<nettime> EFF: Internet.org Is Not Neutral, Not Secure, and Not the Internet

[nettime's avid reader <nettime@kein.org>]

https://www.eff.org/deeplinks/2015/05/internetorg-not-neutral-not-secure-and-not-internet


Facebook's Internet.org project, which offers people from developing
countries free mobile access to selected websites, has been pitched as
a philanthropic initiative to connect two thirds of the world who
donât yet have Internet access. We completely agree that the global
digital divide should be closed. However, we question whether this is
the right way to do it. As we and others have noted, there's a real
risk that the few websites that Facebook and its partners select for
Internet.org (including, of course, Facebook itself) could end up
becoming a ghetto for poor users instead of a stepping stone to the
larger Internet.

Mark Zuckerberg's announcement of the expansion of the Internet.org
platform earlier this month was aimed to address some of these
criticisms. In a nutshell, the changes would allow any website
operator to submit their site for inclusion in Internet.org, provided
that it meets the program's guidelines. Those guidelines are neutral
as to the subject matter of the site, but do impose certain technical
limitations intended to ensure that sites do not overly burden the
carrier's network, and that they will work on both inexpensive feature
phones and modern smartphones.

Compliance with the guidelines will be reviewed by the Internet.org
team, which may then make the site available for Internet.org users to
access for free, by routing the communication through the Internet.org
proxy server. That proxy server allows the sites to be âzero ratedâ by
participating mobile phone operators; allows the automatic stripping
out of content that violates the guidelinesâsuch as images greater
than 1Mb in size, videos, VoIP calls, Flash and Java applets and even
JavaScript; and inserts an interstitial warning if a user attempts to
leave Internet.org's zero-rated portion of the Internet, so as to
prevent users from accidentally being billed for data charges they may
not be able to afford and didn't mean to incur.

We agree that some Internet access is better than none, and if that is
what Internet.org actually providedâfor example, through a uniformly
rate-limited or data-capped free serviceâthen it would have our full
support. But it doesn't. Instead, it continues to impose conditions
and restraints that not only make it something less than a true
Internet service, but also endanger people's privacy and security.

That's because the technical structure of Internet.org prevents some
users from accessing services over encrypted HTTPS connections. As we
mentioned above, a critical component of Internet.org is its proxy
server, which traffic must pass through for the zero-rating and the
interstitial warning to work correctly. Some devices, like Android
phones running Internet.org's app, have the technical ability to make
encrypted HTTPS connections through the proxy server without becoming
vulnerable to man-in-the-middle attacks or exposing any data (beyond
the domain being requested) to Facebook. Internet.org's Android app
can also automatically bring up the interstitial warning directly on
the phone by using the app to analyze links (as opposed to Facebook
serving the warning via its proxy server).

But most inexpensive feature phones that can't run an Android app
don't support phone-based warnings or this sort of proxying of HTTPS
connections. For these phones, traffic must pass through
Internet.org's proxy unencrypted, which means that any information
users send or receive from Internet.org's services could be read by
local police or national intelligence agencies and expose its users to
harm. While Facebook is working to solve this problem, it's extremely
difficult from a technical perspective, with no obvious solution.

Even if Facebook were able to figure out a way to support HTTPS
proxying on feature phones, its position as Internet gatekeepers
remains more broadly troublesome. By setting themselves up as
gatekeepers for free access to (portions of) the global Internet,
Facebook and its partners have issued an open invitation for
governments and special interest groups to lobby, cajole or threaten
them to withhold particular content from their service. In other
words, Internet.org would be much easier to censor than a true global
Internet.

While we applaud Facebook's efforts to encourage more websites to
provide support for low-end feature phones by stripping out âheavyâ
content, we would like to see Internet.org try harder to achieve its
very worthy objective of connecting the remaining two thirds of the
world to the Internet. We have confidence that it would be possible to
provide a limited free Internet access service that is secure, and
that doesn't rely on Facebook and its partners to maintain a central
list of approved sites. Until then, Internet.org will not be living up
to its promise, or its name.




#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org