MS Removes HTTPS From Hotmail For Troubled Nations

← Back to Stories (view on slashdot.org)

MS Removes HTTPS From Hotmail For Troubled Nations

Posted by timothy on Friday March 25, 2011 @03:39PM from the well-that'll-sure-end-their-troubles dept.

An anonymous reader writes "Microsoft has removed HTTPS from Hotmail for many US-embargoed or otherwise troubled countries. The current list of countries for which they no longer enable HTTPS is known to include Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Journalists and others whose lives may be in danger due oppressive net monitoring in those countries may wish to use HTTPS everywhere and are also encouraged to migrate to non-Microsoft email providers, like Yahoo and Google." Update: 03/26 17:08 GMT by T : Reader Steve Gula adds the caveat that "Yahoo! only does HTTPS for authentication unless you're a paying member."

10 of 147 comments (clear)

Min score:

Reason:

Sort:

Easy to remedy by jginspace · 2011-03-25 15:46 · Score: 2, Informative

I don't know what Microsoft are thinking here but seeing as it's using the country you set in your profile; not any sort of geoip lookup ... the remedy is simple: just change the country in your profile.
1. Re:Easy to remedy by hairyfeet · 2011-03-25 23:26 · Score: 2, Informative
  
  Dude its a fricking bug. It isn't even a fricking bug that blocks HTTPS, it just doesn't set it as default. Big fricking whoop, you just have to go in and set it. And anybody who is in a repressive country and sending shit that may get them in trouble to their email account without even using Tor or some other obfuscation is seriously asking for it anyway.
  Now if they had issued a press release that said "Countries A-K will NOT have HHTPS access" that would be one thing, and they'd deserve to get nailed for it. But it is a fricking bug associated with a new feature rollout. Hell why do you think Google is always in perpetual Beta? Because bugs happen, that's why. I'm sure by this time next week they'll have tracked down the uh oh and until then you can manually set it just like you did before since the whole point of this new feature was to set it automatic whereas before it was manual.
  So get off the "ZOMG! UR killin peoplez ZOMG!" bullshit, it was manual before, it is manual now until they get the bug fixed, then it will be automatic. Or are you claiming people in third world countries are too stupid to look for the little lock symbol?
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
2. Re:Easy to remedy by hairyfeet · 2011-03-25 23:42 · Score: 4, Informative
  
  Fun fact:You're wrong. The largest is Yahoo! Mail followed by Gmail with Hotmail third.
  I personally think THIS is why Ballmer had such a hard on to buy out Yahoo! and why they were quick to jump on the search deal, as Yahoo Mail has a TON of users and funnily enough the Yahoo Web Portal is the #1 home page (Yeah I know its a cluttered mess, apparently people like cluttered messes) by a large margin. Hell that damned portal is so popular now the only time I notice anymore is when someone brings in a PC to be fixed and Yahoo Portal ISN'T the default, that is how damned popular that thing is.
  As for TFA they ain't blocking HTTPS they had a bug that screwed up setting HTTPS as default. Surprise surprise new software rollout finds a bunch of bugs that need fixing. Until they chase down the bugs you can either use the FF plugin or just set it manually which isn't exactly a hardship. If this were anyone else it wouldn't even rate a mention but since it is MSFT the tinfoil hatters have to get in a few shots.
  Hell only the old folks use Hotmail anymore anyway, mostly those like my dad that got a branded account with his DSL. I can't even remember the last time I saw a customer under 50 that had Hotmail bookmarked. Everyone else it is Yahoo Mail followed by Gmail for the under 30s.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
3. Re:Easy to remedy by GameboyRMH · 2011-03-26 02:11 · Score: 3, Informative
  
  Maybe the same reason that Windows is still the most popular OS. They were the first to make it easy and convenient, and nobody's bothered to change.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Obsolete info by Anonymous Coward · 2011-03-25 15:56 · Score: 5, Informative

It was a bug, it has been fixed.
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/
Cool it. by westlake · 2011-03-25 16:07 · Score: 4, Informative

The Register has a calmer take on this story:

Microsoft is blaming a mystery bug for preventing access to the encrypted version of Hotmail, denying that it deliberately blocked access to the service in Syria.
On Friday afternoon, the company told The Reg that Hotmail users who had already enabled the HTTPS version of the popular email service were still able to use it. Only Hotmailers trying to turn on HTTPS for the first time in certain countries and languages were being blocked, Microsoft said.
People trying to connect were greeted with the message: "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type."
Microsoft said it still doesn't know what caused the bug, but it has been resolved and the company is investigating the cause. "We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world. We apologize for any inconvenience to our customers that this may have caused," a Microsoft spokesperson said.
The company said users in the Bahamas, Cayman Islands, and Fiji were also affected.

Microsoft: Mystery bug blocks Syrian secure Hotmail
Sun worshipers and fat cats hit too [March 26]
Banned in China by Anonymous+Bullard · 2011-03-25 17:09 · Score: 2, Informative

Cryptography is banned in China and territories under their control without a permit by the "communist" party regime. They will have keys for the crypto they allow their subjects to use.
Big and compliant foreign firms may apply for an exception but obviously that doesn't mean their operations haven't been breached from within.

--
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
Re:FUCK Microsoft by h4rm0ny · 2011-03-25 20:25 · Score: 4, Informative

Well it certainly doesn't appear to be a good thing, but let's at least clean up the usual more-incendiary-than-it-needs-to-be summary (TUMITINTBFS). A few months ago, MS added a setting to it's Live accounts, where you could set it to use HTTPS automatically.What appears to have happened is that this has been provided for some countries, e.g. the USA, but not for some Middle Eastern and Eastern European countries (including Iran). So this isn't some long-standing feautre that has suddenly been removed. Also, it seems that HTTPS is still available, but can't be set to be automatically enabled. So the feature is not prevented, merely not as convenient.

So not a good thing on MS's part, apparently, but at least lets have some decent information.

--

Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Re:The Point? by wmac · 2011-03-25 21:41 · Score: 1, Informative

Microsoft says this has been a bug which has been corrected today:
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/
The whole thread is mislead.
Re:FUCK Microsoft by Macthorpe · 2011-03-25 21:55 · Score: 4, Informative

Apparently it was a bug:
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/

--
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien