The Hacker Way Forward: How Facebook Can Fix ‘Free Basics’ in Two Simple Moves

Andrew McLaughlin
10 min readMar 27, 2016


Facebook wants to get everyone on the planet connected to the Internet, and fast. It’s a terrific ambition — the poorer and more socially marginalized a person is, the more transformative an Internet connection can be — and a goal Facebook is absolutely sincere and honorably motivated in pursuing.

But the means Facebook has chosen to advance that objective, known as its “Free Basics” program, has run into a global buzzsaw of opposition, even triggering a forceful regulatory rejection in India. Opposition to Free Basics has centered on two aspects: (1) Facebook’s gatekeeping of permitted Internet sites and services, and (2) the centralized routing of participants’ activities through Facebook servers. The good news is that Facebook could easily change each of these elements and reboot its otherwise laudable program, thereby delivering to the most vulnerable and excluded a near-term option for affordable connectivity that embodies the Internet’s best aspirations for openness, freedom, self-determination, and respect for privacy.

Affordability is a genuine barrier for billions of people

The problem of Internet affordability is very real: In most countries, for most people, mobile connectivity is the only viable Internet option, but mobile data is expensive, well beyond the means of most. The statistical litany is familiar, but worth repeating: More than half of us — 4 billion human beings — lack an Internet connection, and cost is the primary prohibitive factor for most. In its impressively researched and rigorously documented annual study published last month, the Alliance for Affordable Internet captures the reality for most of those offline billions:

…the vast majority of those without Internet access today are offline simply because they cannot afford a basic connection. For Norwegians, constant access to fast, uncapped broadband costs little more than the latte many buy every day on the way to the office. For Nigerians, just 500MB of mobile prepaid data can cost more than they spend on their children’s education.

Facebook’s efforts to advance affordable connectivity are well-intentioned and praiseworthy, but flawed

To its great credit, Facebook has begun to invest serious capital and engineering brainpower into a suite of initiatives aimed at addressing Internet reach and affordability across the globe. Jessi Hempel’s terrific Wired story gives an insider’s look at the inventiveness, earnestness, scale, and cost of Facebook’s efforts, such as a Connectivity Lab that is “developing new methods to deliver the net, including lasers, drones, and new artificial intelligence–enhanced software.” Free Basics is a parallel arm of this overall effort, called (not without some controversy)

Of course, it’s true that Facebook is an advertising-powered Internet business whose long-term economic interests improve as greater numbers of people go online. But Facebook’s decision to spend large sums now to expand affordable Internet access to the poorest and least connected among us is a choice, rooted in the values of its leadership. Facebook is making vast profits already; it can spend its cash any way it wants; and it would be entirely rational for the company to limit its outlays to activities that serve users whose attention advertisers covet — i.e., those with disposable income. Facebook’s choice to devote an appreciable chunk of its resources to advancing affordable connectivity for all deserves applause.

Nevertheless, Facebook’s Free Basics program has been met with a striking worldwide groundswell of opposition — and not from Luddites opposed to its aims, but from entrepreneurs, technologists, magnates, and activists whose objections are anchored in two core aspects of the program:

[1] Control: Facebook decides which services are and are not accessible via the Free Basics platform, and

[2] Vulnerability to surveillance: All traffic from all Free Basics users, to all Free Basics services, runs through Facebook servers, and users’ personal data is stored for 90 days.

The objections to [1] Control are many, and I recommend running some searches to get a sense of their breadth and intensity. Simplified a bit, and in my own words, Facebook’s role as gatekeeper of the services accessible through Free Basics has been criticized along several dimensions:

  • Facebook, rather than the marketplace of users, is picking winners and losers, deciding the best sites and services to meet their needs and interests;
  • Innovators and startups can’t even reach or compete for Free Basics users unless they win Facebook’s blessing, a situation that is antithetical to the permission-less openness that is fundamental to the Internet, prevails in advanced economies, and is essential to launching and growing a business online;
  • Facebook is helping carriers violate net neutrality by serving as their bottleneck-by-proxy, and setting a false market expectation of scarcity wherein providers can and will determine what individual users can and cannot do online;
  • Though intended to be marketplace-neutral, Free Basics is, in practice, being hijacked by its partner carriers as an exclusive competitive advantage; and
  • Free Basics embodies a patronizing, top-down attitude toward the poorest and most marginalized, calling to mind colonial regimes that many are old enough to have experienced first-hand.

