TurboTax Did Everything It Could To Hide The Free-Filing Its Supposed To Offer

from the hide-and-seek dept

For years, advocates for the non-wealthy public have put forward plans to simplify the tax-preparation process by having the IRS pre-prepare a tax filing with the information it already has, sending it to citizens, and allowing those citizens to either sign and return it or do their own tax preparation if they think there are errors. Several politicians have put versions of this plan forward, including Elizabeth Warren. The idea is that, for the vast majority of Americans, the IRS already has all the information it needs for the tax filing. Why make most people do tax prep when they don't have to?

Well, for just as many years, the companies that make money by doing this tax prep work have lobbied heavily in Congress to keep this from becoming law. Intuit, makers of TurboTax software, has been particularly active on this front, with novel arguments that amount to, "But if you make this law, then we'll make less money." When that messaging became a PR disaster, the company tricked a bunch of mouth-pieces to say all this for it.

Now, if all of that seems like shady shit, you ain't seen nothing yet. One of the ways companies like Intuit hand-wave concerns that its lobbying efforts are coercing the poor and middle class to pay for tax prep that is so simple it should be free is by pointing out that it entered into an agreement with the IRS to offer their own free-to-file programs for anyone that makes less than $66k in a given year. While that's true, ProPublica has a nice write up of just how far Intuit in particular goes to hide this program from the very public it's supposed to be serving.

Intuit and other tax software companies have spent millions lobbying to make sure that the IRS doesn’t offer its own tax preparation and filing service. In exchange, the companies have entered into an agreement with the IRS to offer a “Free File” product to most Americans — but good luck finding it.

Here’s what happened when we went looking.

Our first stop was Google. We searched for “irs free file taxes.” And we thought we found what we were looking for: Ads from TurboTax and others directing us to free products.

Spoiler alert: those products didn't end up being free. Despite ads that mentioned "free" several times over, the researchers that created a profile of a house cleaner making $29k for the year, TurboTax's site declared that free to file wasn't an option because the fictional citizen was an independent contractor. Instead, the tax prep would cost $119.99. ProPublica continued:

Then we tried with a second scenario. We went back to TurboTax.com and clicked on “FREE Guaranteed.” This time, we went through the process as a Walgreens cashier without health insurance, entering personal information and giving the company lots of sensitive data.

Again, TurboTax told us we had to pay — this time because there’s an extra form if you don’t have insurance. The charge? $59.99.

Per the article, both instances are not kosher based on the agreement with the IRS. That agreement is quite simple: if you make less than $66k in the year, you get to file for free, period. From there, the researchers dug into TurboTax's source code.

Even though we clicked on the “FREE Guaranteed” option and met all the requirements to file for free, the company had tagged us as a potential paying customer. In the source code, TurboTax had branded us as “NONFFA.” That stands for “Non Free File Alliance.” In other words, we were not on track to file for free after all. Even though TurboTax could tell we were eligible to file for free, the company never told us about the truly free version.

It turns out that if you start the process from TurboTax.com, it’s impossible to find the truly free version. The company itself admits this.

So, despite that site being laced with as many "free"s as could be mustered, you can't actually get to free filing at all. How many folks using the site to file for free do you think make it all the way to the FAQ page and realize their mistake compared with how many accept what the site tells them and pay up to file instead? Especially when "free" appears all over the sites on which you cannot file for free, but the actual free filing site is called, sigh, TurboTax Freedom?

But let's pretend most people do get to that FAQ. The researchers threw "turbotax freedom" into Google to see what popped up.

The first link was from TurboTax and said “Free File Program” right in the text. We clicked, and it brought us to this new page. While the orange “See If You Qualify” link did take us to the real Free File program, the blue “Start for Free” link brought us back to the version of TurboTax where we ended up having to pay.

Whatever this is, it clearly isn't Intuit comporting with the spirit of the agreement it signed with the IRS. All of these shady tactics are quite obviously designed to keep people from ever finding the free to file site, to trick the lower classes into paying for tax prep work when they should not be, and depressing the number of people that actually use it as much as possible.

The reward for all of that shady behavior are calls from the same Congress that receives Intuit's lobbying dollars to end the program as it's not achieving its goals. And, it seems Congress is also considering legally barring the IRS from offering any free to file program itself, because that certainly serves common people.

Congress is now moving to put the Free File program into law, including its restriction on the IRS creating its own free service. We wrote about that earlier this month and the opposition to this provision by freshman Democratic Reps. Katie Hill, Katie Porter, Alexandria Ocasio-Cortez and others. The House ultimately passed the bipartisan Taxpayer First Act, which also contains some provisions that consumer advocates support, such as restrictions on private debt collection of unpaid taxes.

Now the Senate is considering the bill. Its sponsors have argued that it doesn’t tie the IRS’ hands, but outside legal experts we’ve spoken to disagree. The text in the bill codifying the Free File program has long been sought by lobbyists for Intuit.

In addition to all of this, to make matters way, way worse, more information has come to light since the original ProPublica post and the original writing of this piece. In a follow up post, ProPublic has unearthed that Intuit specifically and actively de-indexed the free-to-file website from Google's search engine with the robot.txt file.

The code on TurboTax’s Free File site says “noindex,nofollow” — instructions for it not to show up in search results.

In contrast, the TurboTax page that puts many users on track to pay signals to Google that it should be listed in search results.

Sen. Ron Wyden, the ranking Democratic member of the Senate Finance Committee, said in a statement that he plans to raise Intuit’s misleading marketing with the IRS. “Intuit’s tactics to reduce access to the Free File program and confuse taxpayers are outrageous,” he said.

Don't expect Wyden to be the only member of Congress to get into the act. Several of the Democratic Presidential candidates are members of Congress as well, and you can bet that this is the kind of subject many of them will be all over. Elizabeth Warren in particular, as one of those pushing the IRS to do its own free to file program via legislation, should be an interesting watch here.

What the end result of all of this is unknown at the moment, but it looks very, very bad for Intuit. Again, Intuit signed an agreement with the IRS not only to offer free to file itself, but to take action to increase the use of it. Delisting the website where it can be done is about as counter to that promise as can be had.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: congress, free tax filing, free taxes, irs, low income, search engines, tax prep, taxes, turbotax
Companies: intuit


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Mason Wheeler (profile), 29 Apr 2019 @ 12:02pm

    So... how serious of an offense is false advertising considered these days?

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 29 Apr 2019 @ 12:10pm

    Making it hard is part of the 'sale'

    At some point, I'm expecting that you'll need to call-in and talk to someone to get a coupon code.
    Expect this to be as easy as cancelling your current cell phone or cable contract. Since this would be a free product, they'd likely claim a long hold time due to the pure volume of calls... but on the back-end, you'll be talking to someone half-way around the world whose only job is to 'upgrade' you to the paid product at a 'special' price... if you don't do that, then they'll take down your info and have someone that's 'authorized to generate a coupon' call you back in 48 to 72 business hours (which are tuesday and friday from 1pm to 3:15pm).

    Intuit SELLS tax software... I don't know why we should trust them to do anything other than that. (you could argue that even free needs to be sold, but that's beside the point I'm trying to make)

    link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
    identicon
    Su-Wing Lo Sweet Chelly Yachts and Junks, 29 Apr 2019 @ 12:14pm

    Larger question: Who in right mind would give info to a corp?

    Doubtless having "TOS" that says they can "share" it with every other corporation? -- OR even lacking that, just DO sell it on.

    GOOGLE collates every bit of data they can get. So you've just handed name, SSN, and income level to Evil Central.

    But somehow that's not the central message here at corporate "sponsored" Techdirt.

    Believe NOTHING you see on teh internets. -- Such as the accounts here at Techdirt, especially "Gary"!

    link to this | view in thread ]

  4. identicon
    MathFox, 29 Apr 2019 @ 12:16pm

    Glad to be Dutch...

    I filed my (Dutch) tax return this Sunday. On the "belastingdienst.nl" website. Accepting the pre-filled income, bank and house-owner data and answering a few handfuls of yes-no questions. Done in 30 minutes.

