Dangerous And Ridiculous: Facebook Won't Let Sites Join Its Internet.org Program If They Encrypt Traffic

from the bad-move dept

Wed, May 6th 2015 1:45pm — Mike Masnick

Karl touched on this with his recent post on Facebook's Mark Zuckerberg defending his Internet.org and its walled garden of "zero rated" services, but it deserves a separate post. You see, part of Zuckerberg's announcement was that Internet.org was expanding to let in other sites, but there are serious restrictions, and there's a big "sorry, you're not welcome" for sites that use HTTPS to protect the privacy of their users:

To qualify, they must meet three criteria:

they cannot be data-intensive. Videos, high-resolution photos and internet-based voice and video chats are among the banned content

they must be able to run on cheaper feature phones as well as more powerful smartphones. To ensure this is the case, the use of JavaScript, Flash, the secure HTTPS communications protocol and certain other web-based products are not allowed

they should encourage the exploration of the broader internet if possible, to encourage users to ultimately pay for access

You could raise serious questions about all of these conditions, and the kind of walled garden that Zuckerberg is building, but keeping out HTTPS services at a time when the protection it provides is vitally important seems ridiculous.

To be fair, when confronted on this, Zuckerberg claims this is only a temporary situation, mostly driven by the fact that older handsets/browsers can't handle HTTPS, but frankly that's a weak excuse, given the risks associated with unecncrypted traffic.

You'd hope that the answer to this situation isn't "give them insecure internet" but "let's figure out how to secure things before we expose them to dangers online." Zuckerberg keeps going with the "better than nothing" argument here. To him, the limited, walled gardens are "better than nothing." And an security-disabled internet is "better than nothing." But given the risks, shouldn't he be striving for something better? Real access to the real internet in a way that protects the privacy of these users?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: https, security, zero rating
Companies: facebook, internet.org

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 6 May 2015 @ 1:56pm

No HTTPS = no on-line shopping, no private conversation to discuss personal matters, oh and no organizing political actions or protests.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 2:10pm

Did I read that right? Facebook won't allow sites that use https?

Talk about hypocrites. Facebook itself uses the https protocol and they refuse to allow sites to join internet.org if THEY use it too? LOLS

Got something for Mark Zuckerberg and Facebook:

http://s12.postimg.org/hg9kwizbh/image.jpg
[ link to this | view in chronology ]
Spaceman Spiff (profile), 6 May 2015 @ 2:10pm

I'd call Z a shithead
But then that would be an insult to shitheads all over the world!
[ link to this | view in chronology ]
orbitalinsertion (profile), 6 May 2015 @ 2:11pm

I lol at what the founder of FB considers "data intensive". FB is pretty ridiculous in that category for a 'web page'. But yes, that's pretty weak tea regarding HTTPS, "I don't know how."
[ link to this | view in chronology ]
lars626 (profile), 6 May 2015 @ 2:15pm

New->OLD
Let's see here:
1. Can't use broadband applications.
2. Can't use secure transmission
3. Pushes users to paid services.

Inspiration! He should name it AOL.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 2:30pm

He's lying/being misleading. He's referring to working on its own encrypted proxy through which ALL INTERNET.ORG SERVICES DATA WILL PASS.

Quite convenient, no? Let sites themselves use their own encryption so they can be SAFE FROM FACEBOOK as well.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 2:33pm

Not defending Zuckerberg or anything here, but, it does pay to stop and think for a minute about where Internet.org is being deployed and what devices people in these areas have to connect to the internet.
These aren't college kids in Missouri with MacBooks and fibre, this is deep Africa and an old Nokia.
The needs of the customers of Internet.org are not the needs of us, and it is an error to see them like that. It's a kind of cultural myopia.
[ link to this | view in chronology ]
- Anonymous Coward, 6 May 2015 @ 2:58pm
  
  Re:
  Requiring that a site offers HTTP or both HTTP and HTTPS would be a reasonable way to ensure old devices are usable, banning HTTPS is unreasonable.
  [ link to this | view in chronology ]
  - Anonymous Coward, 6 May 2015 @ 3:49pm
    
    Re: Re:
    I think you miss my point slightly. These aren't people doing online banking and tax returns, its more of a community noticeboard.
    [ link to this | view in chronology ]
    - James Burkhardt (profile), 6 May 2015 @ 3:58pm
      
