Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MS Removes HTTPS From Hotmail For Troubled Nations

timothy posted more than 3 years ago | from the well-that'll-sure-end-their-troubles dept.

Microsoft 147

An anonymous reader writes "Microsoft has removed HTTPS from Hotmail for many US-embargoed or otherwise troubled countries. The current list of countries for which they no longer enable HTTPS is known to include Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Journalists and others whose lives may be in danger due oppressive net monitoring in those countries may wish to use HTTPS everywhere and are also encouraged to migrate to non-Microsoft email providers, like Yahoo and Google." Update: 03/26 17:08 GMT by T : Reader Steve Gula adds the caveat that "Yahoo! only does HTTPS for authentication unless you're a paying member."

cancel ×

147 comments

FUCK Microsoft (0)

Anonymous Coward | more than 3 years ago | (#35619730)

This sucks ass.

Re:FUCK Microsoft (-1)

Anonymous Coward | more than 3 years ago | (#35619874)

This sucks ass.

You sucks nigger ass

Re:FUCK Microsoft (4, Informative)

h4rm0ny (722443) | more than 3 years ago | (#35620564)

Well it certainly doesn't appear to be a good thing, but let's at least clean up the usual more-incendiary-than-it-needs-to-be summary (TUMITINTBFS). A few months ago, MS added a setting to it's Live accounts, where you could set it to use HTTPS automatically.What appears to have happened is that this has been provided for some countries, e.g. the USA, but not for some Middle Eastern and Eastern European countries (including Iran). So this isn't some long-standing feautre that has suddenly been removed. Also, it seems that HTTPS is still available, but can't be set to be automatically enabled. So the feature is not prevented, merely not as convenient.

So not a good thing on MS's part, apparently, but at least lets have some decent information.

Easy to remedy (2, Informative)

jginspace (678908) | more than 3 years ago | (#35619740)

I don't know what Microsoft are thinking here but seeing as it's using the country you set in your profile; not any sort of geoip lookup ... the remedy is simple: just change the country in your profile.

Re:Easy to remedy (5, Insightful)

neo00 (1667377) | more than 3 years ago | (#35619886)

Now explain to my grandmother, who just got her first email last week, how and why she needs to do that.

On the other hand, the oppressive governments over there will LOVE that. It's probably even better than insecure FB or Twitter since everything ultimately goes to the people's emails.
As someone from one the mentioned countries, I'd like to ask Microsoft, do you realize now you might be very well putting many people at a greater risk of being arrested or killed. People are being KILLED for expressing some of their opinions in some of these places these days.

SHAME ON YOU MICROSOFT

Re:Easy to remedy (-1, Redundant)

jginspace (678908) | more than 3 years ago | (#35619912)

Your grandmother's going to get KILLED cos she can't send you apple pie recipes over https?

Re:Easy to remedy (2)

jd (1658) | more than 3 years ago | (#35620044)

Maybe neo00's family gets very passionate about their secret apple pie recipes.

Re:Easy to remedy (0)

Stupendoussteve (891822) | more than 3 years ago | (#35620076)

This one time growing up the secret almost got out, but she put stirred up quite a protest a-LOST CARRIER-

Re:Easy to remedy (0)

Anonymous Coward | more than 3 years ago | (#35620134)

OMG! Microsoft and Wikileaks both have BLOOD ON YOUR HANDS NOW!

Re:Easy to remedy (2, Informative)

hairyfeet (841228) | more than 3 years ago | (#35620998)

Dude its a fricking bug. It isn't even a fricking bug that blocks HTTPS, it just doesn't set it as default. Big fricking whoop, you just have to go in and set it. And anybody who is in a repressive country and sending shit that may get them in trouble to their email account without even using Tor or some other obfuscation is seriously asking for it anyway.

Now if they had issued a press release that said "Countries A-K will NOT have HHTPS access" that would be one thing, and they'd deserve to get nailed for it. But it is a fricking bug associated with a new feature rollout. Hell why do you think Google is always in perpetual Beta? Because bugs happen, that's why. I'm sure by this time next week they'll have tracked down the uh oh and until then you can manually set it just like you did before since the whole point of this new feature was to set it automatic whereas before it was manual.

So get off the "ZOMG! UR killin peoplez ZOMG!" bullshit, it was manual before, it is manual now until they get the bug fixed, then it will be automatic. Or are you claiming people in third world countries are too stupid to look for the little lock symbol?