    Belastingdienst translates to HMRC (for the Brits) or IRS (for the Americans).

    link to this | view in thread ]

  5. icon
    Madd the Sane (profile), 29 Apr 2019 @ 12:23pm

    Re:

    Just ask the ISPs.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 29 Apr 2019 @ 12:24pm

    Re:

    Not even an option for companies that bribe the officials as much as these companies do.

    link to this | view in thread ]

  7. identicon
    Anynomous Idiot, 29 Apr 2019 @ 12:31pm

    I'm just waiting for the class action lawsuits against Intuit for false advertising resulting from their "Free free free" television commercials.

    link to this | view in thread ]

  8. icon
    Gary (profile), 29 Apr 2019 @ 12:42pm

    Re: Larger question: Who in right mind?

    Well Sod-Cits such as yourself don't have to pay taxes so what's the problem?

    link to this | view in thread ]

  9. identicon
    Valkor, 29 Apr 2019 @ 12:44pm

    Re:

    Ha, there's an update on the article that says TurboTax changed their web page to stop hiding the free filing.

    I expect that to last about... eight months.

    link to this | view in thread ]

  10. icon
    That One Guy (profile), 29 Apr 2019 @ 12:48pm

    Re:

    Depends, how rich are you and how much of that money have you spent buying politicians? If the answer to the above is 'very' and 'a decent chunk', then a judge might wag their finger and tisk tisk at you for a few seconds.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 29 Apr 2019 @ 12:51pm

    Re: Larger question is why you are still here

    “You have issues. But let’s start with the whole “I hate Techdirt so much that I’m going to constantly surf the site and obsessively collect data on all its users to show Techdirt how much I hate it” thing and work our way out from there.”

    link to this | view in thread ]

  12. identicon
    TFG, 29 Apr 2019 @ 12:52pm

    This kind of BS needs to stop. I'll be happy if/when the IRS just provides their own, so hopefully the codification of the current thing into law goes bye bye.

    It is, however, still possible to locate the free file offers via search engine. The key is to leave the providers of it out of the search. Don't search Turbotax, search IRS. "IRS free file" to be exact.

    Scroll past the ad offers - I doubt any of them are trustworthy. You're looking for the first non-add offering, search result from www.irs.gov. The IRS has a searchable, indexed page that links to the various offerings:

    https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free

    Which then leads to: https://apps.irs.gov/app/freeFile/

    Which then leads out to the actual free versions of each offering. Based on the listing for TurboTax it seems they're somehow skimping on the terms even on the official IRS page, because they've got additional restrictions beyond your income being under $66,000 - but nevertheless, it is the actual free file site.

    Given their overall scummy nature, you might want to avoid using the TurboTax offering and use one of the other offerings instead.

    link to this | view in thread ]

  13. identicon
    Glenn, 29 Apr 2019 @ 1:03pm

    I've never really had a problem finding it: go to the govt. site (state not federal now) and follow the free file link to Turbotax Freedom.

    link to this | view in thread ]

  14. icon
    Bamboo Harvester (profile), 29 Apr 2019 @ 1:20pm

    Re:

    It's completely illegal(1)!

    We'll pursue it with unlimited(2) vigor!

    At 100mb/s(3), Guaranteed(4)!

    (5) ... do I really need to type out the footnoted exclusions?

    link to this | view in thread ]

  15. icon
    Bamboo Harvester (profile), 29 Apr 2019 @ 1:22pm

    Gotta say...

    ...I find it odd that TD is espousing having the IRS send everyone's financial data across the internet or via snail mail.

    I, for one, do NOT want anything associated with my yearly income, nor my birth date and SSN released into the wild like that.

    The can, as they have always done, compare my actual return with what they've kept on file from previous years in house.

    link to this | view in thread ]

  16. icon
    Coyne Tibbets (profile), 29 Apr 2019 @ 1:27pm

    Re:

    Any claims of false advertising are obviously fake news.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 29 Apr 2019 @ 1:28pm

    Re:

    Back in the 90s and early 2000s, I used QuickTax to file my taxes. I found it did an OK job, but the price kept on going up for the simple taxes I needed to file; navigating the software began to feel like I was entering some insurance scam.

    So, I switched to DrTax, and that year discovered when the process was complete that my income was under the "free to file" bar, so they automatically didn't charge me to file.

    They've had my patronage ever since because of that. Treating their customer like someone who was going to come back year after year, and providing them with the best service possible was such a night/day comparison to Intuit's offerings, where I felt we were in an adversarial relationship and I always came out as the loser, no matter what sort of tax return I actually had to file.

