International Journal of Interactive Mobile Technologies (iJIM) – eISSN: 1865-7923 – Vol. 15, No. 03, 2021


Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

Penetration Test for the 3G Internet Service Provider and 

Free Basics Service by Facebook 

https://doi.org/10.3991/ijim.v15i03.18905 

Salim M. Zaki  
Dijlah University College, Baghdad, Iraq 

salimzki@gmail.com 

Abstract—The number of devices connected to the Internet via mobile de-

vices is increasing every day. The cost of mobile data over 3G and 4G networks 

is high in some countries, which pushes many users to browse the internet 

through text-only service. Facebook proposed a free basics service that allows 

users to browse Facebook for free but without showing images. This research 

formats the images on web pages using a method that transfers images over 

text-only networks. This will allow users with low income or slow connections 

to surf text service over the internet with images supported. The main objective 

is to test the free basics service by Facebook and Internet Service Provider over 

3G networks, additionally proposing an image format for text-only networks. 

The proposed algorithm converts .png and .jpg images and posts them on the 

Facebook page. The results from the Facebook page show images that can be 

seen over 3G networks with the free mode enabled. 

Keywords—Facebook, penetration test, mobile data, social network security 

1 Introduction 

Social networks are becoming an essential part of people’s everyday life [1]. Social 

networks’ platforms increase with the number of users and offer different services to 

those users. However, this comes at a cost to privacy and security, and, therefore, se-

curing mobile applications and social networks is vitally important in the development 

process [2]. 

Facebook founded the Internet.org organization [3] with Free Basics service in col-

laboration with cell phone service suppliers in several developing nations [4] [5]. The 

concept of the Digital Divide [6] and Internet.org sets a goal for customers of 3G or 

4G networks to be able to access many web benefits on their cell phone programs 

without subscribing to paid internet service.  The service has expanded to more than 

60 countries across Asia, Africa, and South and Central America, with 25 new coun-

tries included last year. Facebook claims that its objective with Free Basics is to con-

nect more individuals to the internet, with an end goal to control the computerized gap 

between people and web services [7] [8] [3]. Images are an attractive element of any 

web page, which leads to the desire to find a way to allow people to browse images on 

a text-only service as users demand images with good or high resolution [9]. 

4 http://www.i-jim.org

https://doi.org/10.3991/ijim.v15i03.18905


Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

The motivation behind this study is to check the ability of text-only services to ac-

cept special images and continue showing those images to users. Privacy on social 

media is a vital topic nowadays due to large amounts of private data exchanged over 

social media platforms such as Facebook [10] [11]. This study aims to test the quality 

of Free Basics service as few research studies have tested the quality and the ability to 

bypass the limitations of text-only service. Although there are research studies focus-

ing on Free Basics Service by Facebook such as [12] [13] [14] [15], to the best of our 

knowledge, there has been no research on a penetration test for free basics services. 

Additionally, this research is in the scope of “bug bounty,” which is a program that 

rewards experts for finding software bugs in websites, apps and services [16][17]. 

Therefore, this study provides a technique for posting images to Facebook and down-

loading them as .png files over free modes on 3G networks. 

The major contributions of the paper are summarized as follows: 

1. Developing an algorithm that provides images for text-only networks. 

2. Images can be seen on Facebook pages even when enabled via a free mode. 

3. Testing the free basics service provided by Facebook and Internet Service provider 

(ISP) over 3G. 

2 Background 

2.1 What is the service architecture of free basics? 

As shown in Fig. 1, the Free Basics administration includes three autonomous ser-

vice suppliers: (I) the cellular company that agrees to convey information for any Free 

Basics administration at no expense to the end client. (II) Proxy servers by Facebook 

to manage free basics services. (III) the service provided by participants in the service 

such as Wikipedia and Facebook social media site. 

 

Fig. 1. Architecture of Free Basics Service by Facebook 

iJIM ‒ Vol. 15, No. 03, 2021 5



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

2.2 Image file format 

Files provide the vital mechanism for storing, archiving and exchanging image da-

ta. And the choice of the correct file format is an important decision. Today, there 

exists a wide range of standardized file formats, and developers can always find at 

least one image format suitable for their applications [18] [19]. The selection of file 

format is not an easy choice, but there are criteria in place to choose the correct format 

for the application: 

• Type of Image File: Includes binary image, color image, greyscale and special im-

ages. 

• Size on Disk and Compression Technique: One important factor is maximum size 

of the image. The storage requirement of an image file plays an important role in 

selecting the appropriate image file format for an application. The compression 

technique and lossy or lossless is important. 

