opens to developers, but won’t support encryption over the web – The Verge opened for third-party developers today, offering a clear path for any company that wants to build an app on top of the free-internet service, but the new openness comes with serious restrictions. The most obvious restriction is simple: gets to manage and approve apps, akin to the Apple App Store. If you want to build an app that reaches users, you’ll have build it according to Facebook’s rules, utilizing as little data as possible and staying away from bandwidth-intensive services like VOIP. But some of the new platform rules go far beyond the previous net neutrality concerns, including technical measures that rule out encryption like HTTPS for users connecting over the web.

Unfortunately for users, the HTTPS issues seem to be baked into the core of how is designed. The service works as a proxy, directly managing all traffic to and from the user. According to the developer guidelines, the proxy is designed “to create a standard traffic flow so that operators can properly identify and zero rate your service” — but it also gives a clear view of all the traffic on the network. Low-bandwidth services like Twitter routinely require HTTPS as a way to secure the connection between the user and the service, but that security would be impossible under’s current web proxy setup, creating real concerns for banking or private messaging apps.

An graphic describing the proxy setup

Reached for comment by The Verge, Facebook said would address the problem through an HTTPS-enabled Android app, to be released in June. “Starting with the Android app, we are working to support the type of encrypted services that we know people want with the right protections in place,” a company representative said. “We’re also investigating ways that we could provide the same security for web-based access to, but currently we don’t have a solution that avoids ‘man-in-the-middle’ techniques.”

“We are dependent on existing browsers.”

In the meantime, web access to will represent a real problem for secure services attempting to take root on the service. Any web-based traffic to will be visible not just to the proxy but to all the intermediaries between and the remote server, a necessity of the current proxy setup. “We are dependent on existing browsers on people’s phones that are not aware of the proxy,” the representative said.

Beyond security concerns, the platform continues to draw fire from net neutrality advocates in India, with MediaNama describing it as “a fundamental, permanent change in the way the internet works.” In response, Mark Zuckerberg has insisted that neutrality principles could coexist with a zero-rated platform. “If a local fisherman gets access to free internet services he couldn’t otherwise afford to help him sell more fish and support his family, then that’s good,” Zuckerberg says in the accompanying video, “and we shouldn’t have rules that prevent that.”


Write a Reply or Comment:

Your email address will not be published.*