    Summary: check out the IRS website and who's offering what: not all services are created equal, and some are miles ahead in customer service, price, accuracy and convenience compared to others. Intuit doesn't really seem to even care anymore.

    link to this | view in thread ]

  18. icon
    That One Guy (profile), 29 Apr 2019 @ 1:28pm

    Re: Gotta say...

    While I can certainly see your point and agree that that sort of data is just a wee bit sensitive to be throwing around, unless companies like TurboTax send the tax filings they get/make to the IRS in physical format under guard, doesn't that already happen?

    link to this | view in thread ]

  19. icon
    Bamboo Harvester (profile), 29 Apr 2019 @ 1:44pm

    Re: Re: Gotta say...

    Liability. Those services are a buffer between me and the IRS. Won't get my data back if it's released, but I can sue Intuit over it. Can't sue the IRS. Well, alright, you can, but you'll get a court date of about a week before the first manned interstellar flight, so...

    Same reason I use an accountant. If they screw up my taxes or get hacked, it's on them.

    But the idea of the IRS, the FEDERAL GOVERNMENT, sending all that information to EVERY TAX PAYER on a yearly basis is completely insane.

    Birth dates, SSN's, bank account numbers, credit details, outstanding loan information, etc.

    Really?

    link to this | view in thread ]

  20. icon
    That One Guy (profile), 29 Apr 2019 @ 1:53pm

    Re: Re: Re: Gotta say...

    Fair points all, but I'd see that more as a reason to keep fine-tuning the proposed streamlined system to work on addressing those concerns, as opposed to continuing the current one.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 29 Apr 2019 @ 1:54pm

    Re: Re: Re: Gotta say...

    "Liability. Those services are a buffer between me and the IRS. "

    HA ha hah ... wait you were serious?

    link to this | view in thread ]

  22. icon
    Bamboo Harvester (profile), 29 Apr 2019 @ 2:09pm

    Re: Re: Re: Re: Gotta say...

    My problem is with the government sending that data out to every tax payer.

    Figure out the five most important "ID's", starting with SSN.

    Now, if you could come up with a log-in system that required ALL of them as "passwords", and got the IRS to setup a site where you could download/on-line complete your info after entering those, I'd be less inclined to scream about it.

    However... Think of the initial obamacare website. THAT is the level of competence and security people should expect from the government. Because that's the level we're going to get, like it or not.

    link to this | view in thread ]

  23. icon
    Bamboo Harvester (profile), 29 Apr 2019 @ 2:13pm

    Re: Re: Re: Re: Gotta say...

    I never used those services, by the time they came around my taxes were too complex to NOT use a CPA as a buffer.

    I've been audited three times in the last forty or so years.

    The second time was the IRS's fault - the accounting firm checked their work, deemed it fine, sent it back and the IRS conceded.

    The other two times were errors the accountants made.

    They refiled with corrections at no charge to me, and they ate the penalty fees the IRS assessed.

    And before some idiot jumps in saying they only did that because I'm a rich old white guy nazi, NO. I'm not rich, nor a nazi. They ate the penalties because it was their screwups that caused them, and it was good business.

    link to this | view in thread ]

  24. identicon
    Valkor, 29 Apr 2019 @ 2:35pm

    More grandstanding

    Side note to the grandstanding politicians:

    It's your fault that the tax code is so gorram complicated. Turbo Tax, like infected pus, is a symptom of a problem. They might say something like "Oh, you sold a mutual fund? You have a 1099-something with four different income lines on it? We'll help you figure that out, and for only $60!" The only reason they can even say that is the tax instructions on anything more complicated than a W2 are incomprehensible to layman! Politicians, it's YOUR FAULT! You write the tax code! You start using the power of taxation to incentivize and discourage, to reward and punish, to CONTROL, and you have the mess that is the tax code. A parasitic industry of tax preparation springs up around this, based on confusion and fear. People complain, and the politician, to maintain the control, offers to subsidize the parasite.

    Blame the disease, not the symptom.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 29 Apr 2019 @ 2:40pm

    Re: Re: Re: Gotta say...

    If you really don't think all your personal information isn't already available for sale to any bidder, not just the highest, well, you're in for a shock. Here's just one example of how all your data, social security number and all, have been exposed:

    https://money.cnn.com/2018/02/09/pf/equifax-hack-senate-disclosure/index.html

    There are many others, even other credit reporting agencies.

