[HN Gopher] Why not to whitelist operating system user agents
___________________________________________________________________
Why not to whitelist operating system user agents
Author : neelc
Score : 138 points
Date : 2021-11-15 05:49 UTC (17 hours ago)
(HTM) web link (www.neelc.org)
(TXT) w3m dump (www.neelc.org)
| hk1337 wrote:
| Meh. IIRC, basic functionality is still there and maybe even a
| bit more, there's just some features you cannot use.
| zxcvbn4038 wrote:
| Banks do stuff like this all the time - they are always the long
| tail of security - could be a topic in itself. I contemplated
| this for a very long time and decided that JP Morgan would rather
| take the hit for bad security then pay wages and benefits to
| support people to deal with password resets, lost yubikeys, etc.
| No other answer makes sense.
|
| My advise to OP is to dump Chase, Citibank, Bank Of America,
| ASAP. Move your money to one of the millennial focused banks, or
| an ETrade checking account.
|
| The big banks hate you, they think your stupid, offering you
| retail banking services is the bane of their existence. They are
| going to knock you over with $40 fees because you SHOULD pay them
| to put up with you -- at least that is how they see it.
|
| There are much better options these days, just search for zero
| fee checking.
| coredog64 wrote:
| ETrade is now a subsidiary of Morgan Stanley. While MS is only
| half the size of JPMC, they're not really a small bank.
|
| (Wikipedia isn't up to date BTW. Even before the Etrade they
| had over $1T in AUM)
| nynx wrote:
| Any suggestions?
| c-swa wrote:
| Unfortunately can't change loan providers, as my auto loan when
| was financed through the dealer ended up at Jp Morgan & Chase.
| lupire wrote:
| Why do you use a website for your loan? Autopay and never
| talk to them again until closeout.
| JshWright wrote:
| You definitely can do that, if you want to. Refinancing a
| loan is not especially complicated.
| voakbasda wrote:
| And pay all those expenses to have the note bought up by
| one of the same large banks? Selling debt is a very common
| practice.
| JshWright wrote:
| Personally, I use a local credit union that doesn't sell
| their loans (there are several CU's and regional banks in
| my area that make that commitment).
| passivate wrote:
| From what I've seen CUs are not competitive with the big
| banks for jumbo loans. I got a significantly worse
| interest rate on my home loan with the CUs compared to
| BOFA (who I ended up going with).
| krolden wrote:
| Or better yet, use a credit union.
| sharmin123 wrote:
| Snapchat Safety Tips: Secure Snapchat Account:
| https://www.hackerslist.co/snapchat-safety-tips-secure-snapc...
| strenholme wrote:
| Huh? I am able to log in to Chase just fine in my banking virtual
| machine (Ubuntu 20.04 LTS; Firefox 94.0 64-bit). I'm not using
| User Agent Switcher, and the User agent string shows that I'm
| using X11/Ubuntu.
|
| As an aside, one issue Chase did have, 10 years ago, was that
| their DNS servers would return "query refused" if you sent them
| an AAAA (i.e. IPv6 IP) query. This actually caused issues with my
| recursive DNS server; I had to make AAAA (IPv6) queries handle
| errors differently than A (IPv4) queries. I just checked, and
| Chase _finally_ fixed their DNS and IPv6 issues.
| CrazyStat wrote:
| Congratulations, you're part of the "Some Linux user agents get
| through" segment noted in the second paragraph.
| danachow wrote:
| Can anyone confirm this?
|
| I don't have a FreeBSD machine handy right now but I just
| switched user agent to FreeBSD amd64 on a Linux machine with
| Chromium 95 and have no issue with the front page or logging into
| chase.com. I have rarely encountered issues using this Linux/X11
| setup on chase.com for years.
|
| Is it possible they are using an ancient browser and incorrectly
| assuming it's the OS part of the user agent?
| jo-m wrote:
| I have been using chase.com on Ubuntu 18.04 and 20.04 with
| Firefox for years without any issues.
| kafkaIncarnate wrote:
| I can confirm this is 100% false. Been using Linux to login to
| Chase for years, never had any problems (other than weird ad-
| blocker issues which are cross-platform). Just tested again
| just to confirm that I can log in just fine.
|
| No User-Agent switcher required.
| hericium wrote:
| May be OS with small userbase and less popular browser combo.
| swills wrote:
| I have seen the same thing, the article is correct.
