Slashdot Mirror
Microsoft Denies HTTPS Shutdown Was Intentional
jbrodkin writes "Microsoft acknowledged that Hotmail's HTTPS encryption service was shut off for users in some countries, but denied that it was because of an intentional ploy to limit email security in countries that have experienced anti-government protests and limits on freedom of expression. 'We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world,' Microsoft said. Syria, Morocco, Bahrain, Iran, Lebanon, Jordan and Algeria were among the affected countries, but the problem is now resolved."
There were people who RTFA and sources (unlike the /. editor who accepted it) the first time around who posted this information in the comments section. There never should have been a story in the first place.
From TFA: "The HTTPS option had also been disabled in Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan and Kyrgyzstan."
"Hotmail users in the affected countries can turn the always-use-HTTPS feature back on by changing the country in their profile to any of the countries in which this feature has not been disabled, such as the United States, Germany, France, Israel or Turkey,"
--------
Sounds "regional" to me *cough*
1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands
2) Several countries in the Middle East are experiencing unrest, therefore
3) IT MUST BE INTENTIONAL!!11
why did such a thing NOT happen at any given point, before ?
Read radical news here
Do you mean coincidence that /. and other press only focused on the small list of ones that had unrest and didn't bother to list all the of other countries affected? or coincidence that people choose to comment on it like it was a fact without actually checking?
People who had opted into HTTPS in all these countries could still use it. It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional? And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?
They've only had the thing available for four and a half months. The Tunisian protests started over 3 months ago.
This current unrest covers over 72% of the total time the feature has been available. Why would you expect it to have happened in the tiny window before them?
1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands 2) Several countries in the Middle East are experiencing unrest, therefore 3) IT MUST BE INTENTIONAL!!11
Not to take away from your argument (I agree that Hanlon's Razor applies here) but the South Pacific island nation mentioned in the Register story is Fiji, which is currently ruled military junta that regularly practices censorship and suppresses both free speech and fair journalism. Of all the nations mentioned, the only one that I saw that doesn't have a government that's anti-free-press is the Bahamas. (Congo might count, but only because it doesn't really have a functioning government.)
Crumb's Corollary: Never bring a knife to a bun fight.
They rolled out a new feature and ...surprise surprise! There was bugs! Some of the islands in the South Pacific were also affected IIRC, are they having revolutions and someone forgot to tell us?
As for why there, well duh! You are talking about a whole bunch of different languages, most of which I'm betting really aren't that high on their "spend resources on QA" checklist. And if they were doing it intentionally, they wouldn't have left it trivial to turn back on by either checking a checkbox on startup or using a simple FF plugin. And this was what...six days from bug found to bug fixed, with workarounds announced at the time of the bug? Paranoid much?
So if you want to blame them for not doing as much QA as they should before they rolled out the update? Total agreement, they should have done more testing before flipping the switch. But trying to say this was some nefarious plot is a little too much tinfoil hattery friend. I mean I thought everyone here agreed that MSFT 1.0 equals seriously buggy? Isn't that why "Wait for SP1" is practically a mantra?
ACs don't waste your time replying, your posts are never seen by me.
I'm inclined to believe them too. As it turns out, by giving root signing keys to Windows to despotic organizations (http://twitter.com/#!/marshray/status/29637858365022208) there is hardly a need to disable HTTPS anyway. As long as you are on a Windows computer, any SSL traffic you send can be intercepted.
Starbucks, Harbuckle of Breath.
...but Microsoft is trying to fool us twice... yeah, shame on us.
Choice quote below, the parallel with this http "bug" is impressive::
When I originally wrote about this issue [bing Chinese search censorship] back in June, Microsoft protested. “From what you described, that’s not the way Bing is supposed to work,” wrote Kevin Kutz, a company spokesman. He said that Chinese speakers at Microsoft could not replicate my results and did not detect this kind of skewed result. I sent screen shots, and then Microsoft acknowledged the issue but said that it was simply a temporary mistake. “It’s a bug,” Kutz told me. Later, he added: “What’s important is it’s getting fixed.” Soon, he said, Bing searches would be the same for Tiananmen and other sensitive subjects, whatever the language.
(Thanks to pushing-robot for originally posting the link on /. here.