      Re: Re: Re:
      And you miss the problems inherent in that assumption, that they don't WANT to do more with the internet. The types of phones being discussed by Zuckerburg (cheap feature phones) are way more capable then the old Nokias you describe, and its only limited to a community notice board because facebook limits it to being a community notice board, and is still claiming its giving them the internet. ALso, the assumption that the only reason you want secure communications is 'online banking and tax returns' is a bit disingenuous as well. The inability for anyone, including facebook, to know what you are doing on the internet is a big step forward for human rights, and facebook wants to undermine that.
      [ link to this | view in chronology ]
    - PRMan, 6 May 2015 @ 4:03pm
      
      Re: Re: Re:
      You are missing the point. People in these areas do MORE online banking than you or I.
      
      M-Pesa is the #1 app in many parts of Africa.
      [ link to this | view in chronology ]
      - Anonymous Coward, 6 May 2015 @ 4:17pm
        
        Re: Re: Re: Re:
        M-Pesa doesn't seem to be online banking, its more of a micropayment scheme using your pre-pay credit on your phone.
        [ link to this | view in chronology ]
    - Anonymous Coward, 7 May 2015 @ 1:37am
      
      Re: Re: Re:
      What about confidential communications with medical workers, or human rights organizations? Encryption effects more than just banking.
      [ link to this | view in chronology ]
- G Thompson (profile), 7 May 2015 @ 1:02am
  
  Re:
  Nope that's crap too.. Look up "Facebook lite" it's an android App that is ONLY available in non 'western" countries (or by download from non App store places) and you will see it has pure encryption, ability to stream video and high photos, as well as incorporates FB CHAT, Facebook,FB Groups, and EVERYTHING that facebook itself can do..
  
  Oh and it's used by any Android variant from version 2.1 upwards. Also it's been ported to Symbian as well.
  
  Who made it you might ask? Well FACEBOOK themselves did.
  
  How big is it? --- under 300 Kilobytes!
  
  So this bullshit about not able to do SSl, Streaming, or data intense stuff is total BULLSHIT and is another reason why everyone needs to avoid internet.org like the plague and go with other things that are not reliant on a company with major ulterior motives.
  [ link to this | view in chronology ]
- John Fenderson (profile), 7 May 2015 @ 8:29am
  
  Re:
  I had a cheapie flip phone many years ago that could be used to access web sites in a limited fashion. But it could handle HTTPS as well as Javascript. New cheapie flip phones commonly sold in poor countries are even more capable than the ones I had in those days.
  
  Zuckerberg's explanation is shaky at best. The more likely explanation is that they want to be able to examine all traffic to extract data they can monetize.
  [ link to this | view in chronology ]
DannyB (profile), 6 May 2015 @ 2:48pm

An encrypted layer can be built on top of this
Both ends of a connection need encryption. That encryption does not need to be built into the internet infrastructure you are using. All you need is the ability to communicate messages, like raw packets, or 'packet messages' of data over a TCP connection.

Those messages are encrypted blocks. The other end that you connect to has to understand them.

So that other end could be some sort of relay or gateway to the free internet and that gateway would be located in the free world (if there still is such a thing).

On your local end you would have a proxy that your browser connects to. That proxy encrypts traffic and pipes it back and forth between a gateway or gateways in the free world. In fact, the more gateways the better.

Perhaps the next anarchy protocol needs to support 'streams' where every packet of the stream can come from a different IP address. Think like a TCP stream, but each packet of the stream might come from a different TOR exit point. At the receiving end the 'anarchy protocol' support (think the TCP reassembly of packets into a stream) would reassemble packets from diverse IP addresses into the stream from which it started at the other end. This would not only allow encryption, but would significantly hinder traffic analysis. When sending, every packet of an outgoing stream would take a different route and might even go to a different TOR entry point.

