Forgot your password?
typodupeerror
Microsoft Communications Encryption Government Privacy

Microsoft Denies HTTPS Shutdown Was Intentional 69

Posted by timothy
from the trial-balloon-popped-is-all dept.
jbrodkin writes "Microsoft acknowledged that Hotmail's HTTPS encryption service was shut off for users in some countries, but denied that it was because of an intentional ploy to limit email security in countries that have experienced anti-government protests and limits on freedom of expression. 'We do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world,' Microsoft said. Syria, Morocco, Bahrain, Iran, Lebanon, Jordan and Algeria were among the affected countries, but the problem is now resolved."
This discussion has been archived. No new comments can be posted.

Microsoft Denies HTTPS Shutdown Was Intentional

Comments Filter:
  • I'm not sure in what context I can imagine MS agreeing to turn off HTTPS to serve these dictators. There are better ways to help a dictator than change something that everyone can clearly see.
    • by gandhi_2 (1108023)

      Hanlon's razor ftw.

      • by Anonymous Coward

        Don't forget the corollary. "Any sufficiently advanced stupidity is indistinguishable from malice." Microsoft lives by this one.

      • by FriendlyLurker (50431) on Wednesday March 30, 2011 @03:52AM (#35663900)

        ...but Microsoft is trying to fool us twice [nytimes.com]... yeah, shame on us.

        Choice quote below, the parallel with this http "bug" is impressive::

        When I originally wrote about this issue [bing Chinese search censorship] back in June, Microsoft protested. “From what you described, that’s not the way Bing is supposed to work,” wrote Kevin Kutz, a company spokesman. He said that Chinese speakers at Microsoft could not replicate my results and did not detect this kind of skewed result. I sent screen shots, and then Microsoft acknowledged the issue but said that it was simply a temporary mistake. “It’s a bug,” Kutz told me. Later, he added: “What’s important is it’s getting fixed.” Soon, he said, Bing searches would be the same for Tiananmen and other sensitive subjects, whatever the language.

        (Thanks to pushing-robot for originally posting the link on /. here [slashdot.org].

    • Curious, I would have assumed that such an action would be done to benefit US Government eavesdroppers, removing the need for decryption processing or pesky legal process, rather than the leadership of those various countries.
      • by RockDoctor (15477)
        You seem to think that the interests of the USgovt eavesdroppers and the leaderships of these various countries diverge.

        Why would you believe that? These countries are important supporters of the USgovt's War For Terror (TM, all rights reserved and acknowledged) ; the interests of these govts (status quo, continued energy sales) remain aligned,

    • by initialE (758110)

      I'm inclined to believe them too. As it turns out, by giving root signing keys to Windows to despotic organizations (http://twitter.com/#!/marshray/status/29637858365022208) there is hardly a need to disable HTTPS anyway. As long as you are on a Windows computer, any SSL traffic you send can be intercepted.

    • by zimtmaxl (667919)
      That's bad publicity. And this error must lead to a loss of users due to lost trust in the reliability of it's operation. If I were using hotmail I'd switch to Gmail or some other trusted provider.
      What could be the advantage of such a measure - if it was on purpose?!
    • It's understandable that this was a mistake, I suspected that from the beginning, but this doesn't change the fact that Microsoft has put FAR more lives at risk than Wikileaks ever did, so I expect some US military representative to show up on a major news channel any minute now and say Microsoft has blood on their hands. Any minute now.

      Just a matter of time.

      Still waiting...???

  • With this 'accidental' shutdown, microsoft successfully covered all of the countries that were experiencing unrest .... That would be hard even with an i.t. department hell bent on pulling that off intentionally.
    • by Sc4Freak (1479423) on Tuesday March 29, 2011 @09:50PM (#35661714)

      1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands
      2) Several countries in the Middle East are experiencing unrest, therefore
      3) IT MUST BE INTENTIONAL!!11

      • by unity100 (970058)
        why did such a thing NOT happen at any given point, before ?
        • by Anonymous Coward

          Correlation != Causation

          If you've been on the internet for more than 5 minutes you'd already know that by now.

