Hotmail users in the Middle East, Africa and Asia had secure access to their email accounts disabled on Friday 25 March, after Microsoft turned off its ‘use HTTPS automatically’ setting.

The move – initially reported by Jillian C. York, who writes for Al Jazeera English – could potentially have allowed government-controlled ISPs to eavesdrop on sensitive communications. The problem was reported in more than a dozen countries, including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan.

Hotmail users with their location set to any of these countries, who attempted to turn on the always-use-HTTPS feature in order to read their mail securely, received an error message that said: “Your Windows Live ID can’t use HTTPS automatically because this feature is not available for your account type.”

York pointed out that users in the affected countries were able to overcome the problem by changing their location setting, indicating that users had been barred from HTTPS by their stated location rather than by IP address.

An inconvenient truth

Microsoft responded to the issue late on Friday, with a statement on one of its technical help sites.

“We are aware of an issue that impacted some Hotmail users trying to enable HTTPs.  That issue has now been resolved,” read the statement. “Account security is a top priority for Hotmail and our support for HTTPS is worldwide – we do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world.  We apologize for any inconvenience to our customers that this may have caused.”

However, some online commentators have pointed out that, for many people in the affected countries, this mistake could be far more than an inconvenience – and could even lead to political activists being rooted out and forced to face the consequences.

“For Microsoft to take such an enormous step backwards – undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important – is deeply disturbing,” wrote EFF International activist Eva Galperin on the Deeplinks blog.

Microsoft introduced the always-use-HTTPS feature for Hotmail in November 2010, enabling users to protect their sensitive communications from hijackers and fraud. The move followed Google’s decision to switch HTTPS to always-on by default for Gmail users earlier that year.

Facebook meanwhile, recently increased the security of its account log-ins, reportedly following attempts by the Tunisian government to capture login details of all Facebook users.

“By using a connection with advanced security features, you can be even more confident that your account is safer from hijackers and your private information is less likely to fall into someone else’s hands,” blogged Dick Craddock, group programme manager for Windows Live Hotmail, at the time.

Ensuring anonymity on the web

In related news, the Free Software Foundation has honoured the Tor Project – which works to ensure anonymity online and defend users against network surveillance and traffic analysis – at its latest annual award ceremony. According to the FSF, the technology “proved pivotal in dissident movements in both Iran and more recently Egypt”.

Despite attempts by the Egyptian government to block online communications during the recent political protests, the Tor Project helped to ensure privacy and anonymity on the web.

The Tor Project received the foundation’s Award for Projects of Social Benefit, which in previous years has gone to the Internet Archive, Creative Commons, Groklaw and Wikipedia.

Sophie Curtis

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago