TurboTax - Linux?
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Feb 14 15:24:09 UTC 2005
STYMA, ROBERT E (ROBERT) wrote:
> Actaully no. No more than using ssh is sending your
> password over the net. Electronic filing uses a secure
> tcp/ip protocol.
If you do your tax filing over the web, it is done using secure network
protocol. Actually, for HTTPS, I can check what encryption scheme is
used (just click on the lock icon). If I don't like it, I can simply
disconnect and do my taxes elswhere or using some other method. For net
filing, I have no idea what they are using and how secure it is. I can
only hope that they are using same encryption algorithm (for example
3DES or AES) as the ones used for HTTPS protocol. That would mean net
filing has exactly the same security as HTTPS. If they are using some
propriatory protocol (instead of the standard ones), I'd stay clear from
net filing and use good old paper and pen. All propriatory protocols in
history of mankind have proven to be trivial to brake.
Even if you do it all on your PC, your information is going to be stored
on two networked computers. Your desktop PC running Windows will be one
of them. And we all know how secure is desktop PC. Once you transfer
it over, it is going to exist for some amount of time on another
networked computer. Your government's tax agency computer.
The only good reason against doing taxes over the web is that you trust
third party (privatly owned entity) with your private data. But on the
other hand, as soon as you hire some agency and/or accountant to do your
taxes, you are doing basically the same thing. As long as you live in
country with sufficient legal regulations that requires anybody doing
taxes (including over the web) to protect your privacy, you should be fine.
Have in mind that braking into your desktop PC is almost zero-risk
thing. There'll probably be no consequences for attacker even in
unlikely case that he is detected. You do not have sufficient funds to
do much about it. Your funds are barely enough to set up basic defenses
for that matter. On the other hand breaking into accounting company's
computers or government computers is completely different story. They
have funds to hunt down the attacker. Unlike you, they have funds to
create secure environment. If I have to keep my confidential data
anywhere, the last place I'd like to see them stored is desktop Windows
machine.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list