On Mon, Apr 04, 2016 at 11:12:03AM +1000, Bernard Robertson-Dunn wrote: > If you wish to opt-out of the MyHealthRecord trials you can go to this site. > http://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml > > A few clicks takes you to a page where you can fill in identity details > > That page asks for name, date of birth and Medicare number and one of > driver licence number > passport number > or immicard number > > Would someone please confirm that all this is being done in the clear? > i.e. it's not https
1. The page is also accessible as https://www2.medicareaustralia.gov.au/pext/optoutextweb/optout.xhtml Most of the links in the page source seem to be relative links, so if you enter the site using the https:// url rather than http:// it seems probable that the entire session will be encrypted. of course, this also means that if you enter the page using the http:// url, everything will be unencrypted. They really ought to have the web server redirect http:// requests to the https:// site. 2. the page requires javascript, so i was unable to investigate beyond the first page. Later pages may have absolute http:// URLs. Don't know. is there any other way to opt out? preferably one that doesn't require me to allow the government (and/or whoever they've outsourced the web site to) to run arbitrary javascript code on my computer. by phone, perhaps? 3. The page contains several links to https://myhealthrecord.gov.au hidden behind containers that are revealed by javascript, but the main "Go back to myhealthrecord.gov.au" link at the top of the page is http rather than https. Probably a careless mistake. craig -- craig sanders <c...@taz.net.au> _______________________________________________ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link