(www.ameriprise.com)                             |          |           |                  |             |               |                                                              |
|Berkshire Hathaway                               | n        | n         | n                | n           | y             | Berkshire  Hathaway  is  not directly an ALEC member, but BH |
|                                                 |          |           |                  |             |               | wholly owns ALEC members (e.g. Geico and Fruit of the Loom)  |
|(berkshirehathaway.com)                          |          |           |                  |             |               |                                                              |
|Gen Re                                           | n        | n         | n                | n           | n             | parent: Berkshire Hathaway; akamai hosted, but transactional |
|                                                 |          |           |                  |             |               | site   www.genre-connect.com   is   not.  The  documentation |
|                                                 |          |           |                  |             |               | ("Knowledge" link) is CloudFlared.                           |
|(www.genre.com)                                  |          |           |                  |             |               |                                                              |
|Grange Mutual                                    | n        | n         | n                | n           | y             |                                                              |
|(www.grangeinsurance.com)                        |          |           |                  |             |               |                                                              |
|Homesite Insurance Group (aka Midvale Home & Aut | n        | n         | n                | n           | n             | affiliated with American Family Insurance; landing  page  is |
|                                                 |          |           |                  |             |               | Fastly-hosted; quoting page is AWS-hosted & Tor-hostile; lo- |
|                                                 |          |           |                  |             |               | gin page has no issues                                       |
|(go.midvaleinsurance.com)                        |          |           |                  |             |               |                                                              |
|Horace Mann                                      | n        | n         | n                | n           | y             | no website, only an access-restricted Facebook page          |
|MetLife                                          | n        | n         | n                | y           | y             | **Amazon   AWS-hosted**;    transactional    site    identi- |
|                                                 |          |           |                  |             |               | ty.metlife.com is not AWS                                    |
|(www.metlife.com)                                |          |           |                  |             |               |                                                              |
|National General                                 | n        | n         | n                | n           | y             | formerly GMAC                                                |
|(www.nationalgeneral.com)                        |          |           |                  |             |               |                                                              |
|Selective                                        | n        | n         | n                | n           | y             | pushes  CloudFlare  javascript,  but apparently execution is |
|                                                 |          |           |                  |             |               | optional.                                                    |
|(www.selective.com)                              |          |           |                  |             |               |                                                              |
|Shelter Insurance                                | n        | n         | n                | n           | y             | CloudFlare name server is used, which means they  can  triv- |
|                                                 |          |           |                  |             |               | ially flip a switch to become a CF site.                     |
|(web.archive.org/web/shelterinsurance.com)       |          |           |                  |             |               |                                                              |
|Stewart Information Services Corporation         | n        | n         | n                | n           | y             | **Amazon AWS-hosted**                                        |
|(www.stewart.com/en.html)                        |          |           |                  |             |               |                                                              |
+-------------------------------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+