| malfist wrote:
| Take a look at their evidence that chase "openly admits to
| hating linux and freebsd". It's a reddit post with 3 votes
| about a CS response saying not supporting linux doesn't
| constitute an ADA violation.
|
| Everything in this article and it's supporting evidence is a
| stretch and should be evaluated very carefully.
| alias_neo wrote:
| Small nit-pick, but OP isn't running Linux, they're running
| FreeBSD.
|
| They too mention Linux so it's possible they aren't aware of
| the difference.
|
| It's possible "Linux" is allowed, but not *nix/Unix?
| swills wrote:
| Quite likely.
| kristopolous wrote:
| I use it almost every day. I'm thinking The user is using a
| weird user agent/browser and misdiagnosed the problem.
|
| It _looks_ like Firefox but there 's just so many small
| browsers these days. Honestly I'd need to see the offending
| code. If it's user agent testing, those strings should still be
| readable even in a compressed js unless they run it through an
| obfuscator
| hericium wrote:
| > should be readable even in a compressed js unless they run
| it through an obfuscator
|
| User-Agent may be determined on a webserver/proxy level and
| request redirected silently to a page with JS just showing
| the banner. It does not have to be based on JS checking
| anything.
| swills wrote:
| The article is 100% correct, I've experienced the exact same
| thing. For a while I thought it was blocking me due to uBlock
| or something, took me a while to figure out it was just the
| user agent.
| kafkaIncarnate wrote:
| The small browsers thing sounds about right. Check the link
| he posted about the email someone received on Reddit. It's
| posted like it's a screenshot from Mutt or some other
| terminal mail editor. Looks more like they are flexing their
| email terminal usage not just copy/pasting the message (png
| for text? come'on!).
|
| Probably using qutebrowser or something else like that.
| chessmango wrote:
| Just from the Reddit post as well - doesn't feel overly
| user-hostile or deserving of the 'JP Morgan Chase Bank
| admitting to me they hate Linux and BSD desktops and
| actively block them' title anyway.
|
| If there's active blocking based on OS (from replies in
| this thread, evidence seems to be slim) then that's not
| great, but this seems to be pretty one-sided so far.
| kristopolous wrote:
| platform.js 1.3.1 is in there
| (https://github.com/bestiejs/platform.js/)
|
| I see this from the pretty-printed version
| function a() { return
| /Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera
| Mini/i.test(navigator.userAgent) ? "Device" : "Desktop"
| }
|
| So let's try to just say I'm say, Opera Mini, still no
| dice. I tried a bunhch of these to no avail. I don't know
| how the OP got this.
| kafkaIncarnate wrote:
| Well that kind of matches the message he received from
| the website. It looks like they are just trying to notify
| you that there is a Chase Mobile App available (which for
| the average phone user, would be 99.9999% better than
| using a browser). Personally I wouldn't use a phone for
| banking but some people don't have laptops/desktops.
| evanfarrar wrote:
| I've certainly been blocked by chase on linux with firefox, but
| I was only using their auto loans at the time. It was super
| annoying, because I first tried to get a payoff quote on the
| iOS app, then the mobile website, then on a linux laptop,
| before resigning and using my work Macbook. Perhaps other lines
| of business support linux better?
| roobs wrote:
| Try Japanese business banking - where you have to pick an OS and
| stick with it when registering (with a paper form), and must use
| either the ESR release of Firefox or Internet Explorer. If you
| don't have a user agent of either of those it won't even let you
| sign in.
| ricardobayes wrote:
| Try Spanish online digital administration. The digital
| certificates only worked in IE. And mid-process they require
| installing a Java-based program that required a different type
| of digital certificate. That of course make you restart the
| browser and lose all the data entered. Just wow. I couldn't
| even come up with such a bad process if I wanted.
| diggan wrote:
| Not sure if you're referring to something old, I've only been
| in Spain since 2012 but I'm having zero issues with the
| digital certificate for various government websites, from
| hacienda to local city governments websites. Never have I
| been forced to install Java either. I usually use Firefox on
| Linux and seems to work fine, at least for me.
| silon42 wrote:
| For a while Firefox ESR was the only one still supporting
| digital certificate request/generation (KEYGEN). My (not in
| Japan) and other banks used this as one securiy mechanism. With
| new EU rules they've now downgraded their security to a Phone
| app + some SMS verification.
