This community tracks restricted access resources (generally websites) that are supposed to serve taxpayers and the general public, but they fail in that duty by imposing arbitrary restrictions on access. This is where we document these cases.
Most often, it is the Tor community who is marginalised by incompetantly implemented infosystems. This community will be mostly littered with references to tor-hostile public resources to a fatiquing extent, but this is expected. It is not necessarily limited to Tor. Any demographic of people who are refused service would have a relevant story here. E.g. someone traveling outside their country and being denied access to a homeland website on the basis of presumed IP geolocation.
This is very closely related to the [email protected] community. But there are some nuanced differences. Not all fiefdoms are necessarily always restricted access. E.g. some rare Facebook pages are reachable to non-FB users.
And not all manifestations of restricted access entail a fiefdom. E.g. it’s increasingly common for a gov website to block Tor visitors at the firewall without involving a digital fiefdom.
Cases of Cloudflare, Facebook, LinkedIn and the like can be crossposted in many situations. They are a fiefdom walled garden and also commonly configured to restrict access. IDK.. use your best judgement. Might suffice to just post in [email protected] in those cases.
Also related: [email protected]
Scope and rules:
What is not relevant here:
This community is focused on tax-funded government programs and services like public education, social services, voter reg, courts, legal statutes, etc. NGOs and non-profits may exist for the pubic benefit, but if they are not funded by force (taxation) then they are not really relevant here.
Recommended style:
Indeed the IRS website blocks Tor users from accessing tax information, as if tor users don’t need tax information. Important legal guidance exists on irs.gov, so it’s obviously an injustice to block people from becoming informed about their rights and obligations.
(edit)
What’s the fix? Would it be effective to make a FOIA request on paper so the IRS must send the info on paper via USPS? Or would that require compensation to offset their burden?
It’s not necessariliy a binary. You apparently did not even complete an infosec 101 class b/c that should have been made clear to you. Your prof has failed you. Availability loss is not necessarly a total loss. Even an underperforming server is a loss of availbility. Availability is a measurable quantity. Of course it can also have a binary context in a narrow sense (e.g. “the tor network has no availability”). This does not strip meaning away in the slightest. It is how the term is used. If a whole demographic of people do not have access, then there is no service (no availability) for that demographic, whether it’s a demographic of Tor users, or VPN users, or CGNAT users, or users on a particular platform. To fail to grasp this is to fail to meaningfully understand availability. If you can’t articulate a whole demographic of people losing access to a resource, you’re missing the fundamental purpose of the concept.
That’s not an option. Gov offices laugh at those requests now. Gov offices don’t even have the courtesy of expressing refusal of postal requests. They just ignore them. So no, you cannot rely on the postal service as a crutch for incompetent security when you cannot even expect it to work.
You’re fired. This does not compensate or serve as an excuse for incompetent security. Expecting Americans living abroad to get on a plane to physically appear at an IRS office is absurd. Unlike most of the world, Americans must file their tax wherever they are in the world (which is not just a transmission but also research -- reading publications and advice).
Indeed, it is not binary. I’m glad you can see that now. Availability has scope, and for the IRS, tor is not in that scope. This is not a security issue. Continue to scream into the void about how literally any impediment to every form is access is a security issue, but that’s not how any of this works. Given you seem to keep bringing up course work and professors and this naive view of security, I’m assuming you’re a student. Keep studying.
It is an option. Saying “nuh uh” doesn’t make it not an option.
This serves as availability. You have TLS, postage, and physical locations you can utilize. You are just whining. Your refusal to use any of the plethora of means available to you has no relation to the competency of the IRS’ security. Grow up.
I said not necessarily binary. Your inability to grasp the various different contexts is profound. The non-binary usage is a red herring in this discussion. When you universally deny a whole demographic of people access, that’s binary. It’s a hard and fast total loss of availability for that demographic.
The scope is the American taxpayer. Of course Tor users are in that scope. You cannot deny access to a whole demographic of people on the crude and reckless basis of IP reputation and then try to redefine the meaning and purpose of availability to offset your incompetence. You need to face the facts and admit when you don’t have the skill to separate threat agents from legit users. Screaming until your blue in the face about how you would like availability to be defined does not bring availability to the demographic of legit users being denied access.
I only brought up school because at your level that seems to be where you are. My infosec MS came decades ago.
Saying the contrary does not make a demographic of people magically part of a different demographic of people. Who do you think you are fooling by pointing to demographic A saying “they have access” in response to demographic B not having access?
Wrong demographic. That’s not anonymous.
You mean postal service. Again, wrong demographic. That’s not anonymous. The IRS needs your physical address in the very least.
Wrong demographic. That’s neither anonymous nor reachable outside the country.
Your refusal to accept that a demographic of people are denied availability has backed you into a corner making absurd claims to justify incompetence. The growth and evolution is needed on your part. To give demographics of non-anonymous people access to tax material continues to miss the point about loss of availability to people who are.
It’s really not. You’ve been asserting that there’s somehow a lack of security because they don’t support tor because that means they’re failing on the “availability” point of the CIA triad. That’s incorrect.
This is also incorrect. The scope is the American taxpayer who is able and willing to utilize the website. You are either unable or unwilling. You are not in the scope. You absolutely can block entire swaths of address ranges and, in fact, have better security because you did so.
A lot has changed from decades ago, you might consider going back to school.
Neither is tor. And even if tor did provide perfect anonymity, tough shit. You are again just whining. Nobody owes you the ability to “anonymously” download tax material at your preferred comfort level of anonymity.
Before you can claim it’s not a red herring, you must first grasp what is claimed as the red herring. Your reply displays that you don’t. When a demographic of people are wholly denied availability, and you make the false assertion that availability is /never/ binary, it’s both incorrect and irrelevant. Incorrect because you can have 100% loss of availability in a context. Context is important. And it’s incorrect because people without access are inherently without availability.
THAT’s incorrect. That’s the sort of weasel wording that people can see right through. You’ve taken the whole of taxpayers who are entitled (in fact obligated) to file tax, and excluded some of them as a consequence of infosec incompetence. You cannot redefine the meaning of a term to justify incompetence. It’s purpose defeating for PR damage control.
This is where your lack of infosec background clearly exposes itself. You can also /randomly/ block large swaths of people arbitrarily and with the same mentality claim “better security” because you think a baddy likely got blocked, a claim that inherently requires disregarding availability as a security factor. You will fool people with that as you’re pushing a common malpractice in security which persists in countless access scenarios because availaibility to the excluded is disregarded by the naive and unwitting.
Nonsense. Infosec, comp sci, and all tech disciplines cover most diligently principles and theory which are resilient over decades, not tool-specific disposable knowledge. The principles and theories have not changed in the past 20 years. You seem to be in a program that short-cuts the principles and fixates on disposable knowlege, likely a vocational / boot camp type of school, in which case you should consider transferring to a school that gives more coverage on theory - the kind of knowledge that doesn’t age so fast.
WTF? You don’t know how Tor works. Perfection is never on the table in the infosec practice. You should forget about perfection -- it’s distracting you. But Tor most certainly provides anonymity in the face of countless threat agents, among other features.
“Owes” implies a debt. I never spoke of owing or debts. The IRS has an obligation to inform the public. When they exclude demographics of people from their service (in particular people who funded them), it’s an infosec failure and an injustice.
It is important. Which is why claiming there’s a security issue because they don’t support tor is silly. Just don’t use tor. The website also doesn’t support the entire demographic of people who don’t use tech at all, like the Amish. No reasonable person would say that’s a security issue.
No, it’s absolutely correct. You can continue to whine that they don’t support your particular use case, but that’s your problem. The documents and services are all available right now for all Americans. You insisting on using your niche protocol is nobody’s problem but your own.
This is a stawman. Tor is notorious for bad actors. Not even remotely the same as blocking addresses at random.
You really need to go back to school. No principle and no theory in infosec requires every protocol be available in order to achieve “availability”. All of these fields are relatively new and still evolving.
Indeed, that’s what I was saying.
So does a VPN, you twit.
English your second language? It’s fine if it is, just know that “debt” and “obligation” are synonyms.
Anything to be a victim. Grow up. Nobody owes you tor access.
Reread the thread. You’ve already been told that you can’t dress up a deliberate act of sabatage as merely “neglecting to support”. It’s the same silly claim that it was the first time you made it.
The Amish did not have a viable means of access that was artificially removed by a proactively inserted firewall rule. This fallacy of analogy shows your inability to grasp the absurdity of the comparison.
Of course if you don’t grasp the fact that the Tor DoS is not lack of support but rather a proactive disabling of something that naturally works, then it’s clear why it appears absurd to you. But the appearance in your view is due to not understanding that servers serve Tor out of the box by default (unlike the Amish).
You clearly don’t know what that word means. I presented my own argument, not yours. My words - my argument - simply exposes the absurdity of the basis of your claim as quoted. Hence why I quoted you without paraphrasing.
Sure, but you’re neglecting proportionality. Cars are notorious for drive-by shootings. But we don’t ban cars on that basis because (like Tor) the numbers of legit users far outnumber the baddies. We don’t oppress a whole community because less than 1% of that community has a harmful element -- unless we are a corrupt tyrant deporting all possible deportable immigrants, or an incompetent admin blocking the whole Tor community.
Of course it is. Both scenarios block an arbitrary group of legitimate users who are exposed to collateral damage as a consequence of prejudiced trivia with the effect of collective punishment. Only to then claim “security is better” on the off chance that a baddy was blocked, without realizing that availability consequences are selectively overlooked.
While claiming that anonymity is non-existent on the basis of lack of perfection -- perfection that you now concede we never have.
Yes, to a much lesser extent than Tor in far fewer scenarios, of course, with higher doxxing risks by a motivated adversary. And? Are you just going to leave the red herring there like that or did you have a point?
I was about to ask you that. You clearly are struggling. “Owing” is /not/ a drop-in replacement for “obligation”. Anyone who speaks English as their first language would be aware of that nuance and spot your conflation of the words instantly. It’s like you are entering an off translation.
There it is again. You continue to misuse that word -- in this case to build a man of straw. I already rejected your first attempt at redefining my position as being owed something.
You’re trying to turn this into semantics. They don’t support tor. That’s a factual statement.
You presented a strawman and attacked that strawman.
Blocking tor is not the same as blocking random IP addresses. There’s really no point in pressing with this analogy.
Did I make that claim? I recall saying tor doesn’t provide you with perfect anonymity. Another factual statement.
Cool, so use a VPN.
It’s a synonym. Maybe you should look up synonym while you’re at it. The IRS is not obligated to support tor and they do not owe you that support.
That’s what you’re doing when you say:
That’s not the words of intellectual honesty. The honest and straight-shooting way to say it without weasel wording is to say they are blocking Tor. Accurate. Simple. Does not mask the fact that it’s a proactive initiative.
An analogy is not a strawman. If I wanted to present I strawman, I would have had to present the analogy as your argument. I did not. It was my analogy.
you did, in the context of Tor:
That is not what you said. Look above. Also, your newly revised statement (Tor not being perfect anonymity) is tue but an irrelevant waste of time, as you have been told twice already. Again, you’re distracting yourself with this pointless chase for perfection. Forget about perfection. It’s not a reasonable expectation for the infosec discipline.
Not it’s not.
Your reliance on a dictionary is not helping you. You’re not going to understand nuanced differences between near synonyms from a dictionary. You need to be immersed in an English speaking culture to reach that level of understanding.
You keep trying to pull this down to semantics because you don’t have a leg to stand on. Nobody owes you tor access. Nobody is obligated to allow tor access.
You have options, you’re just refusing to use them, probably because you just picked up using tor for the first time out of high school and, like all young idealists, took a hard line on it. Grow up.
Really recommend you go look at a dictionary, thesaurus, and some introductory material on security.
You continue with this useless claim. There are legal obligations. Then there are moral obligations. It’s an attempt at the equivocation fallacy to state a fact that is true of one meaning while the other is implied to the contrary. But more importantly, the arguement fails to counter the thesis. If someone says McDonald’s burgers are poor quality, and you come along and say “McDonald’s does not owe you good quality food”, it’s as if you are trying despirately and emotionally to defeat the critic with an argument using an claim that misses the thesis (that the burgers are poor quality). Citing incompetent security does not in itself inherently impose obligation. Obligation can be argued either way depending on which side of the meaning under the equivocation fallacy refers to. But the more important thesis remains: that service quality is poor due to a deficiency of competence.
Unlike telling the burger consumer they have “options”, tax is not optional. Everyone is obligated one way or another to interact with the tax authority. So when service quality is poor, the option to walk is not there. It’s a mandate that you are trying to dress up as if taxpayers are given autonomy. Autonomy is compromised when forced to choose between lousy or undignified options therein.
You absolutely should not be giving anyone infosec advice; most particularly given these rudimentary and arbitrary information sources, respectively.
You are neither legally owed nor morally owed tor access.
Not supporting tor does not indicate a security fault.
The McDonald’s analogy doesn’t apply to the context of this discussion. You’re morally outraged that McDonald’s doesn’t provide plastic straws. Instead of using the straws provided, not using a straw, or bringing your own plastic straws, you’re yelling that they’re poisoning the drinks.
There are other ways to handle your taxes, if you find them lousy or undignified, that’s a real bummer for you.
Your opinions on security are worthless. You are clearly an uninformed zealot.
It’s a demonstration of incomptence and it’s embarrassing for the federal government.
Wooosh -- how could that go so far over your head? The analogy had similarities and differences both of which demonstrate how indefensive your stance is. The similarity exposes as clearly as possible how your claims about not “owing” quality service misses the thesis entirely. The difference in the analogy contrasts the lack of choice in the tax situation compared to the private market (where you can simply walk when the service is poor). Moral obligation arises out of the mandate.
The moral obligation of treating taxpayers with dignity and respect is an equal obligation to all taxpayers. Undermining data minimization and forcing the needless disclosure of IP addresses of those contributing to the revenue service is indefensible and morally reprehensible. You’ve wholly failed in your effort to support the needless and intrusive practice of reckless forced disclosure of personal information irrelevant to the tax obligation.
I don’t think anyone is embarrassed to be not supporting tor, bud. What’s embarrassing is throwing a fit about it, misunderstanding basic English, tossing out trash analogies, attacking strawmen, and being a massive whiner because you can’t use your protocol of choice.
Saying “whoosh” doesn’t make your analogy any less shitty. Further, explaining how your analogy was inaccurate just proves the point.
There is no moral obligation to support tor. I get it. You’re a zealot. Nobody gives a shit. Sucks to fall hard on a niche utility. Grow up and move on.
Your 1st statement would actually be reasonable enough if we disregard the meaning you are trying to convey and treat the words at face value. If you had a good grasp on English and weren’t misusing the phrase tor support to begin with, your literal words are fair enough in that phrase. This is because supporting Tor requires deploying an onion host. Yet no one here has brought up the lack of onion host. The embarrassment is indeed not about lack of Tor support. It’s that they cannot handle fully serving clearnet traffic.
The Tor network needs no support because it is self-supporting. The Tor community bent over backwards to maintain gateways on the clearnet to accommodate the clearnet server without requiring any server-side support whatsoever. The Tor community is generally content as long as services do not go out of their way to sabotage the Tor network.
It’s of course not an embarrassment that the IRS does not support Tor. The embarrassment arises from the lack of competency that led them to proactively block segments of clearnet based on the crude and reckless practice of relying on IP reputation; which led to disservicing the Tor community.
I realize that you have dropped the direct and accurate language (tor blocking) in favor of indirect, vague, weasel words of “tor support” because you believe this choice of words will somehow serve you by deceiving your audience. By intent, your comment is perversely naive. But it’s arguably sensible enough in the literal sense of the words because moral obligation to add an onion server is debatable. Although a case could be made for a government’s moral obligation to respect and embrace data minimization, and even to the extent of deploying onion services. But when the bar of digital rights is so low, it would be premature to have that discussion particularly when you’re not even in a position to accept the idea that a tax administration owes taxpayers any dignity or respect. Which, to be clear the lack thereof is demonstrated by this messaging:
There is not even enough respect to tell Tor users that service is refused as a consequence of their IP address. Nor do they extend enough dignity to explain to those users why they block the Tor community, or which oversight office the excluded taxpayers may complain to.
You keep beating on this phrase because your zealotry has pushed you to a singular idea of what “support” means. Another word you might consider looking up in the dictionary.
They don’t support tor. They aren’t obligated to, morally nor legally. Any argument that they are is founded on zealotry and ignorance. If you feel undignified or a lack of respect because you can’t use your favorite browser, then you’re an idiot.
You’re just recycling defeated drivel. There are no new arguments here and unless you figure out how to attack the arguments that defeated yours, using sound logic, this drivel of personal attacks only exposes the weakness of your indefensible position further. Relying on rudimentary information sources like a general purpose dictionary is consistent with the lack of English nuance from which your misuse of terms and obtuse language manifests.
Your fixation on insults indicates no formal background in debate. You’ve used the most common logical fallacy (among others) while naming it to call out multiple situations where it did not apply. This shows you’ve picked up common buzz phrases without grasping them (implying ad hoc hot-headed cloud fights without basic formal debate training). In the very least you could benefit from studying logical fallacies and taking a debate class. But to be clear that will only improve the quality of your dialog, it won’t compensate for the infosec deficit. In any case, none of that is going to happen in time for you to dig yourself out of your embarrassing position in this thread.
There haven’t been any new arguments for a while. You repeat the same junk about how you’re a victim because you’re not able to access the IRS in the fashion you zealously demand. You continue to be hilariously upset about getting called out on basic definitions. And you continue to talk about classes and school. I’m 100% certain you’re a child. Maybe fresh out of college.
Grow up.
Your continued failure to grasp the fact that the Tor community does not need server-side support is the main reason you have failed to understand why your main thesis has been defeated. Not understanding how Tor works to at least the most basic extent has ensured you’ve based everything in your position on misinformation (which most certainly comes from poor assumptions). Then you wonder why you think you see repititon as you repeat defeated claims because you don’t understand the facts that make your claims indefensible. Until you learn enough about To to realise there is no need for server-side support, you have no hope of even understanding the silly absurdity of your thesis.
What exactly do you think my thesis is?
What exactly do you think “support” entails?
It’s clear you lost the plot on the first question ages ago and you have a child’s perspective on the second.