• 62 Posts
  • 94 Comments
Joined 7 months ago
cake
Cake day: July 1st, 2024

help-circle
  • Not supporting tor does not indicate a security fault.

    It’s a demonstration of incomptence and it’s embarrassing for the federal government.

    The McDonald’s analogy doesn’t apply to the context of this discussion.

    Wooosh – how could that go so far over your head? The analogy had similarities and differences both of which demonstrate how indefensive your stance is. The similarity exposes as clearly as possible how your claims about not “owing” quality service misses the thesis entirely. The difference in the analogy contrasts the lack of choice in the tax situation compared to the private market (where you can simply walk when the service is poor). Moral obligation arises out of the mandate.

    There are other ways to handle your taxes, if you find them lousy or undignified, that’s a real bummer for you.

    The moral obligation of treating taxpayers with dignity and respect is an equal obligation to all taxpayers. Undermining data minimization and forcing the needless disclosure of IP addresses of those contributing to the revenue service is indefensible and morally reprehensible. You’ve wholly failed in your effort to support the needless and intrusive practice of reckless forced disclosure of personal information irrelevant to the tax obligation.


  • Nobody owes you tor access. Nobody is obligated to allow tor access.

    You continue with this useless claim. There are legal obligations. Then there are moral obligations. It’s an attempt at the equivocation fallacy to state a fact that is true of one meaning while the other is implied to the contrary. But more importantly, the arguement fails to counter the thesis. If someone says McDonald’s burgers are poor quality, and you come along and say “McDonald’s does not owe you good quality food”, it’s as if you are trying despirately and emotionally to defeat the critic with an argument using an claim that misses the thesis (that the burgers are poor quality). Citing incompetent security does not in itself inherently impose obligation. Obligation can be argued either way depending on which side of the meaning under the equivocation fallacy refers to. But the more important thesis remains: that service quality is poor due to a deficiency of competence.

    You have options, you’re just refusing to use them

    Unlike telling the burger consumer they have “options”, tax is not optional. Everyone is obligated one way or another to interact with the tax authority. So when service quality is poor, the option to walk is not there. It’s a mandate that you are trying to dress up as if taxpayers are given autonomy. Autonomy is compromised when forced to choose between lousy or undignified options therein.

    Really recommend you go look at a dictionary, thesaurus, and some introductory material on security.

    You absolutely should not be giving anyone infosec advice; most particularly given these rudimentary and arbitrary information sources, respectively.


  • You have to go out of your way to have your access reduced.

    That would only be true of someone without a Tor setup to begin with. Some of us have Tor baked into our scripts and apps to the extent that using clearnet is going out of our way.

    There are endless ways to achieve that and tor is just one of them.

    They all have benefits and drawbacks, some cost money, some entail more effort, etc.

    Besides the sigint opportunities on tor aren’t as minimal as you want them to be.

    It serves the purpose for the case at hand.

    Also, you’re connecting to the site and acting in behalf of yourself.

    Only if you login, which is often not the case for irs.gov.

    I’m at a loss why this should rank at all in the context of a tidal wave of measurable abuses.

    Read the sidebar. It’s a service that is essential and intended for the whole pulblic. As the digital transformation forces people do perform transactions with public agencies, those agencies are progressively removing offline options. Exclusivity is trending as a consequence. Essential public services should be inclusive and open to all.


  • You’re trying to turn this into semantics.

    That’s what you’re doing when you say:

    They don’t support tor. That’s a factual statement.

    That’s not the words of intellectual honesty. The honest and straight-shooting way to say it without weasel wording is to say they are blocking Tor. Accurate. Simple. Does not mask the fact that it’s a proactive initiative.

    You presented a strawman and attacked that strawman.

    An analogy is not a strawman. If I wanted to present I strawman, I would have had to present the analogy as your argument. I did not. It was my analogy.

    Did I make that claim?

    you did, in the context of Tor:

    That’s not anonymous. Neither is tor.

    I recall saying tor doesn’t provide you with perfect anonymity. Another factual statement.