| raxxorrax wrote:
| Basically security done wrong because it will only affect users
| and won't stop attackers.
| GoblinSlayer wrote:
| Always spoof your user agent string, for firefox the setting is
| general.useragent.override
| zinekeller wrote:
| You think that's _that_ easy?
|
| Maybe now, not really sure if there are now changes
| (hopefully, since Microsoft is dropping IE), but in a time
| where browser plugins are abound you can't place an ActiveX
| plugin inside Firefox (or vice versa).
| macdice wrote:
| As a Firefox/FreeBSD user occasionally annoyed by this nonsense
| (not Chase but other things), but not being knowledgeable about
| modern web standards evolution, I wonder if
| https://wicg.github.io/ua-client-hints/ will fix this by killing
| User-Agent headers.
| Freak_NL wrote:
| I ran into a similar problem with the website of my general
| practitioner. It worked fine in all cases, except when using
| Firefox on Linux, which I use.
|
| After lots of testing and trying to contact whoever built the
| website I found that it blocked _only_ user-agents which
| contained this literal string: X11; Ubuntu;
| Linux
|
| Only when that string was in there verbatim would it fail all
| requests with a 403 Forbidden.
|
| After I saw the same error with some other websites for
| businesses in my town I started seeing a pattern. The company
| that hosts/builds this website apparently copy/pastes their basic
| server set up, and so every website they host works everywhere,
| except when using Firefox on Linux. So maybe one in a thousand
| users gets this.
|
| I posted my search for the cause of this issue on StackOverflow1,
| and even got a reply from (presumably) someone who works for the
| company that hosts these websites, but alas, the websites remain
| broken to this day. They suspected a hack to prevent some
| WordPress exploit...
|
| It's frustrating, because a general practitioner's website should
| not fail like this (it is a point of contact that sits just below
| emergency services), but the people that work there don't
| understand the problem, and the company that hosts is can't be
| arsed to fix the issue.
|
| 1: https://stackoverflow.com/questions/66185885/some-
| websites-r...
| Freak_NL wrote:
| One happy addendum:
|
| Seeing this topic on HN reminded me to try to and contact the
| website builder again, and this time they did get their hosting
| party to fix the problem.
|
| The explanation as passed on to me was:
|
| > There was a bit in the htaccess that was there since 2019, we
| don't know why.
| Neil44 wrote:
| I host a few hundred wordpress sites and I recognise that
| string by sight! Tons of bots seem to use it. I haven't 403'd
| it (yet) though.
| [deleted]
| lupire wrote:
| The reaponse to that is to play dumb and repeatedly report yhar
| the website is failing, but don't try to diagnose it for them.
| Just focus on your problem, and keep annoying them so that it's
| their problem too (write a script to email occasionally, and
| share it with your friends). Eventually they and other
| customers will complain to the website vendor to make it their
| problem too.
| tentacleuno wrote:
| Your comment seems to be dead (along with the last four of
| yours) which suggests you might be shadow banned? I vouched
| for you, hope it helps.
| JshWright wrote:
| If you're in the US, call your doc and mention that this may be
| a violation of the 21st Century Cures Act, as it is preventing
| or interfering with the access, exchange, or use of electronic
| health information.
|
| It would be a stretch to call this an outright violation (as
| they could satisfy the requirement by printing the information
| you want and mailing it to you...), but it's a trendy topic in
| healthcare right now, so it might be enough of a motivator.
| JumpCrisscross wrote:
| > _call your doc and mention that this may be a violation of
| the 21st Century Cures Act_
|
| Unless you're a lawyer, don't do this. Empty threats are more
| frequently sorted into the crackpot category than the kind
| one responds to.
| JshWright wrote:
| While this is generally true, in my experience anything
| related to healthcare regulations are a lot less likely to
| get written off. Generally the failure mode is quite the
| opposite (people assume all sorts of things about, e.g.
| HIPAA, that aren't true).
|
| EDIT: I also wouldn't characterize it as an "empty threat",
| as it is neither empty (I think a good faith argument could
| be made that this needlessly disrupts patient access to
| information), nor a threat (it's just making them aware of
| something).
| hypeatei wrote:
| Yeah, it's amazing how short sighted some developers and
| sysadmins can be when tasked with solving a problem.
|
| Oh, we have a WordPress exploit? Let's blacklist User Agent
| strings!