Facebook argues that Free Basics is a neutral platform, open to any service that meets its technical and non-technical “participation” guidelines. Facebook contends that its requirements are simply aimed at creating good user experiences in low-bandwidth mobile environments, and that it will not withhold its permission for reasons of competition, politics, or point of view. In practice, though, the guidelines are vaguely written, afford wide discretionary latitude to Facebook, and are buttressed with no solidly reliable assurances and no transparency of process, making it impossible to know or trust how decisions are actually being made, and why.

The objections to [2] Vulnerability to surveillance are easier to summarize: Many Free Basics users live in countries in which clandestine monitoring by governments presents a clear and present danger. Even in countries with a meaningful, if inconsistent, rule of law like India, people can be jailed for online speech that would be entirely legal elsewhere. In Bangladesh, bloggers are being murdered for their opinions with appalling frequency, making the privacy of their online activities a matter of life and death.

Free Basics is a proxied content delivery platform, meaning it has been architected in a centralized way, such that (a) all traffic to and from Free Basics users, to all ~300 of its permitted sites and services, runs through Facebook’s proxy servers, creating a single point of surveillance for all non-domestic as well as domestic sites and services, (b) Facebook is gathering navigation data that records its users’ online activities, and will store it for up to 90 days, again creating a repository of data about online speech and activity that the government can order simply Facebook to surrender, and (c) essential security protocols like https are broken in transit, as they must be decrypted by Facebook’s proxies before being re-encrypted and sent on.

Net neutrality demonstration in Karnataka. [Image credit: Viggy Prabhu, Wikipedia.]

For these reasons, among others, activists everywhere from Brazil to the Philippines to Pakistan to Iceland have launched sustained campaigns against Free Basics, and several countries, including India and Egypt, have banned the program outright.

So, despite good intentions and laudable motivations, Free Basics is a program under siege.

The good news, though, is that Facebook could quite easily fix its two core flaws and move forward with a program that is effective, widely supported, and consistent with Internet ideals and good public policy.

In opening a door to the Internet, Facebook doesn’t need to be a gatekeeper

The first fix — about control — is for Facebook simply to stop being a gatekeeper. That sounds entirely too easy, but it really is a straightforward fix well within the power of Facebook’s first-rate mobile engineering teams to execute.

Let’s assume Facebook’s business model for Free Basics will continue to be telecom partnerships in which the mobile carrier eats the cost of free connectivity for participants in exchange for Facebook attracting and delivering a cohort of new customers, some of whom will eventually upgrade from free to paid products. And let’s also assume that, as a result of that model, Free Basics devices — phones with a Free Basics app or embedded code that affords access to the Free Basics platform — must operate within restricted bitrate parameters, meaning that some services, like streaming video, simply can’t be supported. (With these baseline assumptions, we’re setting aside the option that Facebook pursue a different viable business model for subsidized connectivity, like, for example, the Grameenphone/Mozilla FirefoxOS offering that provided 20mb of free mobile data a day, in exchange for watching an ad).

Rather than mandating an application process, vetting supplicants, and maintaining and making happy a list of approved service providers, Facebook could simply enforce all of its service restrictions through code. Entirely consistent with principles of network neutrality, Facebook could provide a stripped-down browser that only renders, for example, mobile-optimized websites built in HTML, but not Javascript, iframes, video files, flash applets, images over a certain size, etc. Facebook can publish the technical specs for its low-bandwidth browser; ideally, those specs would map directly to existing open web standards and best practices for mobile web pages and other services. When the user wants to go to a site or service, the browser makes the request and the target server delivers its response — if the browser can render what the server sends, it does; if it can’t, it tells the user as much. As the operators of websites and online services notice a surge in users with these kinds of Free Basics browsers, they will work to ensure their mobile web offering renders the way they want it to.