Re:Easy to remedy (0)

Anonymous Coward | more than 3 years ago | (#35619964)

oh, if it was done through an ip it would have created a whole bunch of new scams using faux proxies and phishing. I'd guess that there's nothing better to phish than someone's inbox filled with registration usernames and passwords.

Re:Easy to remedy (1)

Jessified (1150003) | more than 3 years ago | (#35620304)

Who still uses hotmail? And why?

Re:Easy to remedy (0)

Anonymous Coward | more than 3 years ago | (#35620366)

I use it when I sign up for something that will probably result in a bunch of spam. Thats all it's good for! BTW they should have removed the https long ago.....One thing microsoft is not, is secure.

Re:Easy to remedy (1)

pjt33 (739471) | more than 3 years ago | (#35620810)

Given that you can receive bucketloads of spam just by opening a hotmail account and waiting 6 hours, that's rather tautologous.

Re:Easy to remedy (1)

lowlymarine (1172723) | more than 3 years ago | (#35620502)

Fun fact: Hotmail is still the largest webmail provider by a margin of nearly 100 million users.

Re:Easy to remedy (1)

Jessified (1150003) | more than 3 years ago | (#35620528)

That [sort of] explains the first question. I'm wondering why though.

Re:Easy to remedy (1)

SuricouRaven (1897204) | more than 3 years ago | (#35620776)

By what metric? Total accounts? Accounts accessed in the last month? Volume of mail? The first metric isn't much good, because a lot of those will be the leftovers of customers who long ago fled the service. Accounts accessed recently is better.

Re:Easy to remedy (2)

wisty (1335733) | more than 3 years ago | (#35620890)

I think I have a couple. I used them to sign up to things I didn't want polluting my gmail account.

The Point? (4, Interesting)

Mitsoid (837831) | more than 3 years ago | (#35619746)

Giving up my mod points on the thread to ask... Why?

Seems like the only advantage this holds is Microsoft can later claim "You should have used someone elses service to discuss anti-dictatorship topics, as our services are not secure or private" ??

Re:The Point? (3, Insightful)

Nerdfest (867930) | more than 3 years ago | (#35619778)

Perhaps these governments buy software from them ... they don't want to lose the sales.

Re:The Point? (1)

Dan667 (564390) | more than 3 years ago | (#35620212)

actually, this sounds like a reason not to buy anything from microsoft.

Re:The Point? (4, Insightful)

jginspace (678908) | more than 3 years ago | (#35619788)

As noted below, China is not on the list. I think the summary is misleading. TFA says MS has turned off the 'always-use-HTTPS' option - not the 'HTTPS' option. Otherwise you couldn't get the HTTPS-Everywhere extension to work. From TFA:

Hotmail users who browse the web with Firefox may force the use of HTTPS by default—while using any Hotmail location setting—by installing the HTTPS Everywhere Firefox plug-in.

Re:The Point? (0)

Anonymous Coward | more than 3 years ago | (#35619882)

China is not on the list. But I checked an old hotmail account yesterday (in Shanghai), and it did not use https. I seem to remember it used to do so.

Banned in China (2, Informative)

Anonymous Bullard (62082) | more than 3 years ago | (#35620100)

Cryptography is banned in China and territories under their control without a permit by the "communist" party regime. They will have keys for the crypto they allow their subjects to use.

Big and compliant foreign firms may apply for an exception but obviously that doesn't mean their operations haven't been breached from within.

Re:Banned in China (2)

Entropius (188861) | more than 3 years ago | (#35620374)

So when I traveled to China for a conference, I was breaking the law by using ssh to grab files from my computer back home?

Re:Banned in China (4, Interesting)

Pi1grim (1956208) | more than 3 years ago | (#35620410)

Yes. But they are not too overzealous when it comes to dealing with tourists (who wants to start international scandal, when the poor bugger is of no threat). Should they be sure that you were using encryption to communicate with dissidents inside China, that would be a totally different story.

Re:Banned in China (1)

SuricouRaven (1897204) | more than 3 years ago | (#35620786)

So something like the Google censorship issue: The company bosses don't *want* to comply with the laws of an oppressive country, but that's the only way to do business with a very lucrative market, and their first duty is to the shareholders.

So, Microsoft endorses FireFox? (1)

SpaceLifeForm (228190) | more than 3 years ago | (#35620700)

Hmmm. May be telling. May be not.