Blacklist


+-----------------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+
|             insurer               |  ALEC    |  Tor-     |  sensitive info  |  supported  |  forced drug  |                             notes                            |
|                                   |  member  |  hostile  |  exposed to      |  CISPA      |  testing of   |                                                              |
|                                   |          |           |  CloudFlare      |             |  staff        |                                                              |
|21st Century                       | n        | n         | n                | n           | n             | parent: Farmers                                              |
|Aflac                              | y        | n         | n                | n           | y             | sponsors  Fox  News;  transactional  site is **Google Cloud- |
|                                   |          |           |                  |             |               | hosted**                                                     |
|Allied                             | n        | y         | n                | y           | y             | **Amazon AWS-hosted**; parent: Nationwide                    |
|Allstate                           | n        | y         | n                | y           | y             | sponsors Fox News; akamai hosted; accused  (https://www.con- |
|                                   |          |           |                  |             |               | sumerreports.org/car-insurance/allstate-car-insurance-pric-  |
|                                   |          |           |                  |             |               | ing-michigan-regulators-raise-objections) by Michigan  regu- |
|                                   |          |           |                  |             |               | lators of profiling customers unlikely to shop out insurance |
|                                   |          |           |                  |             |               | to charge them more, and accused in Texas of having a "suck- |
|                                   |          |           |                  |             |               | ers   list";   uses  "personalized  pricing"  in  10  states |
|                                   |          |           |                  |             |               | (https://www.consumerreports.org/car-insurance/why-you-may-  |
|                                   |          |           |                  |             |               | be-paying-too-much-for-your-car-insurance).                  |
|American Modern                    | n        | n         | y                | n           | n             | **forced   h/reCAPTCHA**;  **Google  Cloud-hosted**  landing |
|                                   |          |           |                  |             |               | page, which is CloudFlare-free but  the  transactional  host |
|                                   |          |           |                  |             |               | my.doculivery.com is CFd                                     |
|American Strategic Insurance (ASI) | n        | n         | n                | n           | n             | parent:  Progressive;  no website, only an access-restricted |
|                                   |          |           |                  |             |               | MS LinkedIn page                                             |
|Amica                              | n        | y         | n                | n           | n             |                                                              |
|Brown & Brown Insurance            | n        | n         | y                | y           | n             | **forced h/reCAPTCHA**                                       |
|CUNA Mutual                        | n        | n         | n                | n           | n             | Feeds LMG through TruStage.                                  |
|Esurance                           | n        | n         | n                | n           | n             | sponsors Fox News; parent: Allstate; akamai hosted           |
|Farmers                            | y        | n         | n                | n           | y             | akamai hosted                                                |
|First American Insurance Agency    | n        | n         | n                | n           | y             | parent: Liberty Mutual                                       |
|Foremost                           | n        | n         | n                | n           | y             | parent: Farmers                                              |
|Geico                              | y        | n         | n                | n           | y             | sponsors Fox News; parent: Berkshire Hathaway; akamai hosted |
|                                   |          |           |                  |             |               | but transactional site ecams.geico.com is not.               |
|Harleysville Group                 | n        | n         | n                | n           | n             | parent: Nationwide                                           |
|Hartford                           | n        | y         | n                | y           | y             | akamai hosted                                                |
|Infinity                           | n        | y         | n                | n           | y             |                                                              |
|Lexington                          | y        | y         | n                | n           | n             | landing  page allows Tor access but all links therein refuse |
|                                   |          |           |                  |             |               | Tor; AIG partner                                             |
|Liberty Mutual                     | y        | y         | n                | y           | n             | sponsors Fox News; akamai hosted                             |
|Main Street America Insurance      | n        | y         | n                | n           | n             | parent: American Family Insurance; Landing page  allows  Tor |
|                                   |          |           |                  |             |               | but the transactional host does not                          |
|Mercury                            | n        | y         | n                | n           | y             |                                                              |
|Nationwide                         | y        | y         | n                | y           | y             | sponsors Fox News; **Amazon AWS-hosted**                     |
|Pemco                              | n        | y         | n                | n           | y             |                                                              |
|Progressive                        | n        | y         | n                | n           | y             | sponsors Fox News                                            |
|Safe Auto                          | n        | y         | n                | n           | n             | **Tor-hostile**  sign-in  page  despite Tor-friendly landing |
|                                   |          |           |                  |             |               | page.                                                        |
|Safeco                             | n        | y         | n                | n           | n             | parent: Liberty Mutual; akamai hosted                        |
|State Farm                         | y        | y         | n                | y           | y             | sponsors Fox News; edgecast-hosted                           |
|Titan                              | n        | n         | n                | n           | n             | parent: Nationwide                                           |
|Travelers                          | n        | n         | n                | y           | y             | **forced h/reCAPTCHA**; akamai hosted                        |
|TruStage                           | n        | n         | n                | n           | n             | parent: CUNA Mutual; home and auto policies underwritten  by |
|                                   |          |           |                  |             |               | Liberty Mutual (LMG)                                         |
|USAA                               | n        | y         | n                | y           | y             | sponsors Fox News                                            |
|Western Mutual                     | n        | n         | y                | n           | n             | **forced h/reCAPTCHA**                                       |
+-----------------------------------+----------+-----------+------------------+-------------+---------------+--------------------------------------------------------------+

Why ALEC members are blacklisted

American Legislative Exchange Council ("ALEC") is a right-wing super PAC and bill mill that puts corporate interests above the interest of human beings. ALEC:

Countless companies were ALEC members historically, but most of them discontinued membership and renounced it likely to avoid boycott. Companies that continue to renew their ALEC membership are right-wing die-hards unlikely to join team humanity. So they are blacklisted.

A "y" in the ALEC column indicates that the financial institution still today supports the above-mentioned right-wing agenda through ALEC membership.

Why Tor-hostile FIs are blacklisted

Financial institutions that are aggressively Tor-hostile are automatically blacklisted.

Why access to banks, brokerages, and insurance companies over Tor matters If Tor were used exclusively for anonymity, it would be useless in the context of consumers accessing and controlling their financial accounts. But that's not the case. Tor prevents your ISP from snooping on where you bank. ISPs collect data on their own customers and exploit it for profit in the US. Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. As if that's not already useless thanks to an abundant supply of consumers who will agree to anything without reading it, Trump reversed Obama's policy in 2017 to render consumers completely powerless. Tor is a free tool to protect from excessive disclosure of where your assets are. Thus when a financial institution blocks Tor, it prevents you from taking basic self-defense measures. This trend undermines the supplier-client relationship whereby we expect the supplier to serve the customer's interest. It's not just anti-privacy, it's anti-consumer.

