[LINK] MyHealthRecord opt-out Site
Michael
mike at bystander.net
Mon Apr 4 11:57:07 AEST 2016
Just for clarity, the main site page, which is https encrypted is here:
https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/trials#dont-wantmhr
It links to the http unencrypted opt-out page.
It isn't a case of somebody entering a URL manually, it is the only link
from the main site.
Regards,
Michael Skeggs
On 4 April 2016 at 11:34, Craig Sanders <cas at taz.net.au> wrote:
> On Mon, Apr 04, 2016 at 11:12:03AM +1000, Bernard Robertson-Dunn wrote:
> > If you wish to opt-out of the MyHealthRecord trials you can go to this
> site.
> > http://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
> >
> > A few clicks takes you to a page where you can fill in identity details
> >
> > That page asks for name, date of birth and Medicare number and one of
> > driver licence number
> > passport number
> > or immicard number
> >
> > Would someone please confirm that all this is being done in the clear?
> > i.e. it's not https
>
> 1. The page is also accessible as
> https://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
>
> Most of the links in the page source seem to be relative links, so
> if you enter the site using the https:// url rather than http://
> it seems probable that the entire session will be encrypted.
>
> of course, this also means that if you enter the page using the http://
> url, everything will be unencrypted. They really ought to have the web
> server redirect http:// requests to the https:// site.
>
> 2. the page requires javascript, so i was unable to investigate beyond
> the first page. Later pages may have absolute http:// URLs. Don't
> know.
>
> is there any other way to opt out? preferably one that doesn't require
> me to allow the government (and/or whoever they've outsourced the web
> site to) to run arbitrary javascript code on my computer. by phone,
> perhaps?
>
> 3. The page contains several links to https://myhealthrecord.gov.au
> hidden behind containers that are revealed by javascript, but the main
> "Go back to myhealthrecord.gov.au" link at the top of the page is http
> rather than https. Probably a careless mistake.
>
> craig
>
> --
> craig sanders <cas at taz.net.au>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list