    That is not what you said. Look above. Also, your newly revised statement (Tor not being perfect anonymity) is tue but an irrelevant waste of time, as you have been told twice already. Again, you’re distracting yourself with this pointless chase for perfection. Forget about perfection. It’s not a reasonable expectation for the infosec discipline.

    It’s a synonym.

    Not it’s not.

    Maybe you should look up…

    Your reliance on a dictionary is not helping you. You’re not going to understand nuanced differences between near synonyms from a dictionary. You need to be immersed in an English speaking culture to reach that level of understanding.



  • It is important. Which is why claiming there’s a security issue because they don’t support tor is silly.

    Reread the thread. You’ve already been told that you can’t dress up a deliberate act of sabatage as merely “neglecting to support”. It’s the same silly claim that it was the first time you made it.

    like the Amish

    The Amish did not have a viable means of access that was artificially removed by a proactively inserted firewall rule. This fallacy of analogy shows your inability to grasp the absurdity of the comparison.

    Of course if you don’t grasp the fact that the Tor DoS is not lack of support but rather a proactive disabling of something that naturally works, then it’s clear why it appears absurd to you. But the appearance in your view is due to not understanding that servers serve Tor out of the box by default (unlike the Amish).

    This is a stawman.

    You clearly don’t know what that word means. I presented my own argument, not yours. My words - my argument - simply exposes the absurdity of the basis of your claim as quoted. Hence why I quoted you without paraphrasing.

    Tor is notorious for bad actors.

    Sure, but you’re neglecting proportionality. Cars are notorious for drive-by shootings. But we don’t ban cars on that basis because (like Tor) the numbers of legit users far outnumber the baddies. We don’t oppress a whole community because less than 1% of that community has a harmful element – unless we are a corrupt tyrant deporting all possible deportable immigrants, or an incompetent admin blocking the whole Tor community.

    Not even remotely the same as blocking addresses at random.

    Of course it is. Both scenarios block an arbitrary group of legitimate users who are exposed to collateral damage as a consequence of prejudiced trivia with the effect of collective punishment. Only to then claim “security is better” on the off chance that a baddy was blocked, without realizing that availability consequences are selectively overlooked.

    Indeed, that’s what I was saying.

    While claiming that anonymity is non-existent on the basis of lack of perfection – perfection that you now concede we never have.

    So does a VPN, you twit.

    Yes, to a much lesser extent than Tor in far fewer scenarios, of course, with higher doxxing risks by a motivated adversary. And? Are you just going to leave the red herring there like that or did you have a point?

    English your second language?

    I was about to ask you that. You clearly are struggling. “Owing” is /not/ a drop-in replacement for “obligation”. Anyone who speaks English as their first language would be aware of that nuance and spot your conflation of the words instantly. It’s like you are entering an off translation.

    Anything to be a victim. Grow up. Nobody owes you tor access.

    There it is again. You continue to misuse that word – in this case to build a man of straw. I already rejected your first attempt at redefining my position as being owed something.



  • It’s really not. You’ve been asserting that there’s somehow a lack of security because they don’t support tor because that means they’re failing on the “availability” point of the CIA triad. That’s incorrect.

    Before you can claim it’s not a red herring, you must first grasp what is claimed as the red herring. Your reply displays that you don’t. When a demographic of people are wholly denied availability, and you make the false assertion that availability is /never/ binary, it’s both incorrect and irrelevant. Incorrect because you can have 100% loss of availability in a context. Context is important. And it’s incorrect because people without access are inherently without availability.

    This is also incorrect. The scope is the American taxpayer who is able and willing to utilize the website. You are either unable or unwilling. You are not in the scope.

    THAT’s incorrect. That’s the sort of weasel wording that people can see right through. You’ve taken the whole of taxpayers who are entitled (in fact obligated) to file tax, and excluded some of them as a consequence of infosec incompetence. You cannot redefine the meaning of a term to justify incompetence. It’s purpose defeating for PR damage control.

    You absolutely can block entire swaths of address ranges and, in fact, have better security because you did so.

