JP Morgan Chase Bank, or Why Not To Whitelist Operating System User Agents


UPDATE: It seems I was on Hacker News. Desktop Linux users have said Chase.com works for them.

While Chase doesn’t officially “support” Linux, setting my user agent to Linux works. It seems the web developers knows there are Linux users, even if Chase customer support may not officially support it.

FreeBSD is still blocked. The user agent probably picks me out if says FreeBSD but still lets me in if it says Linux.

This isn’t very common, but sometimes happens. Most developers don’t whitelist by OS, but there can be a few rouge developers.

While the person on Reddit said it’s a ADA violation, it’s more web developers didn’t know about smaller OSes, or was trying to block bots. Chase’s web developers may know enough people use Linux to not outright block them but not enough to warrant having to train customer service for Linux desktops. They might also be afraid of Linux users complaining against Chase bank so they had to make a consession, but FreeBSD may not be big enough so Chase may be willing to let BSD users go to Citi Bank.

Another case is one local Seattle landlord uses a third party for individual property websites which also does this. Fortunately not for the portal to pay rent.

Even many computer science students and graduates aren’t aware of FreeBSD. My brother’s best friend was a computer science major and current web developer and she didn’t even know what FreeBSD is, very less that I was using it since 2012 and am a contributor.

Chase shouldn’t block FreeBSD or other OSes, or whitelist OSes. I don’t know if the majority of “FreeBSD” user agents on Chase’s website are bots, or just that the web developers don’t know what FreeBSD is. When I sniffed user agents on my website and Tor exit relays, I did see some “FreeBSD” user agents which were clearly not mine (e.g. ancient Firefox).

Original Article

For better or worse, JP Morgan Chase is my bank, mainly since that’s where my parents set up my account.

One thing Chase done very stupidly is on their banking portal website, they whitelist only Windows and macOS. Some Linux user agents get through to what I gague, but many also don’t. If you run FreeBSD like me, you’re SOL.

Chase Bank Blocking Linux/BSD

Worse, Chase even openly admits to being hostile to Linux and BSD to someone on Reddit. It’s something even Microsoft, Windows PC/hardware OEMs, or Apple won’t do.

Well, you can easily use a user agent switcher. I know about it, and that’s what I do. But needing a user agent switcher shouldn’t even be necessary.

In short, you shouldn’t whitelist operating systems based on your user agent. Doing it is bad engineering and alienates customers.

Yes, Linux or BSD users may be a fraction of your customers. But if the next big device or platform runs an OS not made by Microsoft, Apple, or Google, would Chase want to lose tech-forward customers if Bank of America or Charles Schwab doesn’t do the same whitelisting?

After the decline of Internet Explorer and Opera Presto to Chromium Edge and Opera, most users run an open source browser rendering engine. Websites can easily render just fine no matter what your OS is. Unless it’s something like an company’s intranet needing a certain MDM or a even software download, there’s no reason to whitelist by OS when checking for user agents.

What if Elon Musk was a desktop Linux user. Would Chase rather have him bank at Citi Bank? Or invest his money in Fidelity or Robinhood? Or would Chase rather see their customers use a Huawei laptop running Windows 11 versus a Dell laptop running Linux if you only had those two options, even when the US GOVERNMENT Chase isn’t allowed to ignore would take the Dell considering America blacklisted Huawei?

I don’t have the means to switch banks now, but when I do, I would leave just for this reason unless this whitelisting stops.

Yes, I do work at Microsoft, but not on Windows, Edge, or any Linux efforts. At home, I’ve used FreeBSD as a desktop (and server) too long to want to switch to Windows, and the same thing could be said about Firefox versus Edge.

I have a FreeBSD commit bit, but at the same time am clueless on how to administer Windows Server, and I’m too lazy to learn it. Admittely, if I grew up a few years later than I did, I may have just used Windows+WSL, but maybe I could also have equally gotten pissed with mandatory updates or telemetry.

Interestingly, Microsoft IT in some ways did the opposite of Chase. For a while (pre-“zero trust”), many corporate resources could be accessed just fine on a personal FreeBSD machine based on my user agent, even when the same PC running Windows was denied.

I was shocked to see how easy accessing the internal SharePoint and other intranet sites was on a personal machine not enrolled into Microsoft’s system officially was, and that for a trillion-dollar company. If a startup had it, it could be justified, startups need to launch quickly. Maybe it was that way when they didn’t have plans for “InTune” for Linux and didn’t want to alienate Microsofties who needed Linux for work.

But Chase Bank blocking Linux and BSD user agents from their website, it serves no purpose except to push Linux and BSD users to competing banks. If Chase doesn’t change this, I’d recommend their competitors also.