• activistPnk@slrpnk.netM
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 months ago

    I would give that a mostly true. Banks and credit unions are both such a shit show that a big stash of cash is important. But I must say some comments are not exactly spot on:

    So for most people, they [credit unions] are just as secure as the big national chains.

    They missed something big:

    • Most credit unions have put their website on Cloudflare in the past few years. Which means:
      • Consumers are generally forced to expose their account credentials to a privacy-abusing tech giant (while agreeing to be accountable for damage stemming from credential leakage)
      • Consumers are generally forced to expose to their credit union their approximate physical location every single time they connect to the website as a consequence of Cloudflare. Which means if they move outside of the CUs service area some CUs will notice that and even freeze/lock your account. They tend to admit directly in their privacy policy that they collect IP addresses specifically for geolocation tracking of their customers.
      • Consumers are generally forced to expose to their ISP where they bank as a consequence of Cloudflare. And considering Trump overturned an Obama policy that required ISPs to obtain consent for collecting and selling customer personal data, there is nothing to stop your ISP from selling info about where you bank to data brokers and debt collectors.
      • Cloudflare can at any moment decide to block you for any reason arbitrarily, and suddenly your web access to your money is gone.
      • Consumers who are behind CGNAT outside of their control are often blocked by Cloudflare. If a snot-nose script kiddie in your CGNAT pool decides to scrape some websites, CF’s excessive protectionism might kick in and block the IP which could go to you next, and you lose access to your money because CF overreacted to a harmless snotnose kid.
    • Most credit unions have outsourced just about every aspect of their business. They are like shell companies all working as many different façades to the same giant corporations. CUs in-house expertise doesn’t go far beyond their branding and marketing. They all outsource billpay to 1 or 2 different billpay services. They all outsource monthly statement generation to the same few corps, as well as statement printing. So that means that your sensitive financial info gets shared around with a handful of giant corporations while giving the illusion that you have the privacy benefits of a small CU.
    • Credit unions spam the shit out of whatever email address you supply, thus enabling all entities handling the email to see where you bank each time the CU decides to spam you.

    Being free from Cloudflare sometimes means you can login over Tor and avoid most of the problems above. Many commercial banks block Tor increasingly more frequently lately (because they also want to track your physical whereabouts), but there may be some Cloudflare-free CUs that still permit Tor logins.

    If you cannot find a bank or CU that gives you the privacy of Tor, the best feature to look for is gratis paper statements and paper checks so you can scrap the website and take back your privacy. It’s more common to find gratis paper statements from banks than CUs.

    Credit unions offer FDIC-like protection through the NCUSIF,

    It’s a shit show. The NCU does not protect people. Sure they may give security in the very basic deposit insurance scenario of a CU going under, but if you report unlawful conduct by your CU to NCU they just ignore it. They do not act on consumer protection law infringement even though it’s in their jurisdiction.

    Also, smaller banks and credit unions usually can’t compete with the big banks’ digital offerings.

    Not sure about that. Credit unions do not write their own software. You have a 1 or 2 closed-source Google Playstore banking app makers who all the credit unions outsource to. Whereas every commercial bank reinvents the wheel with their own implementation. For me it’s a shitshow no matter what. I am not going to enter Google Playstore and tell Google where I bank and let Google track exactly which software version I have which also reveals what vulns I inherit, to then run a closed-source app that snoops on me in countless unknown ways. Fuck all that. But anyway, with all credit unions outsourcing to centralised giant single supplier, I’m sure the result is comparable to large banks.