....another Facebook scam....
but, unless there is something special about Tunisian browsers these certs are not in the main browsers default trusted lists so they cannot stealthily spoof the SSL.
Mind you, the fact that any CA can issue SSL certs for any site is pretty much the defining problem of SSL and the Internet (The introduction of "Extended validation" due to greedy companies cocking up the original goal non-withstanding.)
* the root cert that Tunisia controls is already on the trusted list and
* Tunisia uses it to sign a cert used to spy on https://facebook.com.
One would hope this would be noticed, probably fairly quickly in view of this story. The signed cert would be solid proof of misuse of the root cert. Bringing this to the attention of Microsoft, Mozilla, Google and Apple would hopefully have them remove the Tunisian root cert from their browser's trusted list. It's a real worry that there are so many dozens of root certs currently on the trusted list. The current facebook.com cert is signed by DigiCert Inc.
They probably don't turn on SSL by default for the whole world due to the additional overhead an SSL session places on the web browser.
An entire planet worth of overhead would require a not insignificant upgrade or expansion of the server farm to accomodate all the extra load. Not to mention the extra power used by the servers to operate and in cooling, then there is the extra carbon footprint.
They all want a convenient way of tracking people. And certainly "doing a Tunisian", when required.
The German Way Of "Tunisian":
SSL makes this process a bit inconvenient and might compromise their filthy work's effectiveness. The cost of SSL is negligible for a major web company like facebook.
Biting the hand that feeds IT © 1998–2019