This community tracks restricted access resources (generally websites) that are supposed to serve taxpayers and the general public, but they fail in that duty by imposing arbitrary restrictions on access. This is where we document these cases.
Most often, it is the Tor community who is marginalised by incompetantly implemented infosystems. This community will be mostly littered with references to tor-hostile public resources to a fatiquing extent, but this is expected. It is not necessarily limited to Tor. Any demographic of people who are refused service would have a relevant story here. E.g. someone traveling outside their country and being denied access to a homeland website on the basis of presumed IP geolocation.
This is very closely related to the [email protected] community. But there are some nuanced differences. Not all fiefdoms are necessarily always restricted access. E.g. some rare Facebook pages are reachable to non-FB users.
And not all manifestations of restricted access entail a fiefdom. E.g. it’s increasingly common for a gov website to block Tor visitors at the firewall without involving a digital fiefdom.
Cases of Cloudflare, Facebook, LinkedIn and the like can be crossposted in many situations. They are a fiefdom walled garden and also commonly configured to restrict access. IDK.. use your best judgement. Might suffice to just post in [email protected] in those cases.
Also related: [email protected]
Scope and rules:
What is not relevant here:
This community is focused on tax-funded government programs and services like public education, social services, voter reg, courts, legal statutes, etc. NGOs and non-profits may exist for the pubic benefit, but if they are not funded by force (taxation) then they are not really relevant here.
Recommended style:
Indeed the IRS website blocks Tor users from accessing tax information, as if tor users don’t need tax information. Important legal guidance exists on irs.gov, so it’s obviously an injustice to block people from becoming informed about their rights and obligations.
(edit)
What’s the fix? Would it be effective to make a FOIA request on paper so the IRS must send the info on paper via USPS? Or would that require compensation to offset their burden?
infosec 101:
If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reduces availability. Which by definition undermines security.
Some would argue blocking Tor promotes availability because a pre-emptive strike against arbitrary possible attackers revents DoS, which I suppose is what you are thinking. But this is a sloppy practice by under-resourced or under-skilled workers. It demonstrates an IT team who lacks the talent needed to provide resources to all legit users.
A mom and pop shop, sure, we expect them to have limited skills. But the US federal gov? It’s a bit embarrassing. The Tor network of exit nodes is tiny. The IRS should be able to handle a full-on DDoS attempt from Tor because such an effort should bring down the Tor network itself before a federal gov website. If it’s fear of spam, there are other tools for that. IRS publications could of course be on a separate host than that which collects feedback.
This is a gross misunderstanding of that CIA triad. You do have access, just not through tor. Nor through Bluetooth. Nor plaintext. “Availability” does not mean you will support every known protocol so that purists and idealists can be happy.
That is reduced access. And it makes a world of difference because the lost access also forces excessive disclosures. It would be perversely narrow to disregard that as a security compromise.
Also, you assume everyone has clearnet access, not just that everyone has the will to use clearnet, and that everyone would find clearnet appropriate for this, and that some users rightly see clearnet as a break from the rule of least privilege principle. But some people offer open internet access to the public on a tor-only network. Users on such a network have no clearnet option.
Furthermore, I personally have a DNS problem with my local public library. I have not yet taken the time to troubleshoot it, but when I connect to the library’s network, all clearnet attemps fail because of some DNS problem. Tor is the only way I can access the internet from my local public library. So until I get to the bottom of that problem, the IRS website is unavailable.
For me, not having privacy-respecting access is the same as not having access. For pushovers who don’t think about their own security, their availability is not affected. More broadly, it’s not your place to tell users what threat model and security posture is right for them -- unless they hired you for that. If a blockade forces a connection outside the parameters of someone’s security policy, they have lost availability.
You can’t dress this up as “neglecting to offer Tor support”. The IRS is taking a deliberate action that reduces availability. They took something that works by default and crippled/broke it in an act of sabotage.
You have to go out of your way to have your access reduced. There are endless ways to achieve that and tor is just one of them. Besides the sigint opportunities on tor aren't as minimal as you want them to be. Also, you're connecting to the site and acting in behalf of yourself. I'm at a loss why this should rank at all in the context of a tidal wave of measurable abuses.
That would only be true of someone without a Tor setup to begin with. Some of us have Tor baked into our scripts and apps to the extent that using clearnet is going out of our way.
They all have benefits and drawbacks, some cost money, some entail more effort, etc.
It serves the purpose for the case at hand.
Only if you login, which is often not the case for irs.gov.
Read the sidebar. It’s a service that is essential and intended for the whole pulblic. As the digital transformation forces people do perform transactions with public agencies, those agencies are progressively removing offline options. Exclusivity is trending as a consequence. Essential public services should be inclusive and open to all.