New information has come to light about Facebook's Internet.org initiative following the company's announcement of an open platform for Web develpers. Internet.org, which gives users the ability to use specific approved Web services without incurring cellular data charges, will impose a number of restrictions on what exactly developers will be allowed to do, and Facebook will retain the power to approve and reject services. Most notably, SSL/TLS/HTTPS encryption, which is the backbone of Internet security, is explicitly disallowed at present.
Internet.org functions by passing all traffic through a proxy service, which the company says allows it to "create a standard traffic flow so that operators can properly identify and zero rate" traffic. HTTPS traffic cannot be detected and routed this way. This means unencrypted traffic will pass through Facebook-controlled servers, raising potential privacy and security concerns.
As
first spotted by Medianama, the terms and conditions listed by
Facebook for developers who want to participate in the platform specify that traffic will be subject to Facebook's data retention policies. The terms and conditions that users and developers must agree to also allow the company to analyse usage and even share that information with mobile operators.
The Verge points out that banking, private messaging and other applications that depend on encryption would have to steer clear of Internet.org.
Additionally, anything that pushes bandwidth requirements, including video and downloadable files, will be rejected. Photos must be low-resolution and not larger than 1MB. JavaScript, Flash and Java applets, iframes and certain file types are also disallowed.
Facebook's
technical documentation states that support for SSL/TLS will be implemented within an Android app by June, and that the company is "investigating ways that we could provide the same security for web-based access to Internet.org". Content that requires encryption will not be available through Internet.org till then. In a statement, Facebook added "We're also investigating ways that we could provide the same security for web-based access to Internet.org, but currently we don't have a solution that avoids 'man-in-the-middle' techniques given we are dependent on existing browsers on people's phones that are not aware of the Internet.org proxy."
Net neutrality concerns remain, as developers and content providers would be forced to sign on in order not to lose customers. Medianama also raises the issue of Facebook becoming more powerful as the source of all content that users see, since there will effectively be a penalty in moving from the Internet.org ecosystem to the open Web.
In February this year, Facebook announced
the launch of Internet.org in India as a partnership with Reliance Communications. The move was met by swift negative reactions over its
potential to fracture the Internet by creating a pool of preferred websites and services which would not cost users money to access, giving them a massive advantage over competitors. The backlash caused partners to
withdraw on principle. Facebook has since
denied that Internet.org is a threat to net neutrality.