          • Correlation != Causation

            Right you are.

          • by xclr8r (658786)
            When you see a correlation you investigate it to see whether there is causation. You don't ignore it; Otherwise we would all still be flinging feces at each other instead of text across the internet.
          • by mug funky (910186)

            no, but the two are highly correlated.

        • by nedlohs (1335013)

          They've only had the thing available for four and a half months. The Tunisian protests started over 3 months ago.

          This current unrest covers over 72% of the total time the feature has been available. Why would you expect it to have happened in the tiny window before them?

        • why did such a thing NOT happen at any given point, before ?

          Good question. At any given time in history, there is civil unrest going on somewhere in the world. Some oppressive regime will be clamping down on their citizens. So why did this thing NOT happen at all those given points before?

          If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions. I suppose that you could say that this is a new policy, but then that would devalue your intimation that this is proof of malevolent intentions. It could j

          • by mug funky (910186)

            If this was a demonstration of a policy of helping out dictatorships, then why has it not been apparent on previous occasions

            well, there was the case with "pirate" software in Russia being investigated only in anti-govt organisations within Russia.

            true, MS eventually acknowledged this problem and moved to correct it.

            what's more worthy of asking is why even risk the bad PR when MS have no interest in oppression of states with relatively little money.

          • In what previous political upheavals have these technologies been so instrumental? Iran, maybe, but I would say not even then.
      • by grcumb (781340) on Tuesday March 29, 2011 @10:57PM (#35662220) Homepage Journal

        1) HTTPS gets turned off for a few hours in most of Northern Africa and the Middle East, and a few pacific islands 2) Several countries in the Middle East are experiencing unrest, therefore 3) IT MUST BE INTENTIONAL!!11

        Not to take away from your argument (I agree that Hanlon's Razor applies here) but the South Pacific island nation mentioned in the Register story is Fiji, which is currently ruled military junta that regularly practices censorship and suppresses both free speech and fair journalism. Of all the nations mentioned, the only one that I saw that doesn't have a government that's anti-free-press is the Bahamas. (Congo might count, but only because it doesn't really have a functioning government.)

    • by Anonymous Coward

      They didn't want to point it out publicly but the inside work is it was caused upstream by problems with a recent Squid release, a new unknown developer inserted some buggy code that went unchecked. The countries in question use that instead of ISA server (number 1 product in the developed world) which is a little more costly in the short term but saves money over the long run.

      • by mug funky (910186)

        one more, motherfucker!

        just one more unsolicited pro-microsoft astroturf and i'm coming after you!

        don't think i can't find you, either.

    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Do you mean coincidence that /. and other press only focused on the small list of ones that had unrest and didn't bother to list all the of other countries affected? or coincidence that people choose to comment on it like it was a fact without actually checking?
    • by westlake (615356)

      With this 'accidental' shutdown, microsoft successfully covered all of the countries that were experiencing unrest

      Even The Register put a damper on this story: Microsoft: Mystery bug blocks Syrian secure Hotmail - Sun worshipers and fat cats hit too [theregister.co.uk]

    • by hairyfeet (841228)

      They rolled out a new feature and ...surprise surprise! There was bugs! Some of the islands in the South Pacific were also affected IIRC, are they having revolutions and someone forgot to tell us?

      As for why there, well duh! You are talking about a whole bunch of different languages, most of which I'm betting really aren't that high on their "spend resources on QA" checklist. And if they were doing it intentionally, they wouldn't have left it trivial to turn back on by either checking a checkbox on startup o

  • Yep (Score:5, Insightful)

    by LBArrettAnderson (655246) on Tuesday March 29, 2011 @09:43PM (#35661672)

    There were people who RTFA and sources (unlike the /. editor who accepted it) the first time around who posted this information in the comments section. There never should have been a story in the first place.

