We rely on myGov, but can we trust its code?
Millions of Australians use myGov to access essential services like Medicare, the ATO, and Centrelink. The myGov Code Generator app is one of the options for enhancing myGov login security.
But is it actually secure? Services Australia, the agency who publishes it, claims it is. But when I requested the app's source code under Freedom of Information (FOI) laws, Services Australia refused, arguing that releasing the code would help "nefarious actors" and compromise security. In other words: "Security by Obscurity".
True security requires transparency. Hiding the code prevents independent experts from auditing the system for flaws. It also denies secure access to government services for people who do not live in the Google or Apple "walled gardens", or to people with disabilities and culturally and linguistically diverse cohorts who cannot use the app as designed, but who could use modified or translated versions.
A merits review at the Administrative Review Tribunal (ART)
After years of waiting for the OAIC's review of Services Australia's access refusal decision - which they punted on due to the technical nature of the matter - I applied to the Administrative Review Tribunal (ART) for review. In this proceeding I will challenge the government's claim that hiding public, publicly-funded software is necessary and in the public interest.
This is not just a fight about source code—it is a fight for the right to know how our government's essential digital infrastructure works, and for the right to make it better for everyone.
The government will use taxpayers' money (probably lots of it!) to employ top legal counsel to defend their position of secrecy and control. I need your help to level the playing field in this fight for transparency, security, and freedom.
this post was submitted on 29 Jan 2026
34 points (97.2% liked)
Australia
4778 readers
193 users here now
A place to discuss Australia and important Australian issues.
Before you post:
If you're posting anything related to:
- The Environment, post it to Aussie Environment
- Politics, post it to Australian Politics
- World News/Events, post it to World News
- A question to Australians (from outside) post it to Ask an Australian
If you're posting Australian News (not opinion or discussion pieces) post it to Australian News
Rules
This community is run under the rules of aussie.zone. In addition to those rules:
- When posting news articles use the source headline and place your commentary in a separate comment
Banner Photo
Congratulations to @Tau@aussie.zone who had the most upvoted submission to our banner photo competition
Recommended and Related Communities
Be sure to check out and subscribe to our related communities on aussie.zone:
- Australian News
- World News (from an Australian Perspective)
- Australian Politics
- Aussie Environment
- Ask an Australian
- AusFinance
- Pictures
- AusLegal
- Aussie Frugal Living
- Cars (Australia)
- Coffee
- Chat
- Aussie Zone Meta
- bapcsalesaustralia
- Food Australia
- Aussie Memes
Plus other communities for sport and major cities.
https://aussie.zone/communities
Moderation
Since Kbin doesn't show Lemmy Moderators, I'll list them here. Also note that Kbin does not distinguish moderator comments.
Additionally, we have our instance admins: @lodion@aussie.zone and @Nath@aussie.zone
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Nothing pisses me off more than websites that require you to install their app for 2FA.
There is no reason for you to not be using standards based authenticator solutions. You don't code as well as the rest of the world, so don't get me started.
Counterpoint: A government portal needs to be extremely backwards compatible to support as many people as possible. That includes supporting devices that don't support the latest standards.
software standards can be implemented on whatever hardware