Non-Tor users generally reveal their physical location to their bank or insurance company every time they login. If all banks and insurance companies didn't care where you reside, this wouldn't be a problem. But some financial institutions care more than others and beyond reason. Banks typically collect your IP address and one bank even outright admits in their privacy policy that they collect geolocation data from customers' IP addresses. For nomads/world travelers banks can make their lives hell if their profile doesn't seem to match up with their lifestyle. Some banks will close an account if a customer moves out of their service area. Insurance companies will question whether you're still eligible for the policy you have, as they may want to raise your premiums or cancel your policy if they suspect you're not where your policy is written. If you want to take a job away from home for a year or two, Tor gives you the necessary privacy to do that free of hassle and nannying.

Why non-Tor users should also boycott Tor adversaries Suppose you never leave home, and you're not bothered if your ISP collects data on where you bank to then sell to data brokers who can then sell it to debt collectors. If you're ethical nonetheless, then you still boycott those who marginalize Tor users. These quotes elaborate on that moral duty:

"If you are neutral in situations of injustice, you have chosen the side of the oppressor. If an elephant has its foot on the tail of a mouse, and you say that you are neutral, the mouse will not appreciate your neutrality." --Desmond Tutu

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." --Edward Snowden

To expand on Snowden's philosophy, it's extremely selfish to refuse to defend a right that others need on the basis that you don't personally need it now or in the future. Moreover, indirect benefits should not be overlooked. Human rights activists need civil liberties more than others, but we all need activists to make the world better for everyone. Moral duties to you derive from that.

Tor is becoming less usable because the growing majority non-Tor users are patronizing businesses that marginalize Tor users.

"Under observation, we act less free, which means we effectively are less free." --Edward Snowden

To neglect to use Tor is to subject yourself to unnecessary observation. In the context of banking and finance, this in turn reduces your freedom of movement.

A "y" in the Tor-hostile column indicates that account access is restricted and exclusive to non-Tor users, who must expose their IP address to the FI and who must expose their FI to their ISP.

Why FIs in CloudFlare's walled-garden are blacklisted

Financial institutions that proxy their services through CloudFlare are blacklisted automatically for taking a profoundly stupid risk with consumer's sensitive financial data. CloudFlare holds the SSL keys for every connection and sees all the traffic including username and unhashed password. CloudFlare has proven to be untrustworthy with sensitive information (demonstrated by CloudFlare's doxxing of the identities of child porn whistle blowers). Apart from the unacceptably high security risk of having a CloudFlare MitM, there are countless ethical problems with being an enabler of CloudFlare.

A "y" in the "sensitive info exposed to CloudFlare" column indicates that account access is restricted and exclusive per CloudFlare's will and customers who do get access are forced to share sensitive transaction data with CloudFlare, Inc. (a privacy abuser).

Why CISPA supporters are graylisted

The Cyber Intelligence Sharing and Protection Act (CISPA) was a bill to bypass the 4^(th) amendment to promote a system of unwarranted mass surveillance through information sharing between the government and private sector. Congress blocked the bill, but it was later reincarnated as CISA and it passed. Unlike ALEC lobbying, CISPA was a one-off event far in the past, and over 800 companies supported it. Since it does not necessarily reflect the company's recent stance or influence, supporters are graylisted instead of blacklisted. They should still be avoided in favor of a whitelisted competitor, but they are considerably less evil than those that are blacklisted.

A "y" in the "supported CISPA" column indicates that the financial institution lobbied for a police surveillance state in favor of CISPA.

Why FIs that force their staff to take a drug test are graylisted

Drug testing employees is an assault on the privacy and lifestyle of employees and staff outside the workplace. In most cases involving medicinal marijuana states, the drug test also harms the healthcare of employees by intervening in doctors' prescriptions. Normally drug testing would justify blacklisting, but the problem is so widespread nationwide that the whitelist tends to be overly small. Drug testing also does not do significant harm to consumers, so companies that drug test are graylisted.

A "y" in the "forced drug testing of staff" column indicates that the financial institution abuses their staff through forced drug testing.

Why Amazon and Google-hosted FIs are graylisted

Amazon is behind countless evils. It's paramount to boycott Amazon for anyone who cares about human rights, privacy, or the environment. Amazon also has had several data breaches-- Capital One, Juspay, Swiggy, etc., so it's a bad idea to trust custodians who use AWS with the security of your money. Google is also evil. Not the degree of evil that Amazon has achieved, but Google is in the fossil fuel business among other evils. Google is also a central tech giant which (like Amazon) serves as a central point of surveillance and also carries the risks of having a huge number of insiders who can abuse the data. The size of the Amazon and Google datacenters also makes them a likely target for outside hackers due to the high rewards of compromise.

Akamai is not known to have a significant history of wrongdoing on the scale of Amazon or Google. There is cause for concern in terms of security though because it's large enough to serve as a central monitoring point where breaches and compromise is still considerable. Akamai-hosted financial institutions are not graylisted for that reason alone. In the end, you're the judge.

Financial institutions hosted on GAFAM (Google Amazon Facebook Apple Microsoft) are graylisted. The wrongdoing is indirect and in the end taking a security risk doesn't necessarily lead to a breach. Of course it's still ethically favorable to choose a whitelisted financial institution if possible.