Governments in Bahrain, Algeria, Syria, Iran and the Sudan are all free to snoop their citizens’ Hotmail accounts today, as Microsoft has inexplicably disabled HTTPS support for Hotmail users in those countries.
Equally disturbing is how quickly Microsoft seemingly abandoned the feature (at least in the listed countries, as it is still active in Europe and the U.S.). Microsoft deployed the feature, which is present on such platforms as Twitter and Google’s Gmail, in December. HTTPS is largely effective at blocking snooping tools like Firesheep, which hackers can use to glean sensitive information from unprotected Hotmail users.
In a statement, the EFF (Electronic Frontier Foundation) offered further explanation, and called for a swift correction of the as-of-yet unexplained security snafu:
For Microsoft to take such an enormous step backwards— undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important—is deeply disturbing. We hope that this counterproductive and potentially dangerous move is merely an error that Microsoft will swiftly correct.
Luckily for Hotmail users in the affected countries, the fix is apparently fairly easy: Just change your settings so that the country you’ve selected in your profile is one of the unaffected countries. Good ol’ U.S. of A. works, as does Germaany, France, Israel or Turkey. If you’re using Firefox, the EFF says you can force the use of HTTPS by default. Simply install the HTTPS Everywhere Firefox plug-in and you’ll be good to go. [EFF via Boing Boing]