Censorship and Spying are damage which will be routed around.
[ link to this | view in chronology ]
dfed (profile), 6 May 2015 @ 3:07pm

Dear Zuckerberg: dump the internet.org brand. IT's boring. I hear Prodigy.net is available...
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 3:22pm

If traffic is encrypted they won't get their government money
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 3:27pm

Think about it...
If this walled garden has encrypted traffic inside it, ol' Zucky & Co. can't snoop on it to profile its users.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 3:45pm

I just don't care. I've never been on Facebook and I'm not missing it now. He can keep his spy apps and sites and hope it pays. I'll not be missing that either.
[ link to this | view in chronology ]
- James Burkhardt (profile), 6 May 2015 @ 3:59pm
  
  Re:
  Glad you have the option to not use facebook. Don't you want everyone to have that option?
  [ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 4:19pm

yes it is dangerous and it is ridiculous but the way sucker mouth works is to to trawl up all the customers info before the feds do. that can then be sold off to the various companies that want to advertise or to keep hammering people with mail and calls! there is absolutely no way he is gonna do anything unless it makes him money!
[ link to this | view in chronology ]
Bob, 6 May 2015 @ 6:22pm

Internet.org is CIA. Time to wake up.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 7:09pm

does zuckerburg use encryption on his personal files though.

My assumption would be yes he is a hypocrite as sees himself as above the little people that helped make him worth so much
[ link to this | view in chronology ]
Coyne Tibbets (profile), 6 May 2015 @ 8:56pm

Internet.org irrelevant
So let me get this straight: Internet.org is adopting a 2005 service model in 2015? That just means that it is obsolete before it starts. It will prove irrelevant.
[ link to this | view in chronology ]
Anonymous Coward, 6 May 2015 @ 11:21pm

So, if this crap gets big will the kids be learning that this pubehead invented the internet?
[ link to this | view in chronology ]
limbodog (profile), 7 May 2015 @ 6:52am

Of course not
What if they advertised something facebook didn't like? No, Facebook needs to be able to monitor it all. Don't worry, they won't abuse that power.
[ link to this | view in chronology ]
Anonymous Coward, 7 May 2015 @ 4:47pm

Actually it is TLS not SSL.
[ link to this | view in chronology ]
lfroen (profile), 7 May 2015 @ 11:49pm

But isn't it Facebook's own business
Unless I'm missing something, this is Facebook's own money. Maybe this idea is bad/wrong/stupid. But dangerous? - give me a break. IIRC nobody forces people to use it, right?
Like it - use it. Don't like - don't use.

To the point - Facebook's argument is "this is better than nothing". I fail to see counter-argument here. Does Mike think that in fact, this is worst than nothing? Why? Because Facebook may profit?

All this "abuse their power" BS is funny. Last time I checked, Facebook is just a website. It's not "Umbrella Corp.", you know. They don't have private army or black helicopters.
It's just a website. Get real.
[ link to this | view in chronology ]
- John Fenderson (profile), 8 May 2015 @ 9:05am
  
  Re: But isn't it Facebook's own business
  "Unless I'm missing something, this is Facebook's own money. Maybe this idea is bad/wrong/stupid. But dangerous?"
  
  It's bad for the internet because it harms the effort to achieve net neutrality in a particularly pernicious way. It's also deceptive because it claims to be providing internet access when really it's just providing access to a limited set of websites. This is teaching the target audience all the wrong things and makes some of the worst abuses of big internet companies (like Facebook) seem normal and acceptable.
  
  "Facebook's argument is "this is better than nothing". I fail to see counter-argument here."
  
  The counter-argument is simple: that's a false dichotomy. The choice isn't between Facebook's approach or nothing.
  
  "Last time I checked, Facebook is just a website."
  
  You should check again. Facebook is a LOT more than just a website.
  [ link to this | view in chronology ]
  - lfroen (profile), 9 May 2015 @ 11:58pm
    
    Re: Re: But isn't it Facebook's own business
    >> The counter-argument is simple: that's a false dichotomy. The choice isn't between Facebook's approach or nothing.
    Facebook is private enterprise. That's up to _them_ what kind of choice to present to their users.
    
    >> You should check again. Facebook is a LOT more than just a website.
    You need a reality check. It _IS_ a website. Oh, you probably mean "it collaborate with another _websites_ to collect " - ... and it is still a website. All Facebook can do is to show me this or another ad. Everything else is your fantasies.
    [ link to this | view in chronology ]
Me, 21 May 2015 @ 2:57am

Stupidos
Most of the "poor" people that internet.org targets are seen come to Europe as "refugees", holding Samsungs far better than mine HTC. Let's be honest - this shit internet.org is because someone is greedy to take over the low educated people in Africa...
[ link to this | view in chronology ]
Sunny, 24 Dec 2015 @ 5:18pm

HTTP to HTPS
I recently switched from http to https and facebook banned/blocked me. So is this the reason? I contacted em but no one has gotten back to me yet.
[ link to this | view in chronology ]