    This is where your lack of infosec background clearly exposes itself. You can also /randomly/ block large swaths of people arbitrarily and with the same mentality claim “better security” because you think a baddy likely got blocked, a claim that inherently requires disregarding availability as a security factor. You will fool people with that as you’re pushing a common malpractice in security which persists in countless access scenarios because availaibility to the excluded is disregarded by the naive and unwitting.

    A lot has changed from decades ago, you might consider going back to school.

    Nonsense. Infosec, comp sci, and all tech disciplines cover most diligently principles and theory which are resilient over decades, not tool-specific disposable knowledge. The principles and theories have not changed in the past 20 years. You seem to be in a program that short-cuts the principles and fixates on disposable knowlege, likely a vocational / boot camp type of school, in which case you should consider transferring to a school that gives more coverage on theory - the kind of knowledge that doesn’t age so fast.

    Neither is tor. And even if tor did provide perfect anonymity, tough shit.

    WTF? You don’t know how Tor works. Perfection is never on the table in the infosec practice. You should forget about perfection – it’s distracting you. But Tor most certainly provides anonymity in the face of countless threat agents, among other features.

    Nobody owes you the ability to “anonymously” download tax material at your preferred comfort level of anonymity.

    “Owes” implies a debt. I never spoke of owing or debts. The IRS has an obligation to inform the public. When they exclude demographics of people from their service (in particular people who funded them), it’s an infosec failure and an injustice.


  • Indeed, it is not binary. I’m glad you can see that now.

    I said not necessarily binary. Your inability to grasp the various different contexts is profound. The non-binary usage is a red herring in this discussion. When you universally deny a whole demographic of people access, that’s binary. It’s a hard and fast total loss of availability for that demographic.

    Availability has scope, and for the IRS, tor is not in that scope.

    The scope is the American taxpayer. Of course Tor users are in that scope. You cannot deny access to a whole demographic of people on the crude and reckless basis of IP reputation and then try to redefine the meaning and purpose of availability to offset your incompetence. You need to face the facts and admit when you don’t have the skill to separate threat agents from legit users. Screaming until your blue in the face about how you would like availability to be defined does not bring availability to the demographic of legit users being denied access.

    Given you seem to keep bringing up course work and professors and this naive view of security, I’m assuming you’re a student. Keep studying.

    I only brought up school because at your level that seems to be where you are. My infosec MS came decades ago.

    It is an option. Saying “nuh uh” doesn’t make it not an option.

    Saying the contrary does not make a demographic of people magically part of a different demographic of people. Who do you think you are fooling by pointing to demographic A saying “they have access” in response to demographic B not having access?

    This serves as availability. You have TLS,

    Wrong demographic. That’s not anonymous.

    postage,

    You mean postal service. Again, wrong demographic. That’s not anonymous. The IRS needs your physical address in the very least.

    and physical locations you can utilize.

    Wrong demographic. That’s neither anonymous nor reachable outside the country.

    You are just whining. Your refusal to use any of the plethora of means available to you has no relation to the competency of the IRS’ security. Grow up.

    Your refusal to accept that a demographic of people are denied availability has backed you into a corner making absurd claims to justify incompetence. The growth and evolution is needed on your part. To give demographics of non-anonymous people access to tax material continues to miss the point about loss of availability to people who are.




  • It’s possible that it’s an accident, but unlikely IMO. The accidental case is overload and timing fragility. Tor introduces a delay, so if a server already has a poor response time and the user’s browser has a short timeout tolerance, then it’s a recipe for a timeout. Firefox does better than Chromium on this (default configs). But I tried both browsers. At the state level I think they made a concious decision to drop packets.

    It’s also possible that they are not blocking all of Tor but just the exit node I happened to use. I did not exhaustively try other nodes but I was blocked two different days (thus likely two different nodes). In any case, this forum should help sort it out. Anyone can chime in with other demographics who are blocked, or tor users that are not blocked.

    (edit) ah, forgot to mention: www.flsenate.gov also drops Tor packets.


