A fascinating story in The Atlantic about the cat-and-mouse game between the Tunisian government and Facebook during the recent political unrest. Ammar, the governmental security apparatus, strongarmed the ISPs that Tunisian citizens were using into running domain-level keylogging. Essentially, they were stealing an entire country’s worth of passwords.
The Facebook developers responded with an ingenious technical hack to get around the key capture. All password submissions were pushed over an encrypted channel, and also required the user to identify a friend from his or her accounts. Ingenious – the passwords as a single authentication token were rendered useless.