    Your best course of action is to acknowledge this fact of life and adjust your expectations and reaction plans accordingly. Watch your credit reports, credit card bills, everything financial closely and be prepared to lock your credit, switch banks, replace credit cards and whatever else to protect yourself. Nobody else will.

    link to this | view in thread ]

  26. icon
    Mason Wheeler (profile), 29 Apr 2019 @ 2:41pm

    Re: Making it hard is part of the 'sale'

    Intuit SELLS tax software... I don't know why we should trust them to do anything other than that.

    This is something I've maintained for a long time, ever since a job at a clinic got me a serious peek behind the curtain of the world of healthcare: if a conflict of interest is an inherent part of your business model, you should not be in that business.

    link to this | view in thread ]

  27. identicon
    SirWired, 29 Apr 2019 @ 2:54pm

    And the funny thing is, the stand-alone programs are *cheap*

    I'm waaaay outside of being eligible for Free-File, and I haven't paid more than $30 to file my taxes for years.

    I use the "deluxe" PC version of H&R @ Home, and for no more than $30 (usually $25 on-sale), you get pretty much every single form a wage-earner could possibly need. It includes a State program, and free Federal filing. State filing is over-priced, so I just print it out and mail it in.

    But if you go through the H&R website, it's all going to cost much more. And I'm gobsmacked that TurboTax online is $60 for any situation an entry-level cashier could possibly be in.

    But, yeah, I should't have to do any of this at all. With the increased standard deduction, not a single item of information went on my forms that the feds don't already know.

    link to this | view in thread ]

  28. icon
    Coyne Tibbets (profile), 29 Apr 2019 @ 3:03pm

    Site changes?

    I don't know if my results are typical, but when I went to taxfreedom.com from my cell, I was immediately redirected to the taxcut site.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 29 Apr 2019 @ 3:06pm

    Re: Re: Gotta say...

    The filing companies use "strong encryption" on tax data, either on your own computer or when transmitted to the IRS. Of course, to a serious hacker the fact that the data must be in memory for the return to be calculated, the whole thousands-of-preparers transmitting returns to the IRS who has to be able to unencrypt from all of them, the strongly-ordered transmissions (XML format), all make me believe that this is not the most-secure system ever devised.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 29 Apr 2019 @ 3:27pm

    Remember when turbotax drm overwrote portions of the boot sector?
    Pepperidge Farms remembers.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 29 Apr 2019 @ 3:59pm

    Re: Re:

    Note it was changed AFTER tax filing date this year.

    link to this | view in thread ]

  32. icon
    Beta (profile), 29 Apr 2019 @ 4:48pm

    Re: Re: Re: Re: Re: Gotta say...

    So on a return as complex as yours, the probability that the IRS will makes a serious error (in their own favor) is 2.5%, and a CPA 5%.

    The tax code is a mess.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 29 Apr 2019 @ 4:53pm

    Proof that ROBOTS.TXT does exist in the wild...

    So the first obvious use of Robots.txt should be to prevent users from finding and pirating the free versions of products that companies sell, right?

    I mean we keep hearing from all these companies that Google is stealing from them and 'pirating' their news, who knew that all they needed to do was put their site in the Robots.txt file and have them ignored...

    So why isn't anyone doing this?

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 29 Apr 2019 @ 5:11pm

    Somewhat unrelated, but the weirdest part of this is that the two turbotax systems are really completely separate. It's impossible to upgrade from the free version to the paid version, you actually have to make a new account and then re-enter all your information. It's actually infuriating, and I can't quite tell whether their goal is to actively get rid of customers who are smart enough to find the free version, or if we are just collateral damage from them attempting to hide said version.

    link to this | view in thread ]

  35. icon
    That Anonymous Coward (profile), 29 Apr 2019 @ 5:31pm

    Gee, perhaps accepting promises, from those who champion keeping the tax code indecipherable, about helping those who qualify file for free to do so and turn away an extra couple of bucks is a dumb idea.

    But then we have two sides voting to keep this stupidity & make it worse every year... perhaps all these years of wasting our tax dollars has made them think we all have plenty of extra money to give corporations so they can make 'contributions' so we can pay them even more money...

    link to this | view in thread ]

  36. identicon
    Call me Al, 30 Apr 2019 @ 4:52am

    Re: Glad to be Dutch...

    Glad to be a Brit for this too. Our tax system has some pre-population (but not complete yet) so you fill in the gaps, file and pay if needed. All free.

    link to this | view in thread ]

  37. icon
    Bamboo Harvester (profile), 30 Apr 2019 @ 6:59am

    Re: Re: Re: Re: Re: Re: Gotta say...

    IIRC, the US Tax Code comprises more volumes than US Criminal Code.

    The worst part about it is that "old" sections are never removed. A new 300 page regulation "overrides" them, and the following year a new 250 page regulation reinstates half of what the prior one killed, the year after that...

    The problem really isn't with Code, but on how it's updated and maintained.

    And something the "tax the rich!" crowd can never seem to figure out is that the tax code is HOW the rich get their money back.

    link to this | view in thread ]

  38. icon
    Bamboo Harvester (profile), 30 Apr 2019 @ 7:01am

    Re: Re: Re: Re: Gotta say...

    You missed the point.

    The IRS compiling ALL your ID and Financials so they can send it out Bulk Rate Mail.

    It's the El Dorado Mine for hackers.

    link to this | view in thread ]

  39. icon
    Bamboo Harvester (profile), 30 Apr 2019 @ 7:02am

    Re: Re: Re: Gotta say...

    Yeah, they use ROT-13 because it's ONE LOUDER than ROT-12...

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 30 Apr 2019 @ 7:33am

    Re: Re: Re: Re: Re: Re: Re: Gotta say...

    And something the "tax the rich!" crowd can never seem to figure out is that the tax code is HOW the rich get their money back.

    Their rhetoric is focused on wealth, and they seem to overlook that US taxes are almost entirely based on income—the ultra-rich can use the complexity to their advantage to have surprisingly low incomes. (Real property is an exception, but one can only have so many houses.)

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 30 Apr 2019 @ 6:10pm

    ugh... wish I had known about this... currently debating whether I should call in and demand a refund from Turbotax for this. They charged me $100+ for my return because of one additional form for health care related information! I'm glad techdirt posted this so that I can make sure to get it for free next time if my income is below 66K.

    link to this | view in thread ]

  42. icon
    CypherDragon (profile), 1 May 2019 @ 10:45pm

    Re: Re: Glad to be Dutch...

    It's the American Way(tm), the Free Market(tm) is doing it's job. It would be SOCIALISM(tm) to have the IRS compile the data they already have and just have the taxpayer verify it! You don't want SOCIALISM(tm) to win do you? Why, that would be as bad as SHARIA LAW(tm)!

    link to this | view in thread ]

  43. icon
    CypherDragon (profile), 1 May 2019 @ 11:04pm

    Re: Re: Re: Gotta say...

    For a hacker to get to that in-memory return data, that means your machine is already compromised. If your machine is compromised, nothing is safe - and they likely have full access to your entire financial life, as well as other aspects. If you're working about data in-memory for this kind of attack vector as a private citizen, you've already lost the plot. If a malicious actor has this much access, you're done.

    All of the filing companies, as well as the IRS, use the standard SSL approach, which uses public-key cryptography to negotiate the handshake, and which uses one private key that decrypts anything encrypted with the public key. That's the way PKI works. The data itself is then encrypted using TLS 1.2, provided you use a major player that keeps it's servers up to date. That means AES 256 for the actual crypto, SHA-512 for the hash algorithm, and ECC DHE for the key exchange. This all means that your data is reasonably indistinguishable from background randomness for anyone without state-actor level computing power to throw at it. That is one of the keys of modern cryptography - ensuring that the underlying data can't be decrypted easily through brute-force methods such as letter frequency, or pattern matching analysis. Brute-forcing the key is far more common (mostly through rainbow tables and dictionary attacks against weak/poorly generated keys) than trying to directly decrypt the data.

    You are right to be skeptical of what's being used, and thankfully this is pretty easy to check (just click on the little lock icon, then view the certificate, and look at the details - it'll tell you all the above)...but you do need to educate yourself a bit on how these various technologies work together. So long as the keys are not compromised, or there is no hidden vulnerabilities in the underlying SSL technologies (which are typically found and patched very rapidly when they do happen) your data is about as safe as we can make it currently.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.