  • Then there is no service that has any availability and all meaning is stripped from the word.

    It’s not necessariliy a binary. You apparently did not even complete an infosec 101 class b/c that should have been made clear to you. Your prof has failed you. Availability loss is not necessarly a total loss. Even an underperforming server is a loss of availbility. Availability is a measurable quantity. Of course it can also have a binary context in a narrow sense (e.g. “the tor network has no availability”). This does not strip meaning away in the slightest. It is how the term is used. If a whole demographic of people do not have access, then there is no service (no availability) for that demographic, whether it’s a demographic of Tor users, or VPN users, or CGNAT users, or users on a particular platform. To fail to grasp this is to fail to meaningfully understand availability. If you can’t articulate a whole demographic of people losing access to a resource, you’re missing the fundamental purpose of the concept.

    Indeed, and if TLS isn’t sufficient for you then by all means, use the postal service.

    That’s not an option. Gov offices laugh at those requests now. Gov offices don’t even have the courtesy of expressing refusal of postal requests. They just ignore them. So no, you cannot rely on the postal service as a crutch for incompetent security when you cannot even expect it to work.

    Hell, you could even go to your local IRS location.

    You’re fired. This does not compensate or serve as an excuse for incompetent security. Expecting Americans living abroad to get on a plane to physically appear at an IRS office is absurd. Unlike most of the world, Americans must file their tax wherever they are in the world (which is not just a transmission but also research – reading publications and advice).


  • No, you have full access.

    You’re not reading what I wrote. I won’t repeat it all here but in short not everyone has clearnet access. Start there.

    This is not about me, but if you meant “you” literally, then you need to read what I wrote about my personal situation. Only Tor works at the library for me. I rely on the library for anything large (i do not have a normal unlimited broadband connection). Grabbing many big PDFs could suck my quota dry.

    Again, you are misrepresenting what availability is in the CIA triad.

    Again, nonsense. Lost access is lost availability. If the Tor network has no access, then they have no availability.

    Otherwise you’re arguing that all iOS apps are also insecure because they aren’t available to Android users.

    In fact if you only offer service to iOS users, then you most certainly are unavailable to AOS users. Of course. You can‘t disregard the userbase in an availability assessment.

    Your analogy would be more accurate if you started with an app that runs on both platforms, and you deliberately artificially sabotaged it from working on one of the platforms. Like a javascript app but you add a line “if Android then terminate end if;” It would result in reduced availabilty, and intentionally so.

    If TLS isn’t sufficient (or available) for you, do the paperwork and mail it in.

    The website is not just for transmitting tax declarations. If it were, then indeed there would be no problem here. Check it out, if you get access. There are countless publications and guides.


  • You do have access, just not through tor.

    That is reduced access. And it makes a world of difference because the lost access also forces excessive disclosures. It would be perversely narrow to disregard that as a security compromise.

    Also, you assume everyone has clearnet access, not just that everyone has the will to use clearnet, and that everyone would find clearnet appropriate for this, and that some users rightly see clearnet as a break from the rule of least privilege principle. But some people offer open internet access to the public on a tor-only network. Users on such a network have no clearnet option.

    Furthermore, I personally have a DNS problem with my local public library. I have not yet taken the time to troubleshoot it, but when I connect to the library’s network, all clearnet attemps fail because of some DNS problem. Tor is the only way I can access the internet from my local public library. So until I get to the bottom of that problem, the IRS website is unavailable.

    For me, not having privacy-respecting access is the same as not having access. For pushovers who don’t think about their own security, their availability is not affected. More broadly, it’s not your place to tell users what threat model and security posture is right for them – unless they hired you for that. If a blockade forces a connection outside the parameters of someone’s security policy, they have lost availability.

    Nor through Bluetooth. Nor plaintext. “Availability” does not mean you will support every known protocol so that purists and idealists can be happy.

    You can’t dress this up as “neglecting to offer Tor support”. The IRS is taking a deliberate action that reduces availability. They took something that works by default and crippled/broke it in an act of sabotage.



