Slashdot Mirror
MS Removes HTTPS From Hotmail For Troubled Nations
An anonymous reader writes "Microsoft has removed HTTPS from Hotmail for many US-embargoed or otherwise troubled countries. The current list of countries for which they no longer enable HTTPS is known to include Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Journalists and others whose lives may be in danger due oppressive net monitoring in those countries may wish to use HTTPS everywhere and are also encouraged to migrate to non-Microsoft email providers, like Yahoo and Google." Update: 03/26 17:08 GMT by T : Reader Steve Gula adds the caveat that "Yahoo! only does HTTPS for authentication unless you're a paying member."
Perhaps these governments buy software from them ... they don't want to lose the sales.
Hotmail users who browse the web with Firefox may force the use of HTTPS by default—while using any Hotmail location setting—by installing the HTTPS Everywhere Firefox plug-in.
Why is summary recommending Yahoo in this instance? Last time I checked (10 mins ago) I couldn't get Yahoo mail to use https on regular pages. It seems Hotmail can still use https in the affected countries - as long as you explicitly type it in the address bar. Or use HTTPS Everywhere. Or choose a different country in your profile. So Hotmail is still better than Yahoo?
Now explain to my grandmother, who just got her first email last week, how and why she needs to do that.
On the other hand, the oppressive governments over there will LOVE that. It's probably even better than insecure FB or Twitter since everything ultimately goes to the people's emails.
As someone from one the mentioned countries, I'd like to ask Microsoft, do you realize now you might be very well putting many people at a greater risk of being arrested or killed. People are being KILLED for expressing some of their opinions in some of these places these days.
SHAME ON YOU MICROSOFT
Ah, those silly Microsoft programmers with their "bugs."
How can I believe you when you tell me what I don't want to hear?
Wow, that's a lot less sensational than Microsoft depriving troubled nations of privacy. What are the chances that the story will be amended to reflect this?
Why would it only affect those countries? Testing showed that it only affected people with their location set to certain countries and that merely changing the country would allow it to work again.
There may be an innocent explanation for that, but it's DAMN strange and really makes it appear that there's spying going on, somewhere.
Dude its a fricking bug. It isn't even a fricking bug that blocks HTTPS, it just doesn't set it as default. Big fricking whoop, you just have to go in and set it. And anybody who is in a repressive country and sending shit that may get them in trouble to their email account without even using Tor or some other obfuscation is seriously asking for it anyway.
Their "bug" (if that is really what it is) has just exposed a lot of people to arrest, abuse, and murder. Just because you're laying your life on the line every day with what you say in your email because it reflects opposition to your local mass murdering tyrant doesn't mean you should also know a lot about Web technologies. Until today it was sufficiently responsible to use Hotmail with HTTPS. Suddenly it's not, and lots of people at risk will be at much greater risk than they can be expected to realize. And some of them might get killed, beaten or kidnapped for it.
But it's so easy for you to say "ZOMG" safely from your Web terminal while you do nothing remotely as risky as these people are doing every day.
--
make install -not war