(USA) IRS website blocks tor users
(USA) IRS website blocks tor users
Indeed the IRS website blocks Tor users from accessing tax information, as if tor users don’t need tax information. Important legal guidance exists on irs.gov, so it’s obviously an injustice to block people from becoming informed about their rights and obligations.
(edit)
What’s the fix? Would it be effective to make a FOIA request on paper so the IRS must send the info on paper via USPS? Or would that require compensation to offset their burden?
Filing a FOIA is free, but the agency is allowed to charge for gathering the info and sending it to you. They should tell you how much it will cost before they do it.
Sounds like a FOIA doesn’t help then. If they are compensated sufficiently for their labor and cost, then FOIA reqs would fail to pressure them to make their website more accessible. That sucks. It means (AFAICT) we have no push back mechanism against lousy/enshitified gov websites.
I suppose we can make requests on paper (not expressed as a FOIA), but then they can simply ignore it. Which is the case with some gov offices (yeah, I already tried.. sec of states generally ignore requests for info that come by mail).
This just seems like a prudent cyber security practice.
infosec 101:
- confidentiality
- integrity
- availability
If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reduces availability. Which by definition undermines security.
Some would argue blocking Tor promotes availability because a pre-emptive strike against arbitrary possible attackers revents DoS, which I suppose is what you are thinking. But this is a sloppy practice by under-resourced or under-skilled workers. It demonstrates an IT team who lacks the talent needed to provide resources to all legit users.
A mom and pop shop, sure, we expect them to have limited skills. But the US federal gov? It’s a bit embarrassing. The Tor network of exit nodes is tiny. The IRS should be able to handle a full-on DDoS attempt from Tor because such an effort should bring down the Tor network itself before a federal gov website. If it’s fear of spam, there are other tools for that. IRS publications could of course be on a separate host than that which collects feedback.
If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reducesavailability. Which by definition undermines security.
This is a gross misunderstanding of that CIA triad. You do have access, just not through tor. Nor through Bluetooth. Nor plaintext. “Availability” does not mean you will support every known protocol so that purists and idealists can be happy.
So add proxy?