  • infosec 101:

    • confidentiality
    • integrity
    • availability

    If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reduces availability. Which by definition undermines security.

    Some would argue blocking Tor promotes availability because a pre-emptive strike against arbitrary possible attackers revents DoS, which I suppose is what you are thinking. But this is a sloppy practice by under-resourced or under-skilled workers. It demonstrates an IT team who lacks the talent needed to provide resources to all legit users.

    A mom and pop shop, sure, we expect them to have limited skills. But the US federal gov? It’s a bit embarrassing. The Tor network of exit nodes is tiny. The IRS should be able to handle a full-on DDoS attempt from Tor because such an effort should bring down the Tor network itself before a federal gov website. If it’s fear of spam, there are other tools for that. IRS publications could of course be on a separate host than that which collects feedback.




  • Indeed some of those are for die-hard boycotters.

    For internet, I think both fiber and cable are monopolistic shitshows. But I think DSL is commonly on offer with a choice of providers. In those cases the underlying copper owner is often a baddy but at least they are getting a smaller piece of the transaction. I personally would sooner use dial-up than support an ALEC member. Worth noting a rarely known decent option: WISPs (wireless). Some cities have a small WISP where they install a terrestrial microwave dish on your roof.

    Another option is to talk to your neighbor and share a connection. Surprisingly, it does not necessarily violate any contractual rules. I once asked a Spectrum (Time Warner) worker who was working on the installation at a family member’s place: “what if we cancel and share the neighbor’s connection?” He said that’s fine with him… that it breaks no rules.

    Mobile internet over GSM is also an option for some. AT&T and Verizon are both shitty but internet from T-Mobile would be a lesser of evils in some regions.

    Back when I was willing to shop online, merchants would sometimes not even disclose who their courier is. I would add a note to my order saying “ship this USPS, or cancel the order if that’s not possible”.

    (edit) A good bit of inspiration can be drawn from reading Tim Wu’s tyranny of convenience essay. Because convenience and boycotts are often at odds.




  • Indeed. I keep this text list around which is easy to grep for various chocolate brands:

    Chocolate suppliers without a decent anti-child labor posture

    Cannot recommend
    – Baci Perugina (Owned by Nestle)
    – Bark Thins (owned by Hershey)
    – Delicaseys Chocolates
    – Galaxy (Owned by Mars – England, Ireland, Scotland, Wales)
    – Garden of Life (owned by Nestle)
    – Haagen-Dazs (owned by Nestle)
    – Hershey’s
    – NÓI SÍRÍUS’s chocolate (dark)
    – Scharffen Berger (owned by Hershey)
    – Stuffed Cakes
    – Talenti Gelato
    – Tony’s Chocolonely (Learn More)

    Cannot recommend but are working on the issues in various ways
    – ABC Bakers (Girl Scout Cookies)
    – ALDI (Moser-Roth)
    – Alpro (Alpro Soya and Provamel)
    – Amore di Mona
    – Ananda Foods
    – Barry Callebaut
    – Beech’s
    – Ben & Jerry’s
    – Bensdorp
    – Beyond Dark
    – Biena
    – Bissinger’s Handcrafted Chocolatier
    – Blommer
    – Boulder Cookie
    – California Gourmet
    – Chocolat Stella
    – Chocolove
    – Chocoveda
    – Clif Bar
    – Creek House Patisserie
    – Deliss Chocolate
    – Dilettante
    – Divine
    – Divvies
    – Dr. Oetker USA, LLC
    – Ds Naturals (Brazil)
    – Endangered Species
    – Enjoy Life
    – Fazer (Norway, Finland, Estonia, Latvia, Lithuania, Denmark, Sweden, Russia)
    – Felchin
    – Go Max Go
    – Goldenberg’s Peanut Chews (Just Born)
    – Goupie’s (England)
    – Haigh’s Chocolates (Australia)
    – Humboldt Chocolate
    – Kashi
    – Lazy Day Foods (England, Ireland, Scotland & Wales)
    – LEDA Chocolate (Australia & New Zealand)
    – Lily’s
    – Little Brownie Bakers (Girl Scout Cookies)
    – Mackie’s of Scotland
    – Mariposa Baking Company
    – Mitchell’s Homemade
    – NOMO (England, Ireland, Scotland, Wales)
    – Northern Bloc (England, Ireland, Scotland, Wales)
    – NOW
    – NuNaturals, Inc.
    – OCHO Candy
    – Pacific Natural Foods
    – Ripple
    – Roar Chocolate
    – Rubicon Bakers
    – Schmerling’s
    – Silver Spoon (England)
    – Simply Lite
    – Starbucks
    – Strauss
    – Summerdown Pure Mint Chocolate Mint Thins
    – Sunwarrior
    – Svelte
    – Sweet William (New Zealand and Europe)
    – Sweets from the Earth
    – Terra Nostra
    – The Cooperative (England)
    – The Healthy Baking Company
    – The Inspired Cookie
    – Thorntons
    – TradeAid (New Zealand)
    – Treat Dreams
    – Urban Remedy
    – Villars
    – Wayfare
    – Whittaker’s (Australia & New Zealand)
    – World’s Finest Chocolate
    – Xan Confections