• Compatibility and Domain: Image file format compatibility is vital when used in 

global application of place such as internet or archive. The file format should 

achieve this factor by choosing the best format that is compatible in different do-

mains such as web browsers and file viewing and editing software. 

Table 1 offers a comparison of the most commonly used image file formats on the 

internet, mobile devices and personal computers. Tagged Image File Format is suita-

ble for archiving but not supported on the web; on the other hand, Graphics Inter-

change Format is supported on the web, but with low resolution. The suitable solution 

is Portable Network Graphics with good resolution and a size that is suitable for web 

design. The Joint Photographic Experts Group became very popular among users and 

designers due to its good features such as resolution and size [20] [19]. 

Table 1.  Summary of Image File Format Features 

Image Format Extension Good Features Shortcomings Application 

Tagged Image 

File Format 

tif, tiff • Storing raster graphics imag-
es. 

• Widely used for different 
applications. 

No wide support 

in web browsers. 

Scanning, word 

processing, optical 

character recogni-
tion. 

Graphics Inter-

change Format 

gif • Wide support on web. 

• Static and dynamic. 

• Portability on many operating 
systems. 

Low resolution 

and poor colors. 

Widely used on web 

and operating sys-

tems. 

Portable Network 

Graphics 

png • Widely used on Internet. 

• Multi-color support. 

• Alpha channel for transparen-
cy. 

No dynamic image 

in one file as is the 
case in GIF for-

mat. 

Web design. 

Joint Photo-

graphic Experts 
Group 

jpg, jpeg • Most widely used image 
format. 

• Good resolution and colors. 

Not well suited for 

line drawings and 
other textual or 

iconic graphics. 

Digital photog-

raphy, Internet and 
social media. 

6 http://www.i-jim.org

https://en.wikipedia.org/wiki/Image_scanner
https://en.wikipedia.org/wiki/Word_processor
https://en.wikipedia.org/wiki/Word_processor
https://en.wikipedia.org/wiki/Optical_character_recognition
https://en.wikipedia.org/wiki/Optical_character_recognition
https://en.wikipedia.org/wiki/Optical_character_recognition


Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

2.3 Data URIs and inline images 

For images and SVG files, the number of HTTP requests can be decreased instead 

of downloading a separate file of the image file; the image data can be represented in 

a format that can be included inside HTML5 or CSS code [21][22]. 

Encoding image data in a string format is done with Base64 encoding. Base64 is a 

collection of comparable binary-to-text encoding structures that represent binary data 

in an American Standard Code for Information Interchange (ASCII) string format by 

translating it into a radix-64 format. Base64 encoding schemes are used to encode 

binary data to be stored and transferred over media that are designed to deal with 

ASCII. This is to guarantee that the data is intact without amendment during the 

transmission process. A number of applications use Base64 such as email using 

MIME, and storing composite data in XML [22][23]. 

The type of data to be encoded is specified first in format of Data URI, such as im-

age/png; the base64 means base-64 encoding. If the base64 is lost, standard URL en-

coding is used instead. An example of Base64 encoding in an image tag of HTML: 

<img 

src=’data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAATUAAA

EuCAIAAABgbBILAAAAAXNSR0I 

Ars4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqG

QAAP……………. AAAA='/> 

3 Methodology 

The software takes an image as input and determines the image’s dimensions. The 

second step is to read the image pixel by pixel to determine the location of each pixel 

and color value in each pixel. Then, the software rewrites the pixel values in textual 

representation in the same locations as the original pixels but inside HTML5 canvas 

element. Fig. 2 shows those steps in the algorithm. 

iJIM ‒ Vol. 15, No. 03, 2021 7



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

 

Fig. 2. Algorithm of Transferring .png and .jpg formats to Images for Free Basics Service 

Fig. 3 depicts the output image described as HTML5 Canvas and JavaScript code 

describing RGB values of each pixel inside an HTML5 document. There is no need 

for an attached image file represented by its path on a server or a link on the internet 

to imbed an image inside a webpage. The produced JavaScript code will describe the 

image for the browser that translates it to a drawing image inside the HTML5 canvas 

element. 

 

Fig. 3. Main Steps of Proposed Algorithm 

8 http://www.i-jim.org



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

4 Testing and Results 

The testing is done in two different ways: 

The first method involves changing settings in the most popular browsers, Firefox 

Mozilla and Google Chrome, to block images from being viewed in the browser. 

