Internet.org functions by passing all traffic through a proxy service, which the company says allows it to “create a standard traffic flow so that operators can properly identify and zero rate” traffic. HTTPS traffic cannot be detected and routed this way. This means unencrypted traffic will pass through Facebook-controlled servers, raising potential privacy and security concerns.
As first spotted by Medianama, the terms and conditions listed by Facebook for developers who want to participate in the platform specify that traffic will be subject to Facebook’s data retention policies. The terms and conditions that users and developers must agree to also allow the company to analyse usage and even share that information with mobile operators. The Verge points out that banking, private messaging and other applications that depend on encryption would have to steer clear of Internet.org.
Facebook’s technical documentation states that support for SSL/TLS will be implemented within an Android app, and that the company is “investigating ways that we could provide the same security for web-based access to Internet.org”. Content that requires encryption will not be available through Internet.org till then.
Net neutrality concerns remain, as developers and content providers would be forced to sign on in order not to lose customers. Medianama also raises the issue of Facebook becoming more powerful as the source of all content that users see, since there will effectively be a penalty in moving from the Internet.org ecosystem to the open Web.
In February this year, Facebook announced the launch of Internet.org in India as a partnership with Reliance Communications. The move was met by swift negative reactions over its potential to fracture the Internet by creating a pool of preferred websites and services which would not cost users money to access, giving them a massive advantage over competitors. The backlash caused partners to withdraw on principle. Facebook has since denied that Internet.org is a threat to net neutrality.