These matters aren't binary and solutions don't have to work for all time; raising the sophistication and effort required to bulk-compromise accounts for now is a worthwhile goal.
Of course requiring SSL won't save people from widely-trusted rogue CAs, ignoring all security warnings, or even very active man-in-the-middle attacks which hide from users that SSL was ever being required. But each of those attacks requires a larger investment than tampering with a plain HTTP page.
Same with the social verifier: if the agents had already studied a specific person's network of friends, and need to break that one account, with effort they can. But their previous automatic dragnet was broken.
Facebook may have been in a stickier position if the Tunisian government had attempted a superficially 'legal' demand for user information. But the government didn't. And even if it had, unless Facebook has Tunisian offices/hosting, the government's pull over what Facebook does on its US-based servers would be very limited. To even try ordering Facebook around would have worsened the domestic discontent. (The article reports that it was rumored at one point Facebook would be blocked nationwide.)
Of course requiring SSL won't save people from widely-trusted rogue CAs, ignoring all security warnings, or even very active man-in-the-middle attacks which hide from users that SSL was ever being required. But each of those attacks requires a larger investment than tampering with a plain HTTP page.
Same with the social verifier: if the agents had already studied a specific person's network of friends, and need to break that one account, with effort they can. But their previous automatic dragnet was broken.
Facebook may have been in a stickier position if the Tunisian government had attempted a superficially 'legal' demand for user information. But the government didn't. And even if it had, unless Facebook has Tunisian offices/hosting, the government's pull over what Facebook does on its US-based servers would be very limited. To even try ordering Facebook around would have worsened the domestic discontent. (The article reports that it was rumored at one point Facebook would be blocked nationwide.)