Tuesday, May 19, 2015 Is Not Neutral, Not Secure, and Not the Internet

Facebook's project, which offers people from developing countries free mobile access to selected websites, has been pitched as a philanthropic initiative to connect two thirds of the world who don’t yet have Internet access. We completely agree that the global digital divide should be closed. However, we question whether this is the right way to do it. As we and others have noted, there's a real risk that the few websites that Facebook and its partners select for (including, of course, Facebook itself) could end up becoming a ghetto for poor users instead of a stepping stone to the larger Internet.
Mark Zuckerberg's announcement of the expansion of the platform earlier this month was aimed to address some of these criticisms. In a nutshell, the changes would allow any website operator to submit their site for inclusion in, provided that it meets the program's guidelines. Those guidelines are neutral as to the subject matter of the site, but do impose certain technical limitations intended to ensure that sites do not overly burden the carrier's network, and that they will work on both inexpensive feature phones and modern smartphones.
Compliance with the guidelines will be reviewed by the team, which may then make the site available for users to access for free, by routing the communication through the proxy server. That proxy server allows the sites to be “zero rated” by participating mobile phone operators; allows the automatic stripping out of content that violates the guidelines—such as images greater than 1Mb in size, videos, VoIP calls, Flash and Java applets and even JavaScript; and inserts an interstitial warning if a user attempts to leave's zero-rated portion of the Internet, so as to prevent users from accidentally being billed for data charges they may not be able to afford and didn't mean to incur.
We agree that some Internet access is better than none, and if that is what actually provided—for example, through a uniformly rate-limited or data-capped free service—then it would have our full support. But it doesn't. Instead, it continues to impose conditions and restraints that not only make it something less than a true Internet service, but also endanger people's privacy and security.
That's because the technical structure of prevents some users from accessing services over encrypted HTTPS connections. As we mentioned above, a critical component of is its proxy server, which traffic must pass through for the zero-rating and the interstitial warning to work correctly. Some devices, like Android phones running's app, have the technical ability to make encrypted HTTPS connections through the proxy server without becoming vulnerable to man-in-the-middle attacks or exposing any data (beyond the domain being requested) to Facebook.'s Android app can also automatically bring up the interstitial warning directly on the phone by using the app to analyze links (as opposed to Facebook serving the warning via its proxy server).
But most inexpensive feature phones that can't run an Android app don't support phone-based warnings or this sort of proxying of HTTPS connections. For these phones, traffic must pass through's proxy unencrypted, which means that any information users send or receive from's services could be read by local police or national intelligence agencies and expose its users to harm. While Facebook is working to solve this problem, it's extremely difficult from a technical perspective, with no obvious solution.
Even if Facebook were able to figure out a way to support HTTPS proxying on feature phones, its position as Internet gatekeepers remains more broadly troublesome. By setting themselves up as gatekeepers for free access to (portions of) the global Internet, Facebook and its partners have issued an open invitation for governments and special interest groups to lobby, cajole or threaten them to withhold particular content from their service. In other words, would be much easier to censor than a true global Internet.


No comments:

Post a Comment