RustyWizard

You’ve already been told that you can’t dress up a deliberate act of sabatage as merely “neglecting to support”.

You’re trying to turn this into semantics. They don’t support tor. That’s a factual statement.

I presented my own argument, not yours.

You presented a strawman and attacked that strawman.

Both scenarios block an arbitrary group

Blocking tor is not the same as blocking random IP addresses. There’s really no point in pressing with this analogy.

While claiming that anonymity is non-existent

Did I make that claim? I recall saying tor doesn’t provide you with perfect anonymity. Another factual statement.

Yes

Cool, so use a VPN.

“Owing” is /not/ a drop-in replacement for “obligation”.

It’s a synonym. Maybe you should look up synonym while you’re at it. The IRS is not obligated to support tor and they do not owe you that support.

Context is important.

It is important. Which is why claiming there’s a security issue because they don’t support tor is silly. Just don’t use tor. The website also doesn’t support the entire demographic of people who don’t use tech at all, like the Amish. No reasonable person would say that’s a security issue.

THAT’s incorrect.

No, it’s absolutely correct. You can continue to whine that they don’t support your particular use case, but that’s your problem. The documents and services are all available right now for all Americans. You insisting on using your niche protocol is nobody’s problem but your own.

You can also /randomly/ block large swaths of people arbitrarily and with the same mentality claim “better security” because you think a baddy likely got blocked, a claim that inherently requires disregarding availability as a security factor.

This is a stawman. Tor is notorious for bad actors. Not even remotely the same as blocking addresses at random.

Infosec, comp sci, and all tech disciplines cover most diligently principles and theory which are resilient over decades, not tool-specific disposable knowledge.

You really need to go back to school. No principle and no theory in infosec requires every protocol be available in order to achieve “availability”. All of these fields are relatively new and still evolving.

Perfection is never on the table in the infosec practice.

Indeed, that’s what I was saying.

But Tor most certainly provides anonymity in the face of countless threat agents, among other features.

So does a VPN, you twit.

“Owes” implies a debt. I never spoke of owing or debts. The IRS has an obligation to inform the public.

English your second language? It’s fine if it is, just know that “debt” and “obligation” are synonyms.

When they exclude demographics of people from their service (in particular people who funded them), it’s an infosec failure and an injustice.

Anything to be a victim. Grow up. Nobody owes you tor access.

It’s a red herring.

It’s really not. You’ve been asserting that there’s somehow a lack of security because they don’t support tor because that means they’re failing on the “availability” point of the CIA triad. That’s incorrect.

The scope is the American taxpayer.

This is also incorrect. The scope is the American taxpayer who is able and willing to utilize the website. You are either unable or unwilling. You are not in the scope. You absolutely can block entire swaths of address ranges and, in fact, have better security because you did so.

My infosec MS came decades ago.

A lot has changed from decades ago, you might consider going back to school.

That’s not anonymous.

Neither is tor. And even if tor did provide perfect anonymity, tough shit. You are again just whining. Nobody owes you the ability to “anonymously” download tax material at your preferred comfort level of anonymity.

Indeed, it is not binary. I’m glad you can see that now. Availability has scope, and for the IRS, tor is not in that scope. This is not a security issue. Continue to scream into the void about how literally any impediment to every form is access is a security issue, but that’s not how any of this works. Given you seem to keep bringing up course work and professors and this naive view of security, I’m assuming you’re a student. Keep studying.

That’s not an option.

It is an option. Saying “nuh uh” doesn’t make it not an option.

This does not compensate or serve as an excuse for incompetent security.

This serves as availability. You have TLS, postage, and physical locations you can utilize. You are just whining. Your refusal to use any of the plethora of means available to you has no relation to the competency of the IRS’ security. Grow up.

I’ve read what you wrote, but you are refusing to acknowledge reality. Availability does not even remotely mean what you are stating. You might reconsider taking infosec 101.

If the Tor network has no access, then they have no availability.

Then there is no service that has any availability and all meaning is stripped from the word.

The website is not just for transmitting tax declarations.

Indeed, and if TLS isn’t sufficient for you then by all means, use the postal service. Hell, you could even go to your local IRS location.

No, you have full access. You can go utilize 100% of the functionality of the site. Again, you are misrepresenting what availability is in the CIA triad. It does not mean all feasible ways and means of access are supported. Otherwise you’re arguing that all iOS apps are also insecure because they aren’t available to Android users.

If TLS isn’t sufficient (or available) for you, do the paperwork and mail it in.

If users who should have access (e.g. US taxpayers) are blocked, there is an availability loss. Blocking Tor reducesavailability. Which by definition undermines security.

This is a gross misunderstanding of that CIA triad. You do have access, just not through tor. Nor through Bluetooth. Nor plaintext. “Availability” does not mean you will support every known protocol so that purists and idealists can be happy.

He lives in New York, you simpleton

Never too late to pick up a hobby. Can be intimidating to start exploring and trying new stuff, but it’s worth it.

Lifting weights, motorcycle, programming at home for fun and not profit.

Lifting weights is awesome. You can do it with friends, but I tend to go solo. It’s meditative and humbling. At the same time, it’s an absolute ego boost to start seeing your progress and comparing with others.

Motorcycling is a ton of fun, but quite expensive. Buying a bike is a gut punch, then all the over priced gear. You can be thrifty about it using Facebook marketplace but you’re gonna be out quite a bit of money.

I’m a software engineer at work, but I honestly enjoy programming. I have a discord bot or two that I wrote just for my discord channel with some buddies. I also run 4 raspberry pi’s at home that require occasional IT work to do their various tasks. It’s low risk and rewarding and helps keep me a little sharper at my day job.

The most obvious answer is gaming. Hard 60/144Hz deadlines is RT. But there are lots of changes that got into the kernel from the RT group, starting with getting rid of the BKL, which helped everyone.

People who wanted GPS were also already using it by buying TomToms or other GPS devices…

The average desktop user already benefits from the changes the RT folks have slowly been getting into the baseline.