| lmilcin wrote:
| > After I saw the same error with some other websites for
| businesses in my town I started seeing a pattern. The company
| that hosts/builds this website apparently copy/pastes their
| basic server set up, and so every website they host works
| everywhere, except when using Firefox on Linux. So maybe one in
| a thousand users gets this.
|
| Haha! Never attribute malice when a simple incompetence would
| explain it!
| makeitdouble wrote:
| This is not straight incompetence though, as that config is
| not there by accident. It's more in line with "screw that 1
| per 1000 users", for whatever reason.
|
| Malice might be too strong of a word, disdain could be closer
| to what we are seeing.
| Freak_NL wrote:
| I would guess it was more in the line of not suspecting
| that it was a valid user-agent string; just one used by
| bots.
| AnimalMuppet wrote:
| "No True Human..."
| makeitdouble wrote:
| Not even checking what matches that user-agent would be a
| deeper level of "screw it". You'd google what you're
| banning before banning it.
| encryptluks2 wrote:
| I once got denied for a credit card app with a different company
| even though they pulled my credit because according to the
| company, quote, my user agent (Chrome on Linux) was suspicious
| activity.
| remram wrote:
| This is interesting to me. I actually left Chase a few years ago
| over a very similar issue: their statement PDFs would show up
| blank in all the PDF readers I tested. After contacting support
| and being told that the only option was for me to install the
| latest Adobe Acrobat Reader, I told them to close my account.
|
| I never even thought about the accessibility requirements. I am
| sure that relying on PDF features that only the latest Acrobat
| supports hurts a lot of people on that front too (unless Acrobat
| happens to be the most accessible of readers?)
| mattnewton wrote:
| My advice is to drop the bank now, after testing a replacement-
| there are plenty of smaller and "neo banks" looking to have your
| business with real development teams. I use the big, old and
| stogy bank of America but I have never had a complaint using
| desktop Linux and Firefox / chrome there.
| A4ET8a8uTh0 wrote:
| Interesting. I just tried logging in from PopOS. No issues. Does
| it only affect FreeBSD?
|
| I mean worst case scenario I can always open dedicated Windows
| VM, but I will admit that the trend is troubling.. especially
| with Win11 push towards 'trusted computing'.
| z3t4 wrote:
| The fun part in web dev is to make sure everything works on the
| 0.5% non mainstream browser/platforms. Only supporting 99.5% is
| boring.
| rocqua wrote:
| A popup "your OS browser combination is not supported, some
| things may not work" is a much less nuclear option.
| rzzzt wrote:
| If you know which parts will not work in advance. What if the
| "Send $$$" button does not appear due to a CSS misfire?
| zeorin wrote:
| eslint-plugin-compat [0] and stylelint-no-unsupported-
| browser-features [1] can help you know when you're using an
| unsupported browser feature.
|
| [0] https://github.com/amilajack/eslint-plugin-compat
|
| [1] https://github.com/ismay/stylelint-no-unsupported-
| browser-fe...
| op00to wrote:
| I would not want a money transfer to "not work" and end up
| moving $500,000 rather than $500.
| indymike wrote:
| How about assuming it works until users report it does not?
| joppy wrote:
| Things fail in the weirdest ways in unsupported environments
| though, it's not like the "make transfer" button doesn't
| work, it's more like it might not even show up in the first
| place. Having 99% of your website work and the last 1% not
| work is a dealbreaker in many cases, and these "the site may
| not work for you based on your OS" banners lead the user into
| thinking it does work 100% if it works in 99% of the cases.
|
| Not saying this is the way it should be, just saying that
| "doing your best" to allow unsupported platforms often leads
| to a terrible and confusing user experience.
| alvarlagerlof wrote:
| Unlikely. This is a browser. If it's going to fail, it
| won't be some js somewhere. It's going to be the whole
| thing.
| Kaze404 wrote:
| That's not true. All it takes is using an unsupported CSS
| rule for something to simply disappear from the page
| under certain circumstances. As a recent example, I found
| out some of our users couldn't find a specific button in
| an application. It still existed, but we used the zoom
| property to make it stand out more, which for some reason
| is only supported in Chrome.
| franga2000 wrote:
| It is to a point, but then it just becomes painful. If you want
| to keep a good user experience for modern browsers while
| supporting ancient ones, you'll probably be writing at least
| all your layouts twice.
| michaelt wrote:
| You guys are getting a good user experience from your banks?
