Good for Facebook. From the article, it sounds like they did two major things: 1) shift all Tunisian IP addresses to https instead of http. 2) anyone who logged out/in while the keylogger code was running was shown a social CAPTCHA. The CAPTCHA asks you to identify friends in photos.
I've had to answer the social CAPTCHA myself, when logging in from a different country while on vacation. Details:
You are shown two pictures of the same friend, with the tag of him/her showing (i.e. a square around them, like what you get when you hover over their name in a tagged photo). You are then asked to say which friend of yours it is, choosing from a list of around 7 names.
You can skip as many of these questions as you like, in case you've got pictures where the tag isn't very good (e.g. someone tagged a comic or something instead of an actual photo). But every question you answer has to be correct.
I wonder if Facebook uses only photos where the tag area doesn't overlap. Many of my friends will tag the same person as themselves and their spouse so that person will see the picture. They use the tag system as pure notification.
I could see myself getting the answer wrong in this instance even though I know who the person is.