Maybe they are just gaming Google and gmail.

Re:The Point? (1)

Anonymous Coward | more than 3 years ago | (#35620756)

China doesn't need to have encryption turned off. They just ask MS nicely to hand them the key and MS will comply if it makes them a buck. If you rely on big corporations for confidentiality in oppressive regimes the size of China, you're a fool.

Re:The Point? (1)

Anonymous Coward | more than 3 years ago | (#35620768)

China has a root certificate in your browser as well as a sophisticated cyber army. They don't need Microsoft's help.

Re:The Point? (-1)

Anonymous Coward | more than 3 years ago | (#35619832)

This is possibly due to pressure from the U. S. government.

The US likes to spy too.

Re:The Point? (3, Funny)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35619860)

Presumably the US could just ask MS nicely for a neat digest of accounts of interest, delivered from their US-located datacenters, rather than asking them nicely to turn off SSL, and then having to MITM a whole bunch of people in a variety of largely hostile locales...

SSL doesn't exactly keep Microsoft from reading your hotmail, it just keeps those between you and them from doing so(terms and restrictions may apply...)

Re:The Point? (1)

benjamindees (441808) | more than 3 years ago | (#35620094)

Every account is of interest.

Re:The Point? (1)

h4rm0ny (722443) | more than 3 years ago | (#35620580)

Presumably the US could just ask MS nicely for a neat digest of accounts of interest, delivered from their US-located datacenters, rather than asking them nicely to turn off SSL, and then having to MITM a whole bunch of people in a variety of largely hostile locales...

They could but there is more hassle in this and it also shows who they're interested in. I actually suspect that GP is correct in that this is something MS is doing for the US govt. rather than for the local governments. Reason being that those local governments control the ISPs and telecoms services there and probably don't need something like this to spy, or would even find it that helpful. But foreign spies who aren't affiliated with the local government would find it useful when they're trying to eavesdrop on Internet traffic via intercept methods.

Re:The Point? (1)

Marillion (33728) | more than 3 years ago | (#35620016)

Perhaps they are trying to use the Host HTTP header to perform multi-site hosting on their services which is impossible to do under https because of the SSL handshaking. This would save lots of IP addresses .... Oh wait, nevermind [slashdot.org]

Re:The Point? (3, Funny)

jd (1658) | more than 3 years ago | (#35620050)

Well, crypto is still regarded as munitions. Perhaps Microsoft is going to use this to say "we're not breaking the arms embargo but Firefox is"?

Re:The Point? (1)

IdolizingStewie (878683) | more than 3 years ago | (#35620184)

This was my first thought as well.

Re:The Point? (1)

Xtifr (1323) | more than 3 years ago | (#35620834)

If you're providing "publicly available source code" (as Firefox is, and Microsoft isn't), the export controls almost melt away. You have to send in a notification [doc.gov] , but no review is required.

Microsoft, on the other hand, doesn't have it quite so easy, but I'm sure that their reviews get expedited, so I seriously doubt that EAR/ITAR plays any role in this.

Maybe. they are saying don't risk your life (1)

iiiears (987462) | more than 3 years ago | (#35620520)

They may not want people to risk their lives using their service.
If the certs are already compromised. MITM proxies, prior break-ins etc.

Could they have done it because... (2)

Nutria (679911) | more than 3 years ago | (#35619752)

of the Iranian CA breach?

If they know that certain governments are decrypting SSL, then it's right to not let people think that their data is secure when it's actually not.

Re:Could they have done it because... (1)

pushing-robot (1037830) | more than 3 years ago | (#35619776)

I'm glad you don't work for my bank. "There's a small chance your account might have been compromised, so we sent you this post card with all your private information on it so you know you aren't secure. Have a nice day!"

Re:Could they have done it because... (2)

Nutria (679911) | more than 3 years ago | (#35619894)

Since MS is warning you before you enter in your username/password, your interpretation is completely wrong.

Re:Could they have done it because... (1)

pushing-robot (1037830) | more than 3 years ago | (#35619990)

Yes, they throw an error you when you try to turn the feature on. But what if you had enabled it previously—do they actually tell you it has been disabled before you log in?

Re:Could they have done it because... (1)

Nutria (679911) | more than 3 years ago | (#35619998)

Good, but different, question. Which, not living in a hell hole, I don't have the answer to.