    Cannot recommend but at least responded
    – Aduna Chocolate
    – Alternative Baking Company
    – Awesome Bars
    – Back to Nature
    – Barney Butter
    – Belcolade
    – Birkengold (Austria & Germany)
    – Blue Skies
    – Bob’s Red Mill Natural Foods
    – Boreal Vegan Chocolatier (Spain)
    – Brooklyn Dark
    – Cacao Barry
    – Castle Kitchen
    – Cherryvale Farms
    – Chocologic
    – Choffy Brewed Chocolate
    – Clipper (England, Ireland, Scotland, Wales)
    – Coco Maya (England, Ireland, Scotland, Wales)
    – Coconut Cloud
    – Crio Bru
    – Dagoba (owned by Hershey)
    – Dr. Fuhrman’s Cocoa Powder
    – Fat Badger Bakery
    – Feed Your Face
    – FINE & RAW
    – FoMu
    – free2b
    – Genuine Health
    – Good Day Chocolate
    – Hail Merry
    – Hampton Creek
    – Hey Tiger Chocolate (Australia)
    – Home Free
    – Jon Good Chocolates
    – Just
    – Kirkland (CostCo)
    – KoKo Dairy Free
    – Landgarten GmbH & Co. KG (Europe)
    – Laura’s Mercantile
    – Lindt (Ghirardelli Chocolate)
    – Little Secrets
    – Lucy’s Cookies
    – Lush Gourmet Foods
    – Maisie Jane’s California Sunshine
    – Matcha Mylkbar
    – Mom’s Munchies
    – Mummy Meagz (England, Ireland, Scotland, Wales)
    – Naturade
    – next Organics
    – No Whey! Chocolates
    – Noiseraie Productions
    – Oatly
    – Olive & Sinclair’s Chocolate
    – Pamela’s Products
    – Peter’s Chocolate
    – PlantFusion
    – Premium Chocolatiers
    – Pudology (England, Ireland, Scotland, & Wales)
    – Rodelle
    – Sanders Candy
    – See’s Candies
    – Shoko Chocolates
    – Simple Truth Organic®
    – Somersaults
    – Steve’s Ice Cream
    – Tasti (New Zealand)
    – The Peanut Principle
    – Theobroma Chocolat
    – Three Sisters Cereal (MOM Brands)
    – Tofutti
    – Unigra Chocolate
    – Valrhona
    – Waitrose (unless specified on product that country of origin is not West Africa)
    – Wawel (Poland)
    – Weirdoughs (Australia)
    – Whittard of Chelsea
    – Wilbur Chocolate
    – Wild Friends Foods
    – YisRoYal (gourmet vegan cookie dough)
    – Yoso

