When Facebook opened its Internet.org platform to developers back in May, it came with a big caveat: every service running on the platform had to transmit its data in the clear, without encryption. But five months later, the platform is changing that, enabling millions in the developing world to use encrypted services like Twitter and messaging to be used without data charges.
It's part of Internet.org's larger mission to provide a free platform for web services in the developing world. Through a partnership with carriers, Internet.org waives data charges for a set of core services (renamed today as Free Basics), giving poor users free access to a bare-bones version of the web. Many net neutrality advocates have criticized that setup as a zero-rating scheme that gives free-data apps an unfair advantage over paid-data competitors.
The system requires Internet.org to work as a proxy between users and the wider internet, compressing traffic for efficiency and stripping out any extraneous data requests, which ruled out conventional HTTPS. Since the proxy needs to inspect and potentially alter traffic as it passes through, it's impossible to deploy truly end-to-end web encryption. Instead, Internet.org has opted for a two-part system, encrypting all web traffic between the user and Internet.org servers, then passing along the traffic to the host with whatever encryption the host wishes to deploy. (Encrypted access is also available through Internet.org's Android app, which launched in June.) The result secures traffic whenever it travels over the public web, but still gives Internet.org central access to the all the data sent through the service.
The new system gives internet.org users a secure way to connect
At the same time, Internet.org is pledging not to store any data on how people actually use the services. In its new data retention policy, the service promises to only store domain name information and the amount of data used, along with device information that would be visible even if the traffic were encrypted. More detailed information will still be visible to internet.org, but the platform says it won't collect that data.
The new system gives internet.org users a secure way to connect, solving one of the biggest problems facing the project. Still, it will do little to address the concerns of net neutrality advocates, who see Internet.org giving Facebook too much power over the services available to users in the developing world. The service has already expanded access to one billion people across 19 different countries, moving into South Africa, Senegal, and Bolivia this past summer.