Mar 26, 2011 07:57 GMT  ·  By

The Electronic Frontier Foundation (EFF) warns that Microsoft has, for some reason, disabled the ability of users in over a dozen countries to enable the always-on HTTPS setting in Hotmail.

The option was introduced in November last year and allows Hotmail users to have HTTPS enabled automatically for their entire session after authentication.

The EFF reports that users from Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan no longer have this ability.

When trying to enable the option, people who set one of those countries as their location in Hotmail, receive an error message reading: "Your Windows Live ID can't use HTTPS automatically because this feature is not available for your account type."

Without HTTPS enabled, users are open to man-in-the-middle attacks that can hijack their sessions, especially when using open wireless networks.

There been cases of large-scale government-run surveillance attacks using this method. During the protests in Tunisia earlier this year, the country's Internet authority which controls all perimeter gateways, used its powers to engage in mass phishing of social media accounts.

"For Microsoft to take such an enormous step backwards— undermining the security of Hotmail users in countries where freedom of expression is under attack and secure communication is especially important—is deeply disturbing," the EFF writes.

"We hope that this counterproductive and potentially dangerous move is merely an error that Microsoft will swiftly correct," the digital rights watchdog adds.

Fortunately, there is a solution for users, as changing the location to a Western European country like France or Germany will allow them to enable the setting again. Accessing Hotmail with https:// directly also works. This can be done manually or by using the HTTPS Everywhere browser extension.

Update March 29, 2011: Microsoft has fixed the problem. Read more here.