Normal images used on webpages with extensions of .png, gif and .jpg can be blocked 

easily using browser settings or add-ons for controlling webpages. Meanwhile, the 

proposed representation of the images could not be blocked and continued showing on 

the webpage. 
The second method involves testing the free basics service from Facebook to show 

that the image representation proposed in this research can be shown on smartphones 

by enabling a free mode that shows text only, and no images or videos can be seen on 

3G networks. 

4.1 Test on web browsers 

The first section of results is taken from examining produced images inside brows-

ers by applying settings of browsers and installed add-ons of web development. These 

results show the ability of some images to avoid image-blocking settings. 

In the beginning, the proposed algorithm is used to represent the input image pixel 

by pixel inside the canvas and then convert it to Base64 image. Fig. 4 below shows 

the button, when clicked, converts the image above the button to the Base64 image 

below the button. 

 

Fig. 4. Drawing Image Pixels 

iJIM ‒ Vol. 15, No. 03, 2021 9



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

The converted image has a similar resolution and is similar in size both in canvas 

and output. Both images can be saved with a .png extension. This is useful for later 

usage to be posted on the Facebook page created for testing, as will be discussed later 

in this section. The representation of each pixel’s location and RGB values requires 

many lines of codes. This increases the size of the HTML document, but with the ad-

vantage of showing the image, but as a canvas. Even though, this large size of repre-

sentation in canvas is a transition phase to produce the required image. 

Fig. 5 shows the inspection of converter inside the browser where values of drawn 

pixels of an image are represented inside a canvas. The Base64 representation is used 

inside src attribute of <img> tag. 

 

Fig. 5. Inspecting Image Conversion Details in Browser 

Fig. 6 shows hiding and disabling images using an add-on installed on Google 

Chrome to manage web development issues. The image is drawn pixel by pixel and 

represented in a canvas, never being blocked or becoming hidden. The trick is that the 

add-on or browser cannot detect the drawn image in canvas as a normal image repre-

sented by tag <img> of HTML or CSS; therefore, it survives the block. However, free 

basics service by Facebook has another way of blocking images when free mode is 

enabled on 3G or 4G networks, which are tested in the next section. 

 

10 http://www.i-jim.org



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

 

 

Fig. 6. Blocking and Hiding Images on Browser by Add-on. 

4.2 Test on free basics service by Facebook 

Facebook can be accessed by 3G or 4G services for free with no paid subscription 

to mobile service provider but as text only, without the ability to see photos. Images 

generated by the algorithm proposed in this paper can be published on Facebook and 

still be available for users without a paid subscription.  

We created a Facebook page [24] and uploaded images classified into two types: 

images generated with the proposed algorithm and normal images used by users on 

Facebook and then tested availability of the images. The smartphone was connected to 

3G network Asia Cell Company, the service provider in Iraq that supports free basics 

service from Facebook. The Facebook application on smartphone setup uses a free 

mode which does not show images, only text. Fig. 7 shows the Facebook page where 

the free mode is enabled and normal images with .png extension do not show up due 

to the policy of free mode that supports text only. 

iJIM ‒ Vol. 15, No. 03, 2021 11



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

 

Fig. 7. Free Mode enabled with Free Basics Service 

Fig. 8 shows that even though free mode is enabled with Free Basics service, the 

image produced by the proposed algorithm is still available and can be downloaded as 

a .png image. The technique we used to produce the image overtakes the free mode 

procedure by representing the image as a series of alphanumeric representation. This 

technique treats the image as text and, therefore, can pass the free mode and still be 

seen by users. 

12 http://www.i-jim.org



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

 

Fig. 8. Image Available with Free Basics and Free Mode 

Histogram of image created and posted to Facebook is in Fig. 9 while it is the same 

as the image converted. This means no changes occurred or affected the original im-

age as posted by the user. 

 

Fig. 9. Histogram of Posted on Facebook Image and Original Image before Conversion 

This issue has been reported to Facebook on its White hat page for reporting secu-

rity issues affecting Facebook functionality.  The report screenshot and response from 

the Facebook team is shown in Fig. 10. The issue was fixed by the Facebook team 

shortly after reporting the issue.  However, the canvas representation of the image can 

still be possible to show images on free basics service, but Facebook does not allow 

iJIM ‒ Vol. 15, No. 03, 2021 13



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

changing the source code of the pages; therefore, we cannot test it at least until after 

we’ve written this manuscript. 