    Cannot recommend: companies that would not disclose (no transparency for customers)
    – Baskin-Robbins
    – Cadbury (Mondelez – England, Ireland, Scotland, Wales)
    – Choklad Mörk (Ikea)
    – Cocovelle
    – Cornetto (Unilever Brand – England, Ireland, Scotland, Wales)
    – Delighted By Hummus
    – E&C’s Snacks
    – Earth Balance
    – Enlightened
    – General Mills (Nature Valley)
    – Giant/Foodhold USA
    – Glutino
    – Hasslacher
    – hipo hyfryd
    – Indie Candy
    – Kinnikinnick Foods
    – Lenny & Larry’s
    – Livia’s Kitchen (England, Ireland, Scotland, Wales)
    – LUV Ice Cream
    – Magnum Ice Cream (Unilever Brand)
    – Mondelēz (Oreo)
    – Moonstruck Chocolatier
    – Nékter Juice Bar
    – Oppenheimer Chocolates U.S.A. Inc
    – O’Natra
    – Pangea brand
    – Patience Fruit & Co (Canada)
    – Peanut Butter & Co.
    – Pure Matters
    – Q.bel Foods
    – Recchiuti Confections
    – Rocky Mountain Chocolate Factory (Canada)
    – Sainsburys (England, Northern Ireland, Scotland, Wales)
    – Salish Sea Chocolate Company
    – Sejoyia (Coco Roons and Coco Thins)
    – ShaSha Bread Co.
    – Silk (TCBY)
    – So Delicious® Dairy Free
    – Sugar Plum Chocolates
    – Sweetapolita
    – Target/Archer Farms
    – The Essential Bite / The Essential Cookie
    – The Hain Celestial Group (Rice Dream, Soy Dream, Sunspire, Chocolate Dream, Tropical Source)
    – The Naughty Cookie
    – Trader Joe’s
    – Udi’s
    – VEGA
    – Vosges
    – Western Family