Re:Could they have done it because... (0)

Anonymous Coward | more than 3 years ago | (#35620292)

You live on the planet Earth, which has been classified as a corrupt, festering hell hole by the Galactic Senate.

Re:Could they have done it because... (1)

h4rm0ny (722443) | more than 3 years ago | (#35620586)

If the login page isn't HTTPS, then you know.

Re:Could they have done it because... (1)

h4rm0ny (722443) | more than 3 years ago | (#35620590)

IGNORE MY COMMENT ABOVE - AM NOT AWAKE YET.

(edit: stupid lamness filter. Yes I know "using all caps is like yelling". That's why I'm using all caps!).

Re:Could they have done it because... (0)

mvdwege (243851) | more than 3 years ago | (#35620772)

Yeah, the good old Microsoft solution to just about any problem: don't fix it, just throw up another useless dialog box.

And people wonder why users just click through any message without reading it. Every time I use Windows, I start to understand that attitude more and more; there is no more dialog-happy OS on the planet.

Mart

Re:Could they have done it because... (1)

MichaelSmith (789609) | more than 3 years ago | (#35619854)

of the Iranian CA breach?

If they know that certain governments are decrypting SSL

I don't think they need to decrypt SSL. Just proxy the key negotiation.

Re:Could they have done it because... (0)

Anonymous Coward | more than 3 years ago | (#35620298)

You need to look up how public key cryptography works. It's quite invulnerable to sniffing even if you hear the whole conversation and neither side is using any form of PKI for identification. When properly implemented, the only way to break in is to implement a man in the middle attack. To do that for Hotmail (which uses SSL with a PKI), you would need a certificate signed by a CA that the target trusts for login.live.com. Even as a man in the middle, any sort of tampering with the connection without that certificate will throw up all kinds of warnings in a browser.

Prior to a few days ago, only Microsoft had such a certificate... perhaps this is a prelude to Microsoft reviewing and pruning the CA list in Windows.

Re:Could they have done it because... (1)

TheLink (130905) | more than 3 years ago | (#35620648)

Prior to a few days ago, only Microsoft had such a certificate...

.
What do you mean only Microsoft had such a certificate?

Go to your browser and look at the list of trusted root certs.

ANY of them can sign a cert that says "Yeah I'm a valid cert for *.hotmail.com" and your browser by default wouldn't warn you.

And any of those CAs can sign someone else's cert (who can sign someone else's cert, repeat, rinse etc) and allow them to sign a "*.hotmail.com" cert and it'll work too.

CNNIC (one of China's CAs) has their cert signed by Entrust (whose certs are in most popular browsers out there): http://mozilla-xp.com/mozilla.dev.security.policy/CNNIC-cert-signed-by-Entrust [mozilla-xp.com]

And just because some CA's cert is not in there doesn't mean it won't get auto-added by IE. In some scenarios CA certs can get auto-added by IE. For example, digicert's certificates do not appear in IE by default, but if you just go to https://www.digicert.com/ [digicert.com] they'll show up in the cert store after that.

Just because you remove a CA from IE's (window's) list doesn't mean it will stay removed :).

p.s. I use Certificate Patrol on Firefox to help warn me of some CA/cert changes.

China (0)

android.dreamer (1948792) | more than 3 years ago | (#35619754)

When it comes to net monitoring, I wonder why China is not on that list.

Surprising? (0, Offtopic)

pushing-robot (1037830) | more than 3 years ago | (#35619756)

I thought it was already quite [guardian.co.uk] clear [nytimes.com] that Microsoft doesn't let morality get in the way of income.

Why? (0)

Anonymous Coward | more than 3 years ago | (#35619758)

Any possible motivation escapes me.

As hard as MS executives have worked in their lives, are they really proud to use those years of hard work to side with oppression?

Shame, shame.

Re:Why? (1)

Opportunist (166417) | more than 3 years ago | (#35619904)

Hmm... side with the devil or forfeit a big paycheck... decisions, decisions...

Re:Why? (1)

93 Escort Wagon (326346) | more than 3 years ago | (#35619994)

Any possible motivation escapes me.

A lot of people posting already assume that there's some financial consideration involved; but I can't see that realistically being the case. But the problem is - I can't come up with a logical explanation for this that fits any reasonable supposition.

It would help if Microsoft would say why - we'd have to analyze it and parse the double-speak, obviously, but we'd at least have some meager clue. As it is, it's simply just bizarre.