    • by tsm_sf (545316)
      There never should have been a story in the first place.

      "Hotmail HTTPS temporarily disabled in scary-dictator-lands" is still news, even if it was the result of a mistake.
      • Fair enough, but surely there could have just been one article.

        "Well, apparently if you actually RTFA and the sources for TFA, there is this other important bit of information that we left out of the summary in which we jumped to all the wrong conclusions..." (I know this won't quiet down the conspiracy theorists, but the fact that MS was open about this from the beginning makes them a bit more believable than coming out with a new story a few days later).

        • by Macthorpe (960048)

          I was most amused about the fact that they corrected the story on Slashdot... because they didn't mention Yahoo HTTPS is a paid for service. The actual false story remained up and unchallenged until now, despite the many comments saying it was wrong.

  • From TFA: "The HTTPS option had also been disabled in Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan and Kyrgyzstan."

    "Hotmail users in the affected countries can turn the always-use-HTTPS feature back on by changing the country in their profile to any of the countries in which this feature has not been disabled, such as the United States, Germany, France, Israel or Turkey,"
    --------
    Sounds "regional" to me *cough*
  • I like when large multinational corporations give us such inspiring choices.
  • by lseltzer (311306) on Tuesday March 29, 2011 @10:14PM (#35661906)
    People who had opted into HTTPS in all these countries could still use it [windowslivehelp.com]. It's just that other users couldn't opt in. And they fixed it quickly when it was brought up. Why would anyone suppose it was intentional? And the Bahamas, Cayman Islands, and Fiji were also affected. I suppose Microsoft was sucking up to their dictators?
    • by zonky (1153039)
      Fiji is run by a dictatorship. What is your point?
    • Simplest answer would be that Microsoft has divided the world up into regions(not exactly geographically, but some other system). A switch got thrown for the one regions and someone noticed and tried to connect dots as the region's countries would have similar aspects.
    • by rhizome (115711)

      Why would anyone suppose it was intentional?

      Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

      • by isorox (205688)

        Why would anyone suppose it was intentional?

        Because Microsoft is a huge company and they have processes that prevent random links from being removed from important pages accidentally. At least, I assume they would. Certainly you aren't suggesting that some developer fatfingered ^C (or whatever) and committed it straight to the production environment, are you?

        The entire web presence of the BBC was off-line last night due to a cockup.

    • by tokul (682258)

      Why would anyone suppose it was intentional?

      It was not intentional. No suc^H^H^H agency asked it.

    • by gad_zuki! (70830)

      The real problem (other than morons who love conspiracy theories) is that hotmail https is a mess. I use the hotmail plugin in Outlook and because of that I can't enable https. It breaks the plugin. Yet, my phone can do ssl-based activesync with hotmail.

      MS needs to up their game and start fixing https issues. Heck, they should make https the default and stop letting people use weak passwords. I think a live account can have a 4 character password with just letters.

    • by tlhIngan (30335)

      Or more likely, there was a bug in some change made, and it affected everyone. Just those in the affected countries had mass numbers of people trying to enable it for obvious reasons that it appeared to break there. The rest of the world either had it set or didn't know it existed.

      After all, we don't know if it affected people in the US who set it, went "meh" and forgot all about it when it didn't appear to work (or they didn't notice). The folks in the middle east tried it en-masse and noticed it didn't wo

  • use MS products.

  • No one ever admits to bending over and taking it up the arse, especially for a country where their regime forces you to silence what they want you to. I guess with all the other MS BS stories running around here, they are trying to bring up their market shares with non sense, just my 2 cents....must be nearing quarter time, and want to up the stats...

  • Does anyone here really think that the people who are using hotmail actually know anything about security or if https is on or off? The same goes for the huge majority of people using any webmail (or any computer in general).

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234

Working...