[LINK] MyHealthRecord opt-out Site
Craig Sanders
cas at taz.net.au
Mon Apr 4 11:34:28 AEST 2016
On Mon, Apr 04, 2016 at 11:12:03AM +1000, Bernard Robertson-Dunn wrote:
> If you wish to opt-out of the MyHealthRecord trials you can go to this site.
> http://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
>
> A few clicks takes you to a page where you can fill in identity details
>
> That page asks for name, date of birth and Medicare number and one of
> driver licence number
> passport number
> or immicard number
>
> Would someone please confirm that all this is being done in the clear?
> i.e. it's not https
1. The page is also accessible as
https://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml
Most of the links in the page source seem to be relative links, so
if you enter the site using the https:// url rather than http://
it seems probable that the entire session will be encrypted.
of course, this also means that if you enter the page using the http://
url, everything will be unencrypted. They really ought to have the web
server redirect http:// requests to the https:// site.
2. the page requires javascript, so i was unable to investigate beyond
the first page. Later pages may have absolute http:// URLs. Don't
know.
is there any other way to opt out? preferably one that doesn't require
me to allow the government (and/or whoever they've outsourced the web
site to) to run arbitrary javascript code on my computer. by phone,
perhaps?
3. The page contains several links to https://myhealthrecord.gov.au
hidden behind containers that are revealed by javascript, but the main
"Go back to myhealthrecord.gov.au" link at the top of the page is http
rather than https. Probably a careless mistake.
craig
--
craig sanders <cas at taz.net.au>
More information about the Link
mailing list