This is already on the front page with a link to the actual Facebook blog: <a href="http://news.ycombinator.com/item?id=2143415" rel="nofollow">http://news.ycombinator.com/item?id=2143415</a>
Finally! I've been waiting for a "force HTTPS" option for a long time.<p>Now, how do you enable it? I looked around the settings and didn't find anything.
Regarding the social CAPTCHA: I hope they use some heuristics to gather who is really my friend and who is a "friend-me-once-and-never-talked-to-me" connection. There are a number of faces they could show that I wouldn't be able to put a name to.<p>I <i>also</i> hope they change the default privacy settings so that a person's friend list is hidden from unrelated viewers, otherwise a determined attacker could presumably browse your friends until they find the person in the CAPTCHA.
...and yet someone is still able to post random Turkish phrases on my Facebook profile as if they are coming from me. I guess now they'll be secure Turkish phrases at least.<p><a href="http://news.ycombinator.com/item?id=2105378" rel="nofollow">http://news.ycombinator.com/item?id=2105378</a>