Hotmail users in the Middle East, Africa and Asia had secure access to their email accounts disabled on Friday 25 March, after Microsoft turned off its ‘use HTTPS automatically’ setting.
The move – initially reported by Jillian C. York, who writes for Al Jazeera English – could potentially have allowed government-controlled ISPs to eavesdrop on sensitive communications. The problem was reported in more than a dozen countries, including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan.
Hotmail users with their location set to any of these countries, who attempted to turn on the always-use-HTTPS feature in order to read their mail securely, received an error message that said: “Your Windows Live ID can’t use HTTPS automatically because this feature is not available for your account type.”
York pointed out that users in the affected countries were able to overcome the problem by changing their location setting, indicating that users had been barred from HTTPS by their stated location rather than by IP address.
Microsoft responded to the issue late on Friday, with a statement on one of its technical help sites.
However, some online commentators have pointed out that, for many people in the affected countries, this mistake could be far more than an inconvenience – and could even lead to political activists being rooted out and forced to face the consequences.
“For Microsoft to take such an enormous step backwards – undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important – is deeply disturbing,” wrote EFF International activist Eva Galperin on the Deeplinks blog.
Microsoft introduced the always-use-HTTPS feature for Hotmail in November 2010, enabling users to protect their sensitive communications from hijackers and fraud. The move followed Google’s decision to switch HTTPS to always-on by default for Gmail users earlier that year.
Facebook meanwhile, recently increased the security of its account log-ins, reportedly following attempts by the Tunisian government to capture login details of all Facebook users.
“By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers and your private information is less likely to fall into someone else’s hands,” blogged Dick Craddock, group programme manager for Windows Live Hotmail, at the time.
In related news, the Free Software Foundation has honoured the Tor Project – which works to ensure anonymity online and defend users against network surveillance and traffic analysis – at its latest annual award ceremony. According to the FSF, the technology “proved pivotal in dissident movements in both Iran and more recently Egypt”.
Despite attempts by the Egyptian government to block online communications during the recent political protests, the Tor Project helped to ensure privacy and anonymity on the web.
The Tor Project received the foundation’s Award for Projects of Social Benefit, which in previous years has gone to the Internet Archive, Creative Commons, Groklaw and Wikipedia.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…