 

Fig. 10. Report and Response from Facebook Team on the Issue 

5 Conclusion 

The image format conversion presented in this paper could overcome the limitation 

of showing images in text-only networks. The code in JavaScript transformed the 

normal image into the pixels’ RGB values and positions; then these values were con-

verted into the Base64 image. The applications and network will deal with transferred 

data as text data, JavaScript and HTML5 codes. This will overcome the limitation of 

banning images from being shown on applications such as the Facebook app connect-

ed over the 3G network. The image format can be manipulated like any other image 

such as dimensions and downloadable as .png with a size very close to the size of 

normal images used on the web. Future work could include applying the premise to 

videos to check its validity on video service websites. Even though the issues were 

solved by the Facebook team, still the idea is applicable over text-only networks. A 

future direction for this study is to decrease the size of the converted image while 

maintaining the resolution. 

14 http://www.i-jim.org



Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

6 References 

[1] M. Kodad and E. M. Jaara, “Towards Increasing Feedbacks and Diffusion of Information 

in Social Networks,” Int. J. Recent Contrib. from Eng. Sci. IT, vol. 4, no. 1, pp. 11–18, 

2016, https://doi.org/10.3991/ijes.v4i1.5477 

[2] V. C. Douglas Kunda, Mumbi Chishimba, Mwenge Mulenga, “An Analysis of Security 

and Performance Concerns in Mobile Web Application Development: Challenges and 

Open Issues,” Int. J. Recent Contrib. from Eng. Sci. IT, vol. 5, no. 3, pp. 26–40, 2017, 

https://doi.org/10.3991/ijes.v5i3.7330 

[3] C. Facebook, “Our Approach - internet.org,” 2020. https://info.internet.org/en/approach/. 

[4] S. Singh, I. Qazi, D. Choffnes, and K. P. Gummadi, “An Empirical Analysis of Facebook’s 

Free Basics Program,” in ACM SIGMETRICS Performance Evaluation Review, 2017, pp. 

37–38, https://doi.org/10.1145/3143314.3078554 

[5] M. Yim, R. Gomez, and M. Carter, “Facebook’s ‘Free Basics’ and Implications for Devel-

opment: IT Identity and Social Capital,” in 50th Hawaii International Conference on Sys-

tem Sciences 2017, 2017, pp. 2590–2599, https://doi.org/10.24251/hicss.2017.313 

[6] A. Scheerder, A. Deursen, and J. Dijk, “Determinants of Internet skills, uses and outcomes. 

A systematic review of the second- and third-level digital divide,” Telemat. Informatics, 

vol. 34, no. 8, pp. 1607–1624, 2017, https://doi.org/10.1016/j.tele.2017.07.007 

[7] K. P. Sen, Rijurekha & Pirzada, Hasnain & Phokeer, Amreesh & Farooq, Zaid & 

Sengupta, Satadal & Choffnes, David & Gummadi, “On the Free Bridge Across the Digital 

Divide: Assessing the Quality of Facebook’s Free Basics Service,” in IMC - ACM, 2016, 

pp. 127–133, https://doi.org/10.1145/2987443.2987485 

[8] A. Chen, N. Feamster, and E. Calandro, “Exploring the walled garden theory: An empirical 

framework to assess pricing effects on mobile data usage,” Telecomm. Policy, vol. 41, no. 

7–8, pp. 587–599, 2017, https://doi.org/10.1016/j.telpol.2017.07.002 

[9] T. Saptariani, S. Madenda, and W. S. Ernastuti, “Accelerating Compression Time of the 

Standard JPEG by Employing the Quantized YCbCr Color Space Algorithm,” Int. J. 

Electr. Comput. Eng., vol. 8, no. 6, pp. 4343–4351, 2018, https://doi.org/10.11591/ijece. 

v8i6.pp4343-4351 

[10] H. T. Wibisono Sukmo Wardhono, Nurizal Dwi Priandani, Mahardeka Tri Ananta, Ko-

mang Candra Brata, “End-to-End Privacy Protection for Facebook Mobile Chat based on 

AES with Multi-Layered MD5,” Int. J. Interact. Mob. Technol., vol. 12, no. 1, pp. 160–

167, 2018. https://doi.org/10.3991/ijim.v12i1.7472 
[11] A. V. Rozhgar Dhyab, “Distance Education Features using Facebook,” Int. J. Interact. 

