May 19, 2015 · 3 minutes

Facebook isn't taking the latest round of criticism for its initiative lying down. Hours after my story about an open letter sent to the company by various advocacy organizations, I received an email from a spokesperson with a response from the company, and direct refutation of the organizations' claims.

Here's the boilerplate response to the company's general criticisms:

We and our critics share a common vision of helping more people gain access to the broadest possible range of experiences and services on the internet. We are convinced that as more and more people gain access to the internet, they will see the benefits and want to use even more services. We believe this so strongly that we have worked with operators to offer basic services to people at no charge, convinced that new users will quickly want to move beyond basic services and pay for more diverse, valuable services.

There isn't much new information in there. Facebook has already said that is a bet that people who receive free Internet access will eventually pay to use all their favorite services. (It's a bit like the "first taste is free" gambit for drug dealers, but with online services and ads instead of drugs and cash.)

Then there's the response to concerns about's security. The organizations had pointed out that the service as it exists doesn't allow for encrypted communications, making activity via the platform easy to crack, track, and monitor for all kinds of business-or-politically-motivated purposes:

The information from May 4 is out of date and was an oversight. Our developer guidelines now explain that we will begin supporting SSL/TLS encryption in the Android app in the coming weeks. We are also investigating how we could provide the same security for web-based access to

 Many of the older browsers connecting to were not designed to properly support encrypted traffic, and given these and other technical constraints, we are working to provide the type of encryption that we know people want with the right protections in place to be effective. In the meantime, content and services relying on SSL/TLS will only appear within the Android app and not on mobile web until we have a solution there as well.

I'm not sure how information that applies today, but will be remedied for some people in the coming weeks, qualifies as "outdated." But at least the company is providing a reason for the troublesome restriction against encrypted services and is taking steps to remedy the problem, at least in its Android application.

And finally there's a response to the related complaint about user privacy. Not allowing encrypted services onto makes that data vulnerable, and it wasn't hard to guess that Facebook might want to learn more about its users. (What's the point of operating a "fishbowl" Internet if you can't look into it?) doesn't share user-level navigation information with any of its partners and there is no requirement for partners to send any of its user information. does receive some data on navigation information, because it needs to determine what traffic can be delivered free of data charges. This information is used, for example, to understand what services are popular, which helps it determine what types of services to launch in other countries. This is explained to people when they sign up for the service and no user-level navigation history is stored beyond 90 days.

So the service isn't sharing information with partners -- which have access to that information anyway -- but it is collecting data so it knows what's popular. Not as nefarious as grabbing someone's communications or monitoring every click, but so far as intrusions into consumer privacy go, that's relatively tame.

There are still plenty of concerns about's operations. The service is a threat to net neutrality, no matter how Facebook tries to spin it, and claiming that the only public information about its technical requirements is "outdated" seems like a convenient excuse, especially given its plans to address the issue.

[illustration by Brad Jonas]