In this gatekeeper-less model, neither the user nor the online service has to ask Facebook’s permission to connect with each other. And that’s what makes all the difference. Rather than referring to an approved set of ~300 companies, the word “Basics” in Free Basics would denote any site or service anywhere in the world that provides a standards-compliant, low-bandwidth, mobile-optimized version.

There are many examples where exactly this kind of stripped-down, low-bandwidth mobile browser has worked and worked well. A great example is the web browsing capability that came with the earlier generations of Amazon Kindle devices, which were optimized for text and in many countries included a bundled 3G connection known as Whispernet. Though the data rates were slow, those Kindle browsers were great for quick Wikipedia searches, reviewing online dictionary definitions, and accessing the Kindle store. But crucially, the user could input any URL and the browser would do its best to render whatever the website returned. Some sites like Wikipedia were effectively mobile-optimized, even back in 2008, while others came back as a jumble of maybe-readable elements. Crucially, Amazon did not act as a gatekeeper, deciding by itself what its Kindle customers could and could not do via its primitive browser.

Is it a bad experience for Internet newcomers to discover that some websites — even famous ones — don’t work on their devices? Well, it’s far from the optimal user experience, in which every service works perfectly on every device, every time, but imperfection has pretty much been the mobile Internet norm for everyone until recently. People at every income level and in every corner of the globe have proven again and again that they can quickly figure new technologies out. Given even the most primitive browser and some connectivity, people will quickly learn which sites work, which don’t, which look great, and which are a mess. And the marketplace will respond to their bad experiences, and scramble and compete to deliver better ones. That’s how the Internet economy has worked for the first several billion users, and there’s no reason to think it won’t work for the next several billion as well.

Facebook doesn’t need to be a centralized router of Free Basics traffic

The second fix — about vulnerability to surveillance — is even easier. To meet its objective of getting online those who can’t afford a standard connection, Facebook can address security and surveillance fears by simply stopping to centralize all traffic through its proxies.

The Internet — even in the case of mobile carriers — is designed so that end devices like smartphones can interact, via the network, directly with the websites and online services their owners want. The actual pathways are often a tangle of routes, intercarrier handoffs, content delivery networks, and so on, but the basic idea is that the device talks to the network, the network talks to the server, and then back again. The device makes the request, its upstream network uses the best available routing to answer it, and there’s no need for everything to go through somebody else’s centralized server. (Well, unless we’re talking about situations like a user evading censorship firewalls via an anonymous proxy server, choosing to use a VPN to encrypt all traffic, or browsing from within another service’s mobile app, but those examples don’t undercut the point here, for reasons I’ll doubtless have to explain in the responses.)

Without the intervening proxy, Facebook won’t be operating a central point of surveillance vulnerability, and also won’t be in position to collect or store user browsing history and other navigational data. Of course, Facebook will provide its own Facebook service through Free Basics, thereby collect all the data that it normally collects on its own users, but it won’t be collecting data that could be used to identify users of other sites and services who speak or read disfavored opinions.

Perhaps as importantly, by removing its proxies from the transaction, Facebook’s Free Basics browser can support full end-to-end security protocols like https.

The hacker way forward

Personally, I’m thrilled that Facebook’s leadership is making a huge, multi-pronged effort to bring the least wealthy, most economically (and in many cases, socially) marginalized people around the world onto this global network that can unlock so much opportunity for those who by chance of birth and circumstance have so little. A connected device isn’t magic, it doesn’t solve anything by itself, but it’s a fundamental building block that can make a huge difference in many lives. I salute Facebook for seeking to help get everyone online. (To be fair, I’m also thrilled that the anti-Free Basics revolt in India led to its regulatory agency adopting a strong net neutrality policy.)

One of the most impressive things about Facebook is that it continues to innovate around its core products at unimaginable scale, iterating its interfaces, adding and dropping features, launching new services. My hope is that Facebook’s leadership will view the first version of Free Basics as a worthy and righteous effort, but one that needed some tinkering before they got it right. That’d be the hacker way forward.

Entrance sign to Facebook headquarters. [Image: Wikipedia.]



Andrew McLaughlin

President/COO: Assembly OSM. Partner/co-founder: Higher Ground Labs. Venture guy: betaworks. Board: Access Now. Nerd, really. <>