Online Turbo Tax ease vs uneasy (paranoid)

[Zero]

Thanks for the great replies, and agreeing with Freebird, lots of knowledge passed on from IT folks and users of TT.

A hacker has to be out there right now working on this because it was the first thing I thought of when I saw how they were doing it. Even if a hacker were just monitoring my inputs from hacking me, it's enough to make me wonder.

Probably 99.99966% safe. But I'm usually the loser getting the 0.00034% kick in the groin.

Appreciate the opinions.

[Gotadimple]

Unless one is only willing to submit their tax forms in paper format, you are using someone's database to submit your taxes. The only exception is actually filing while on the IRS web site.

That is, even when you prepare on your computer and do e-file, there is a vendor who is actually doing the submitting for you. I'm pretty sure the IRS doesn't allow just anyone to dump 'data' in their repository and that there are both technical and security details that need to be met before they gain access.

About the vendor mining your personal information:. I imagine that it's prohibited.

Rita

[Rustward]

Took a look at the Tax Act privacy policy: TaxACT Privacy Policy Statement
...
All information you enter while using TaxACT is used strictly by 2nd Story Software, Inc. to provide the services requested by our customers. We maintain physical, electronic, and procedural safeguards that comply with applicable law and federal standards. All data is stored on 2nd Story Software servers and is backed up to prevent the loss of data. Electronically filed returns, which are further encrypted, are sent directly from 2nd Story Software to the IRS via a secure connection. ...

I imagine these tax software companies have to go through a qualification process and audit as defined by the IRS before they are allowed to submit returns.

[donheff]

I have been using TT and TaxAct to track filings this year in anticipation of using them next year or the following year when our tax situation will be simpler than it is today. I enter everything by hand but have been curious about the ability to download information. I just assumed you had to enable your financial servicing organization to release the info with some sort of restricted access. The software isn't using full access usernames and passwords are they? As to the security of encrypted systems, they are as secure as the users. Encrypted DBs will prevent a hacker who somehow access a copy of the data from opening it. But private keys, tokens, etc can be compromised if users don't protect them or, as was pointed out above, if users are malicious.

[Walt34]

Quote:

Originally Posted by freebird5825 Yes. I always get the downloadable version for this very reason. dh2b is a telecomm guy and very savvy about computer security. His feeling about voluntarily supplying a full set of highly personal info online is a big Who am I to argue with someone who w*rks in the business ?

Agreed. I did computer forensics for a long time and part of that job entailed breaking passwords and encryption. It is difficult, but not impossible, to break any encryption now known and it will get easier with faster processors and distributed attacks. It boils down to factoring large prime numbers, giving each computer a "piece of the pie" to munch on, similar to the concept behind the SETI screensaver project. And it depends on how many resources you want to throw at it.

In the words of one of the early guys doing that work in the late '80's "The only way to make a computer absolutely secure is turn it off."

An interesting read is The Code Book by Simon Singh, about the history of cryptography.