Seemingly in response to the EFF’s publicity, Microsoft has now turned the facility back on and issued an apology.
Reporting on the move - which affected Hotmail users in Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan - the EFF says that users received an error message when they attempt to run the always-use-HTTPS option on.
Infosecurity notes that Microsoft implemented the HTTPS option at the request of several privacy groups at the end of last year, allowing Hotmail users to encrypt their web-based email.
According to the EFF, the "good news is that the fix is very easy."
"Hotmail users in the affected countries can turn the always-use-HTTPS feature back on by changing the country in their profile to any of the countries in which this feature has not been disabled, such as the United States, Germany, France, Israel, or Turkey", says the privacy organisation.
"Hotmail users who browse the web with Firefox may force the use of HTTPS by default `while using any Hotmail location setting' by installing the HTTPS Everywhere Firefox plug-in", the EFF adds.
The foundation is diplomatic on the issue, noting: "We hope that this counterproductive and potentially dangerous move is merely an error that Microsoft will swiftly correct."
The Softpedia newswire, however, is less diplomatic, and says that, without HTTPS, Hotmail users are susceptible to man-in-the-middle browser attacks that can hijack their online sessions.
According to the newswire, "there been cases of large-scale government-run surveillance attacks using this method."
"During the protests in Tunisia earlier this year, the country's internet authority, which controls all perimeter gateways, used its powers to engage in mass phishing of social media accounts", it adds.
Apparently in response to the EFF’s publicity, Microsoft turned the HTTPS facility back on again over the weekend and issued an apology:
“We are aware of an issue that impacted some Hotmail users trying to enable HTTPs. That issue has now been resolved. Account security is a top priority for Hotmail and our support for HTTPS is worldwide – we do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world. We apologize for any inconvenience to our customers that this may have caused.”