Re:Why? (1)

h4rm0ny (722443) | more than 3 years ago | (#35620598)

One possibility, and quite a good one, is that it helps the USA to spy. After all, a US spy can't just use the local authorities tools, but they can sniff the wireless traffic of the people in an apartment block.

Wait. People still use hotmail? (0)

Anonymous Coward | more than 3 years ago | (#35619764)

These people have been 'encouraged' to migrate away from hotmail for a long time now. By just about everyone.
It is about time Microsoft jumped on the bandwagon and did some encouraging as well.

Any news organization worth its salt will make sure their journalists get Microsoft's message.

closure (1)

jonathan21 (1102347) | more than 3 years ago | (#35619782)

are microsoft trying hard to get themselves closed or what.what next

Obsolete info (5, Informative)

Anonymous Coward | more than 3 years ago | (#35619800)

It was a bug, it has been fixed.
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/

Re:Obsolete info (3, Insightful)

Anonymous Coward | more than 3 years ago | (#35620036)

Wow, that's a lot less sensational than Microsoft depriving troubled nations of privacy. What are the chances that the story will be amended to reflect this?

Re:Obsolete info (0)

Anonymous Coward | more than 3 years ago | (#35620194)

I had a good laugh here. The chances are _ZERO_.

Re:Obsolete info (0)

Anonymous Coward | more than 3 years ago | (#35620400)

What are the chances that any of these neckbeard jackasses posting how MS is evil and oppressing the poor oppressed victims of the world will ever get laid in this lifetime? Zero. Point. Zero.

Re:Obsolete info (2)

Patch86 (1465427) | more than 3 years ago | (#35620966)

Although far less sensational than "MS are evil and oppressing poor victims of the world", it's still a bit of a PR nightmare for MS.

To be clear, MS have allowed a bug to creep into one of their biggest front-line communication services that caused people in countries like Syria, Bahrain and Iran to lose a key element of their email security, in the middle of one of the biggest popular uprisings / state crackdowns in decades.

If my oven set my house on fire, I'd be pissed. It would be only small comfort to know the manufacturer didn't do it on purpose.

Strange Bug (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35620066)

Why would it only affect those countries? Testing showed that it only affected people with their location set to certain countries and that merely changing the country would allow it to work again.

There may be an innocent explanation for that, but it's DAMN strange and really makes it appear that there's spying going on, somewhere.

Re:Strange Bug (0)

Anonymous Coward | more than 3 years ago | (#35620532)

Except it didn't just affected the "troubled nations", it affected seemingly random ones. Unless, of course, you consider the Bahamas, Fiji, and the Cayman islands to be troubled. Hence the "the list includes" part, it doesn't seem as shocking if you say a big lump of random nations, some of which have troubles.

Re:Obsolete info (2)

M1FCJ (586251) | more than 3 years ago | (#35620484)

A bug only affecting certain oppressive countries?
That's a bit too dodgy to be true. It sounds more like a cover up than the truth.

Why? (2, Interesting)

cryfreedomlove (929828) | more than 3 years ago | (#35619802)

The Microsoft executives who made this decision have worked very hard for their entire adult lives to achieve the position they are in. Many years of hard work in college and climbing the ranks at Microsoft have put them where they are today. So, then, why have they leveraged those years of hard work in the name of oppression?

Shame, shame!

Re:Why? (1)

Brummund (447393) | more than 3 years ago | (#35619970)

Probably so they can climb even higher.

Sadly.

Re:Why? (0)

Anonymous Coward | more than 3 years ago | (#35620042)

So it was a bug and now it's fixed. Are you going to apologize and repent for blindly believing everything you're told? If not, why?

Re:Why? (1)

blue trane (110704) | more than 3 years ago | (#35620280)

are you blindly believing it was a bug because they told you so?

Re:Why? (1)

RightSaidFred99 (874576) | more than 3 years ago | (#35620406)

Yeah, it wasn't a bug. They were out to get people, for.. however short a period of time it was broken. You totally busted those corporatist assholes!

Do you ever get tired of yourself, I mean really?

Re:Why? (1)

makomk (752139) | more than 3 years ago | (#35620826)

They were out to get people, for.. however short a period of time it was broken

It got into the news and was embarassing for them from a PR standpoint, so they did a U-turn. Wouldn't be the first time. (See also, for example, Microsoft's significant assistance to the Russian government in shutting down the opposition there via police raids on opposition organisations for using "pirated" MS software. Complete with falsified statements from Microsoft's representatives that they were using pirate software even when they weren't. They were willing to let that continue right up until it got into the NYT and their reputation took a battering.)

at any other time (0)

circletimessquare (444983) | more than 3 years ago | (#35619804)

i would say that its just another cynical data point of a large multinational putting profit over morality

however, with the recent cert hack, you have to wonder if there isn't a bigger story here

Re:at any other time (1)

RightSaidFred99 (874576) | more than 3 years ago | (#35620412)

And your post is another cynical data point in the bandwagon jumping paranoid delusional mindset of the "omg the bad corporations are out to get me!" crowd. This was identified as a bug and has been resolved. Where does all your blathering about morality end up, then? Yes - on the garbage heap.

hotmail? (0)

Anonymous Coward | more than 3 years ago | (#35619806)

This is the exact opposite of what Microsoft needs to be doing. But, it's what we've come to expect from the company. Does anyone seriously still use hotmail?

What... the... fuck? (0)

dgatwood (11270) | more than 3 years ago | (#35619824)

So in the places where HTTPS is most needed to protect people's lives, Microsoft kowtows to pressure from a bunch of soon-to-be-ex Pol Pot dictators to trick people into using unencrypted traffic so that they can be snooped upon?

To everyone in the Middle East, when the revolution is through, remember who your friends were, and remember which large company tried to sell you out, then choose your purchases accordingly. Remember, developing nations have more influence on corporations through their buying power than any nation that is already locked into a particular vendor's products. Just a helpful tip.

To Microsoft, you should be ashamed. No, wait, the other thing. Tried and executed for crimes against humanity. Not to mention treason if Libya is being handled similarly. For shame.

Re:What... the... fuck? (0)

Anonymous Coward | more than 3 years ago | (#35619878)

it was a bug
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/ [theregister.co.uk]

Everyone can unwad their panties now.

Re:What... the... fuck? (1)

Anonymous Coward | more than 3 years ago | (#35619978)

Have you ever noticed that when somebody gets caught doing something really unethical, they always say, "I made a mistake" or "It was a bug"?

Re:What... the... fuck? (2)

RightSaidFred99 (874576) | more than 3 years ago | (#35620422)

Yeah, and whenever some stupid asshole jumps to conclusions and blathers a bunch of paranoid delusional bullshit, have you ever noticed they refuse to accept any explanation other than the evil they initially attributed the incident to? Kind of the mindset of Troofers, Birfers, and anti-Evolutionists really. No matter what evidence you put forward, they will never accept anything other than the delusion that gives them their mental high.

Interesting... (2)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35619826)

I'm genuinely curious what the logic is. "zOMG the Feds!!!" seems unlikely(because Microsoft doesn't exactly have to crack the SSL connection between you and itself to watch you and provide whatever information they wish...) It also seems somewhat unlikely that they received a "disable SSL or we block you" ultimatum, in silence, from a veritable laundry list of undesirable locations at the same time. Those countries also represent a reasonably broad spectrum of different flavors of repressive fucked-upness, and a fair variety of different levels of "they may be dictators with blood on their hands; but they serve our interests", everything from "They are our good buddies who let us headquarter the 5th fleet" to "we would really prefer if they died in a fire.."

That makes it sort of tricky to assign a foreign-policy based incentive behind Microsoft's activities. Economics, though, isn't obviously more helpful. That list represents one hell of a GDP spread, from "barely subsisting" to "oil plutocracy", so it doesn't seem to be a straightforward 'eh, you guys just aren't worth the SSL costs, fuck it." cutoff.

Any ideas?

Re:Interesting... (0)

Anonymous Coward | more than 3 years ago | (#35619880)

They didn't even disable HTTPS -- they just disabled the "always HTTPS" option. You can still use HTTPS or change your country setting to one that has that feature.

dom

Yahoo??? (4, Insightful)

jginspace (678908) | more than 3 years ago | (#35619848)

Why is summary recommending Yahoo in this instance? Last time I checked (10 mins ago) I couldn't get Yahoo mail to use https on regular pages. It seems Hotmail can still use https in the affected countries - as long as you explicitly type it in the address bar. Or use HTTPS Everywhere. Or choose a different country in your profile. So Hotmail is still better than Yahoo?

