Re: This is not exactly news
"The usage of TOR or VPS services from within my corporate network would be cause for termination."
Inside a corporate network is where you don't need them. The corporate has the resources to create VPNs for the users that are not on the network, and there is no need for user privacy on corporate machines. If you read the posts that I replied to, they are discussing blocking access to public-facing services from large ranges of addresses because a hosting provider, which usually includes a VPS provider, is using them. Not because there is any active traffic coming from the entire range, but just because it could.
They are not asking to do it properly, like another poster here suggested: "run fail2ban, and other commercial IDP products, and we just regularly review the lists of blocked IPs". They are suggesting that they simply obtain all the ranges that someone can buy and block them. I would like them to know that there is a reason for legitimate traffic to come from those, and also that if this is their cunning plan to quash security threats, it will be ineffective because an attack can come from any set of IPs.
In practice, I care a lot less about blocking Tor than I do about blocking VPS systems. Tor is rarely used by legitimate users to access the standard internet except to circumvent censorship, and we can ensure that whatever systems are being accessed in that realm know not to block it. However, I don't want my traffic or system to be considered suspect just because I don't have my own IP address range.