Mob. Technol., vol. 12, no. 6, pp. 19–34, 2018, https://doi.org/10.3991/ijim.v12i6.9621 

[12] L. Cilliers and A. Samarthya-Howard, “‘Everyone Will Be Connected’: Free Basics in Af-

rica to Support ICT4D,” in Affordability Issues Surrounding the Use of ICT for Develop-

ment and Poverty Reduction, 2018, pp. 28–47. https://doi.org/10.4018/978-1-5225-3179-
1.ch002 

[13] R. Sen et al., “Inside the Walled Garden: Deconstructing Facebook’s Free Basics Pro-

gram,” SIGCOMM Comput. Commun. Rev., vol. 47, no. 5, pp. 12–24, 2017, https://doi. 

org/10.1145/3155055.3155058 

[14] M. C. Julianne Romanosky, “Understanding the Use and Impact of the Zero-Rated Free 

Basics Platform in South Africa,” in In Proceedings of the 2018 CHI Conference on Hu-

man Factors in Computing Systems (CHI ’18), 2018, pp. 1–13, https://doi.org/10.1145/ 

3173574.3173766 

[15] E. Dimogerontakis, R. Meseguer, L. Navarro, S. Ochoa, and L. Veiga, “Design trade-offs 

of crowdsourced web access in community networks,” in IEEE 21st International Confer-

iJIM ‒ Vol. 15, No. 03, 2021 15

https://doi.org/10.3991/ijes.v4i1.5477
https://doi.org/10.3991/ijes.v5i3.7330
https://doi.org/10.1145/3143314.3078554
https://doi.org/10.24251/hicss.2017.313
https://doi.org/10.1016/j.tele.2017.07.007
https://doi.org/10.1145/2987443.2987485
https://doi.org/10.1016/j.telpol.2017.07.002
https://doi.org/10.11591/ijece.v8i6.pp4343-4351
https://doi.org/10.11591/ijece.v8i6.pp4343-4351
https://doi.org/10.3991/ijim.v12i1.7472
https://doi.org/10.3991/ijim.v12i6.9621
https://doi.org/10.4018/978-1-5225-3179-1.ch002
https://doi.org/10.4018/978-1-5225-3179-1.ch002
https://doi.org/10.1145/3155055.3155058
https://doi.org/10.1145/3155055.3155058
https://doi.org/10.1145/3173574.3173766
https://doi.org/10.1145/3173574.3173766


Paper—Penetration Test for the 3G Internet Service Provider and Free Basics Service by Facebook 

 

ence on Computer Supported Cooperative Work in Design (CSCWD), 2019, pp. 24–29, 

https://doi.org/10.1109/cscwd.2017.8066665 

[16] M. Zhao, A. Laszka, T. Maillart, and J. Grossklags, “Crowdsourced Security Vulnerability 

Discovery: Modeling and Organizing Bug-Bounty Programs,” 2016, pp. 1–4. https://doi. 
org/10.5325/jinfopoli.7.2017.0372 

[17] J. Ruohonen and L. Allodi, “A Bug Bounty Perspective on the Disclosure of Web Vulner-

abilities,” in 17th Annual Workshop on the Economics of Information Security, Innsbruck, 

2018, pp. 1–14, doi: arXiv:1805.09850v1. 

[18] Mark J. Burge and W. Burger, Digital Image Processing: An Algorithmic Introduction Us-

ing Java. Springer, 2008. 

[19] S. K., “Digital Image Formats,” in Digital Image Forensics, S. H. and M. N., Eds. New 

York, NY: Springer, 2013, pp. 79–121. https://doi.org/10.1007/978-1-4614-0757-7_3 
[20] C. Bhabatosh،, majumder D. Dutta, and, Digital Image Processing and Analysis, Second. 

New Delhi: PHI Learning Private Limited, 2011. 

[21] E. Weyl, Mobile HTML5: Using the Latest Today. O’Reilly Media, Inc., 2014. 

[22] S. Powers, Painting the Web. O’Reilly Media, Inc., 2008. 

[23] MDN contributors, “Base64,” OnLine, 2020. https://developer.mozilla.org/en-US/docs/ 

Glossary/Base64. 

[24] Salim M. Zaki, “Test Basics,” Online, Facebook.com, 2020. http://www.facebook.com/ 

testbasics/. 

7 Author 

Salim M. Zaki is currently a senior lecturer at department of computer science at 

Dijlah University College, Iraq. His main research interest is related to information 

security, social networks and mobile networks. 

Article submitted 2020-09-27. Resubmitted 2020-12-05. Final acceptance 2020-12-06. Final version 

published as submitted by the authors. 

16 http://www.i-jim.org

https://doi.org/10.1109/cscwd.2017.8066665
https://doi.org/10.5325/jinfopoli.7.2017.0372
https://doi.org/10.5325/jinfopoli.7.2017.0372
https://doi.org/10.1007/978-1-4614-0757-7_3
https://developer.mozilla.org/en-US/docs/Glossary/Base64
https://developer.mozilla.org/en-US/docs/Glossary/Base64
http://www.facebook.com/testbasics/
http://www.facebook.com/testbasics/