    Cannot recommend: companies that did not respond
    – 10 degrees chocolate
    – 137 Degrees
    – 34 degrees
    – A Lil Nutty Chocolate
    – Abe’s Muffins
    – Addiction Food (Australia)
    – Amanda’s Own Confections
    – Amber Lyn Chocolates
    – Amedei
    – Amella Caramels
    – Amrita
    – Amul
    – Anandamide (Substantial)
    – Anthon Berg
    – Anthony’s Goods
    – Arbonne
    – Barbara’s
    – Benedicks
    – Berggold (Germany)
    – Beryl’s Chocolate (Malaysia)
    – Better Bites
    – Betty Lou’s
    – Big Tree Farms
    – biona organic
    – Blabbermouth Chocolates
    – Blue Diamond
    – Bodylogix®
    – Boots Bakery
    – Buttercup Cakes & Farmhouse Frosting
    – Cacao de Davao (Philippines)
    – Café Pettirosso
    – Califia Farms
    – Casual Friday Donuts
    – Celtic Chocolates
    – Central Market
    – Charles Chocolates
    – Chatfield’s Chocolates
    – Chocolate Apothecary
    – Chocolate Ivis (Spain)
    – Christopher Elbow Artisanal Chocolate
    – Cicada Artisan Chocolate
    – City Girl Country Girl
    – Coco Polo
    – Coles (Australia)
    – Condor Chocolates
    – Considerit Chocolate
    – CREAM
    – Cybele’s
    – De Ruijter (Netherlands)
    – Deavas
    – Destination
    – Domori
    – Dottie’s Donuts
    – Double Rainbow Soy Cream
    – Doves Farm
    – Doña Maria Mole Sauce (Herdez)
    – Droste
    – earnest eats
    – EcoMil
    – Elmhurst
    – Eskal Noble Choice (Australia/New Zealand)
    – Essy and Bella Chocolate
    – Excellent Baron Chocolatier
    – Fina’s Vegetarian Café (Australia)
    – Fox’s Syrup
    – Frankly Natural Bakers
    – Frankonia Schokoladenwerke GmbH (Germany)
    – Fresh Thyme
    – G. Debbas Chocolatier
    – Galerie Au Chocolat
    – Galler Chocolatier
    – Gel Spice Company
    – Gelateria Naia
    – Girls & Boys Fitzroy
    – Good Karma
    – Good! Greens
    – Gourmet Treats
    – Green & Black’s
    – Greens Plus
    – Grimaldi Candies
    – Gü (England, Ireland, Scotland, Wales)
    – Halletts Chocolates
    – Halloren
    – Halo (Pro Bar)
    – Halo Top
    – Health Warrior
    – Heaven Sent
    – Hedonist Artisan Chocolates
    – Hilary’s Cookies
    – Hungryroot
    – Jackie’s COOKIE Babies
    – Jade Chocolates
    – Just Desserts
    – Kavici Choco Spheres (England, Ireland, Scotland, Wales)
    – KIND Snacks
    – Kinnerton (EU)
    – Koko Black Chocolate (Australia)
    – Kron Chocolatier
    – Laughing Gull Chocolates
    – Laura’s Wholesome Junkfood
    – Lentil as Anything (Australia)
    – Like No Udder
    – LoveRaw (England, Ireland, Scotland, Wales)
    – LoveRaw Chocolate (EU)
    – LÄRABAR
    – Maestrani
    – Main Market Co-Op
    – Mamma Chia
    – Medifast
    – Michel Cluizel
    – Mighty O Donuts
    – Mill City Organics
    – Misura
    – Molly Rose Balms
    – Monsoon Chocolate
    – Mr. Nice Guyshop (Australia)
    – Munk Pack
    – Mutari Craft Chocolate
    – Nairn’s
    – Nana’s Cookie Company
    – Natierra
    – NaturalZing
    – Nature’s Bakery
    – Nestar (Australia)
    Nuts.com
    – Nutter’s
    – Of the Earth Superfoods
    – OGGS (England, Ireland, Scotland, Wales)
    – Oh! Chocolate
    – oodaalolly
    – Pacari
    – Pantagruel
    – Paskesz Candy Inc.
    – PB2
    – Peet’s Coffee and Tea
    – Penzey’s
    – Pico Chocolate (Australia)
    – Planet Oat (owned by Hood)
    – Plum Bistro/Sugar Plum
    – Prestat (England)
    – PROBAR
    – Probios GO Vegan (England, Ireland, Italy, Scotland, Wales)
    – Puratos
    – Pure Fit Nutrition Bars
    – Rhythm 108 (England, Ireland, Scotland, Wales)
    – Riso Scotti (England, Ireland, Scotland, & Wales)
    – Rococo Chocolates (England, Ireland, Scotland, Wales)
    – Rose City Chocolatier
    – Sanitarium (Australia/New Zealand)
    – Santa Cruz Organic
    – Schmidt’s
    – Seattle Chocolates
    – Shakeology
    – Simple Mills
    – Sinfully Devine
    – So Good Beverages
    – Soul Sprout
    – Soylent
    – Spice Pharm
    – Squirrel Sisters
    – Sunbiotics
    – Superior Natural Foods
    – Suzanne’s Specialties
    – Sweet Freedom
    – Tasty Brand
    – Temple Chocolate
    – The Coconut Collaborative
    – The Daily Bar (Australia)
    – The Good Bean
    – The Grenada Chocolate Company
    – The Living Food Kitchen
    – The No Cookie Cookie
    – The Raw Chocolate Pie Company (England, Ireland, Scotland, Wales)
    – The Tea Room
    – The Winning Combination
    – The Yes Bar
    – Theobroma Chocolate Company
    – Think Vegan Gelato (Prodotti Stella)
    – Timeless Coffee
    – Tradin Organic


  • I boycott ebay as well because:

    • Paypal-only, and I boycott Paypal. I heard a rumor that eBay lifted the paypal requirement but I’m not sure that actually had much effect. I don’t get the impression a non-paypal consumer can realistically shop on ebay.
    • eBay’s required JavaScript sniffs the ports on the LANs of all those who visit the website.

    Shitty corporations often have good people working for them. This is not reason not to boycott. If a boycott target were to fall, it would make room in the market for new players who those good vendors can switch to.