Home
Internet
Internet News
Internet.org Traffic to be Unencrypted; Privacy and Security Take Backseat

Internet.org Traffic to be Unencrypted; Privacy and Security Take Backseat

By NDTV Correspondent | Updated: 5 May 2015 17:22 IST

New information has come to light about Facebook's Internet.org initiative following the company's announcement of an open platform for Web develpers. Internet.org, which gives users the ability to use specific approved Web services without incurring cellular data charges, will impose a number of restrictions on what exactly developers will be allowed to do, and Facebook will retain the power to approve and reject services. Most notably, SSL/TLS/HTTPS encryption, which is the backbone of Internet security, is explicitly disallowed at present.

Internet.org functions by passing all traffic through a proxy service, which the company says allows it to "create a standard traffic flow so that operators can properly identify and zero rate" traffic. HTTPS traffic cannot be detected and routed this way. This means unencrypted traffic will pass through Facebook-controlled servers, raising potential privacy and security concerns.

As first spotted by Medianama, the terms and conditions listed by Facebook for developers who want to participate in the platform specify that traffic will be subject to Facebook's data retention policies. The terms and conditions that users and developers must agree to also allow the company to analyse usage and even share that information with mobile operators. The Verge points out that banking, private messaging and other applications that depend on encryption would have to steer clear of Internet.org.

Additionally, anything that pushes bandwidth requirements, including video and downloadable files, will be rejected. Photos must be low-resolution and not larger than 1MB. JavaScript, Flash and Java applets, iframes and certain file types are also disallowed.

Facebook's technical documentation states that support for SSL/TLS will be implemented within an Android app by June, and that the company is "investigating ways that we could provide the same security for web-based access to Internet.org". Content that requires encryption will not be available through Internet.org till then. In a statement, Facebook added "We're also investigating ways that we could provide the same security for web-based access to Internet.org, but currently we don't have a solution that avoids 'man-in-the-middle' techniques given we are dependent on existing browsers on people's phones that are not aware of the Internet.org proxy."

Net neutrality concerns remain, as developers and content providers would be forced to sign on in order not to lose customers. Medianama also raises the issue of Facebook becoming more powerful as the source of all content that users see, since there will effectively be a penalty in moving from the Internet.org ecosystem to the open Web.

In February this year, Facebook announced the launch of Internet.org in India as a partnership with Reliance Communications. The move was met by swift negative reactions over its potential to fracture the Internet by creating a pool of preferred websites and services which would not cost users money to access, giving them a massive advantage over competitors. The backlash caused partners to withdraw on principle. Facebook has since denied that Internet.org is a threat to net neutrality.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.