Cool it. (4, Informative)

westlake (615356) | more than 3 years ago | (#35619868)

The Register has a calmer take on this story:

Microsoft is blaming a mystery bug for preventing access to the encrypted version of Hotmail, denying that it deliberately blocked access to the service in Syria.

On Friday afternoon, the company told The Reg that Hotmail users who had already enabled the HTTPS version of the popular email service were still able to use it. Only Hotmailers trying to turn on HTTPS for the first time in certain countries and languages were being blocked, Microsoft said.

People trying to connect were greeted with the message: "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type."

Microsoft said it still doesn't know what caused the bug, but it has been resolved and the company is investigating the cause. "We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world. We apologize for any inconvenience to our customers that this may have caused," a Microsoft spokesperson said.

The company said users in the Bahamas, Cayman Islands, and Fiji were also affected.

Microsoft: Mystery bug blocks Syrian secure Hotmail [theregister.co.uk]
Sun worshipers and fat cats hit too [March 26]

Re:Cool it. (5, Insightful)

pushing-robot (1037830) | more than 3 years ago | (#35620030)

Ah, those silly Microsoft programmers with their "bugs." [nytimes.com]

Re:Cool it. (1)

FriendlyLurker (50431) | more than 3 years ago | (#35620388)

You deserve a mod point for that link [nytimes.com] . MS "bugs" indeed.

Re:Cool it. (2)

fremsley471 (792813) | more than 3 years ago | (#35620860)

Mod up indeed. People as cynical as The Register should do more than just report the MS press-release. Someone stated above that hotmail was still the No. 1 mail service. That list of countries just happen to have https choices suspended isn't organised in any programming order. If it was Swaziland, Sweden, Switzerland and Syria, then one would feel more inclined to believe them.

Re:Cool it. (0)

Anonymous Coward | more than 3 years ago | (#35620906)

Ah, a search engine that wont find Truethfull stories aout china written in simplified chinese.
Has it occurred to you that maybe there are not so many thruthfull stories about china written in simplified chinese?

Re:Cool it. (0)

Anonymous Coward | more than 3 years ago | (#35620256)

The Register taking a calmer approach. This is a rare day indeed.

Or so they want you to think! (3, Funny)

XiaoMing (1574363) | more than 3 years ago | (#35620402)

The company said users in the Bahamas, Cayman Islands, and Fiji were also affected.

Next week's headline:
"In unrelated news, local unrest reported in the tropics..."

Re:Or so they want you to think! (2)

coaxial (28297) | more than 3 years ago | (#35621000)

Re:Cool it. (0)

Anonymous Coward | more than 3 years ago | (#35620970)

The Register has a calmer take on this story:

Words I thought I'd never live to hear...

But why? (0)

Anonymous Coward | more than 3 years ago | (#35619872)

I'm trying to figure out why here. Is it to avoid future high end attacks that we've been seeing lately?

Exec perk (1)

SnarfQuest (469614) | more than 3 years ago | (#35620178)

Microsoft execs are just making sure that a large supply of "donated" organs are available whenever they need them.

Are they freaking insane? (0, Interesting)

Anonymous Coward | more than 3 years ago | (#35620408)

IS M$ insane? Most journalists want privacy (its more fun than being killed). I suspect M$ is doing this to allow totalitarian governments to spy on and kill journalists/reporters, or perhaps its just that these governments asked/told them to, and always in favor of making a buck, even if people have to die, M$ caved in half a heartbeat. Or perhaps they just don't want any of that radical/insurgent/freedom stuff sprouting on any of their sites. Oh well, the Twitter and Facebook own a pair, and aren't running like little girls from this. M$ never had any redeeming qualities, never had any societal/social graces, was always a pariah (well earned), its just that every once in a while they get a chance to redeem themselves. This was one of those times. FAILED AGAIN!

M$ like a dog (0)

omb (759389) | more than 3 years ago | (#35620938)

M$ like a dog, on the wrong side of every issue.

Morocco? (1)

cpghost (719344) | more than 3 years ago | (#35620946)

Actually, Morocco didn't ask M$ to suppress access to HTTPS. And in fact, Gmail over HTTPS works perfectly fine there. It looks like Microsoft are just guessing who might want to snoop, and offering that as a feature, without even being asked. Oh, anyone remember the Microsoft Surveillance Guide [geekosystem.com] ?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...