| franga2000 wrote:
| I am since reverse engineering their mobile app protocol
| and developing a Python library for it :)
| flyinghamster wrote:
| Blue Cross and Blue Shield of Illinois (I can't vouch for any of
| the other Blue Cross affiliates) recently redid their website. I
| was wondering why the hell it was kicking me out after logging
| in, with a "did you forget your password?" message. Multiple
| password reset attempts later, I called their tech support and
| asked what was up. I use Firefox on Linux as my daily driver.
|
| What was up was that on their new site, I had to use Google
| Chrome and _only_ Google Chrome. Not Firefox, not even Chromium.
| I wonder if Edge even works.
|
| I'm seriously considering switching providers over it.
| enobrev wrote:
| I have similar issues. I couldn't get to the billing site for
| BCBSIL from any browser on my system for the past year.
|
| Unfortunately there are no decent alternatives for a PPO, where
| I am. If it's browser issues vs an HMO, I'll begrudgingly
| accept developer incompetence.
| wswope wrote:
| If you want to push back against the bureaucracy on this one,
| find a Firefox-only accessibility addon that can't be used on
| their site, and play the ADA angle by sending a polite email
| mentioning that their negligent browser restrictions prevent
| "your favorite" visibility tweaker/screen reader/etc. from
| being used, harming the ability to access the site. You need
| not disclose the details of exactly what, if any, disabilities
| you personally suffer from.
| flyinghamster wrote:
| No thanks. Dishonesty does more harm than good.
| amelius wrote:
| So instead of moving their business elsewhere, they installed a
| user agent switcher?
| jakub_g wrote:
| For anyone who works at the company who does that: why you do it?
|
| Is it to reduce amount of testing, and only have a few "blessed"
| browsers with guaranteed happy experience? Any other reasons?
| graindcafe wrote:
| They may have spotted a bot using this UA and deduces it's a
| pattern
| tootie wrote:
| I mean there's an excellent and obvious answer and that's cost
| benefit when it comes to QA. Anything transactional, banks in
| particular, want to be 100% sure that end user experiences are
| doing exactly what they're expected to at all times. No one is
| being served incorrect information or is improperly served
| terms or disclaimers that they can use a leverage in a lawsuit.
| The tech teams likely have an explicit support matrix of
| browsers to test against and anything not on the list is
| considered untested and unreliable. They can't legally
| indemnify themselves against defects.
| jakub_g wrote:
| Interesting point on lawsuits! I never thought this way
| (maybe because lawsuits sounds like a very American thing,
| and I'm in EU)
| op00to wrote:
| It's not so much for happy experiences, as it is to place
| bounds on what the development team is asked to do.
| chaps wrote:
| Has this sort of thing been argued in court as an ADA issue? I
| could understand why using Linux might be considered legally a
| "choice", but if there's better ADA compliant tooling in Linux
| over windows, then a legal argument might just exist..
| geocrasher wrote:
| Unless one was to claim that Tux is their emotional support
| animal, I doubt it. Linux on the desktop has usability issues
| for able bodied people. I strongly doubt it has any edge on
| MacOS or Windows when it comes to accessibility.
| R0b0t1 wrote:
| For an ADA claim it shouldn't matter. You're usually not
| asked to demonstrate your disability.
|
| There are people who only use Linux in textmode.
| Closi wrote:
| You will need to state what the specific issue is for
| yourself/someone else though, rather than just what you
| want the solution to be.
| franga2000 wrote:
| Sure, but I'd be surprised if any modern web app worked in
| TUI browsers.
| R0b0t1 wrote:
| A lot of them do if the text is scraped. Lack of
| scrapable text is an ADA issue.
| franga2000 wrote:
| A JS app can be perfectly accessible (if written
| correctly), despite giving a CLI browser nothing but a
| "please turn on JS" page.
|
| Both Firefox and Google Chrome support powerful screen
| readers and other accessibility features based on an open
| standard. A site using these would surely be ADA-
| compliant
| R0b0t1 wrote:
| You can't dictate a specific solution. It probably hasn't
| happened yet but someone who exclusively uses the FOSS
| software probably has grounds to request flat text. Flat
| text may be better with current hardware, who knows.
|
| A business is going to have a _hard time_ arguing that
| providing text is unreasonable.
| lmm wrote:
| A greater focus on scriptability and customizability might
| make it a better OS for people with some disabilities.
| Certainly I've heard that at one point Linux was the only OS
| you could use in Welsh, for example (not that that's a
| disability, but it's similar in terms of being a minority
| need).
| chaps wrote:
| Sure, but usability issues aren't necessarily issues under
| ADA.
| Closi wrote:
| Unless we have more details about this claim we can't be
| sure, but it seems like the ADA claim is probably well-
| intentioned but also not correct.
|
| Chase does not have to implement a specific solution to a
| users problem, they have to make a reasonable adjustment -
| I.e. you can install a small ramp if someone asked for a
| lift.
|
| Depending on the issue raised, chase may feel they have a
| reasonable way of providing the services - for instance if
| the user is blind and uses some specific Linux screen
| reader then telephone banking may also be a reasonable
| adjustment rather than Linux support.
|
| Chase may see supporting Linux for all users because of one
| persons disability as an 'unreasonable' adjustment (I don't
| see the issue, but this is approximately how the claim
| would work). To be open I'm not exactly sure how ADA works
| as I'm more familiar with UK legislation.
| tapland wrote:
| It shouldn't be allowed to ban web access from all free
| operating systems ;)
| number6 wrote:
| This gave me the idea to ban all non-free systems:
|
| "You are using a non-free Operation System and thus signing
| away you fundamental rightsas a user. Please use a free
| Operationsystem like GNU/Linux to access this website."
| kafkaIncarnate wrote:
| But then you run into the issue of half of websites
| blocking free operating systems and half (haha) of websites
| blocking non-free operating systems.
|
| At that point we'll need a user-agent switcher that is
| website aware to know which sites need which user-agents.
| Like secret hand signals to get into your secret clubs.
|
| I'll just pass and not use any of it at that point.
| joshuaissac wrote:
| > At that point we'll need a user-agent switcher that is
| website aware to know which sites need which user-agents.
|
| Microsoft Edge already has something like this built in
| to get around Google's user agent checks.
| hmrr wrote:
| All the UK banks used to do this about 12 ish years ago. No
| longer. What they do try and do is shove Rapport down your throat
| instead.
| alias_neo wrote:
| Ugh, I remember when HSBC pushed Rapport. Is it still a thing?
| I run Linux exclusively and haven't seen them try to push it
| for a long time so not sure if it's still a thing.
|
| They still prevent you from running their app on a rooted
| Android, which is nice considering I can do much more dangerous
| things with my money from the web site.
| neilalexander wrote:
| I haven't seen or heard of anything related to Rapport with
| HSBC UK for probably a decade now.
| swills wrote:
| Downloading, installing and running kernel mode software to
| prevent cheating is already required for a number of online
| games.
|
| I wonder if/when banks will extend this idea to banking to
| prevent fraud?
|
| Perhaps it'll be merely an optional thing at first, like 2FA.
|
| Later it could become something that while optional, does get you
| a better price of some kind, much like the driving trackers that
| some auto insurance companies offer.
|
| Before long, it could even become mandatory or there could be a
| penalty or higher price or fee to pay if you don't do it.
|
| Just a random idea or conspiracy theory of what's possible I
| suppose, but it feels like something that could be possible in
| the not too distant future.
| the_pwner224 wrote:
| Already a thing on Android. Google "Safety"Net API is used by
| many apps to verify that the system is not rooted or modified.
| These days it's combined with hardware attestation from the
| phone to verify that the installed OS is properly signed by the
| manufacturer and unmodified. So there's no workaround to using
| an alternative Android distribution, or rooting your phone, and
| still being able to use media / banking / other apps.
|
| Of course using the bank website with the phone's browser still
| works...
| jijji wrote:
| Dude, all I know is that I was using chase for one of my
| businesses for 3 years, millions of dollars coming in via Intuit
| payments -- no problems, then I switched from Intuit for ACH to
| using Seamlesschex.com, and then after the first batch, they
| locked up my business bank account, and then after a few months
| talking to a call center in india, with the bank manager sitting
| there (there is nothing they can do when they automatically lock
| your account), the people in india saying they will "never"
| return the hundreds of thousands in the account they locked up, I
| filed a lawsuit against Chase in civil court the same day, and
| then a month later, the attorney representing the case mails me a
| check for the full amount they stole from the account. I
| understand risk, but this was months later, all ACH payments, and
| everyone knew they owed this money. My only regret was not
| charging them with theft/fraud and 3x the money back for damages.
| Bottom line -- don't use Chase for anything. They suck.
| johnebgd wrote:
| I had someone working at Chase telling my vendor how much money
| was in my account. I was a private client at JP Morgan and had
| a business account with them.
|
| The vendor was threatening me and using my bank account level
| (down to the penny) to make the threats.
|
| Chase identified the culprit, told me who it was, then offered
| me lifelock identity theft protection as a courtesy for my
| troubles.
|
| I haven't had $1k in my private client account since.
| zone411 wrote:
| Chase closed my 10-year-old+ personal account without a warning
| or an explanation. I recommend avoiding them.
| GoblinSlayer wrote:
| Biggest banks routinely do such things simply because they can.
| encryptluks2 wrote:
| And like most things if you're not wealthy enough to afford a
| good attorney, and they usually can just draw out a case
| until you run out of money, the only people capable of
| protecting you are legislators who have failed time and time
| again to adequately take on big business abusing their
| positions.
| viraptor wrote:
| This is what small claims courts are for, if you have an
| equivalent in your country. No/minimal lawyer involvement,
| as long as the amount is relatively low. If you have
| hundreds of thousands or more stuck in an account though,
| you likely have access to a lawyer. (+ obviously winnable
| cases will be sometimes taken without cost since the
| lawyers will negotiate that in the damages)
| op00to wrote:
| Use a different bank if your preferred platform is unsupported.
| No article necessary.
| beervirus wrote:
| > Worse, Chase even openly admits to being hostile to Linux and
| BSD to someone on Reddit. It's something even Microsoft, Windows
| PC/hardware OEMs, or Apple won't do.
|
| If you click through to the link, you will see that this claim is
| totally made up.
| hacker_newz wrote:
| Seriously, it sounds like the author of that post claimed
| discrimination for not supporting Linux.
| theodric wrote:
| My employer for currently blacklists Firefox from being used to
| launch a session in their 3rd-party remote desktop portal. I use
| a UA switcher. It works fine. This behavior, while brain-dead, is
| at least trivial to circumvent. I'm happy to let them continue to
| check a box on their audit preparation form saying they have
| control over this, and to continue to have a URL rule to change
| my UA for the portal, rather than having to hack my client
| further or keep a separate browser around to launch my daily
| session.
| kmarc wrote:
| had the same with a very broken citrix setup. Inalways hated
| citrix itself because how srupidly it was set up, but the more
| quirks I was working around, I realized that in the windows
| world it's actually a pretty sophisticated product with a lot
| of tunables for even Linux guests.
|
| Nevertheless, I left banking for good and chose a company where
| I have real IT engineers as colleagues.
| neelc wrote:
| Thanks for the upvotes.
|
| I have updated my article. It seems Chase is whitelisting OSes,
| but they seem to allow Linux and not FreeBSD based on comments
| and using a Linux user agent.
|
| Chase may not block Linux because does Chase exactly want to deal
| with angry Linux users on the phone, or see Linux die-hards
| switch to competitors. Even if 1% of customers leave and don't
| come back, it could anger Chase's investors.
|
| They may not officially support Linux but the web developers
| allow it anyways since it's too big of a minority.
|
| They still block FreeBSD. Whether Chase's web developers don't
| know about BSD or they're willing to let BSD users switch to Citi
| Bank, I don't know.
|
| I mean, they shouldn't whitelist by OS, but I don't know what the
| reasoning of blacklisting FreeBSD is.
| Wowfunhappy wrote:
| It's not just banks. Google Maps will refuse to work if you're
| running OS X Lion, even if you're using a fully up-to-date
| version of Chromium[1] which is just as capable as any other
| Chromium-based browser on any other operating system.
|
| Google Maps work perfectly on Lion if you fake the user agent,
| because of course it does, it's a web app and the underlying OS
| is irrelevant.
|
| 1: https://github.com/blueboxd/chromium-legacy
| spicybright wrote:
| Can confirm it works fine for me under linux firefox. OP, just
| adjust your user agent string if you're using a weird browser and
| proceed at your own risk.
|
| (I say this because you're dealing with actual money, so
| incompatibilities from your browser might cause major problems if
| you're not careful)
| nix23 wrote:
| Can confirm it works NOT under FreeBSD and Firefox, with
| useragent Win/Chrome it works.
___________________________________________________________________
(page generated 2021-11-15 23:01 UTC)