Article 43


Monday, January 15, 2018

Finlands Universal Basic Income Trial

image: inequality

What We Can Learn From Finlands Basic Income Experiment

By Tim Ward
July 26, 2017

Finland’s Failed Experiment?

Universal basic income (UBI) is a hot topic in the world today. So far, however, very few experiments have been conducted to ascertain precisely how best to implement such a system. For that reason, a small-scale UBI experiment in Finland has drawn much attention as one of the few real-world examples we have of how UBI could work.

The trial BEGAN earlier this year and is being managed by Kela, the national social-insurance institute. Kela selected 2,000 Finns between the ages of 25 and 58, each of whom was receiving some form of unemployment benefits, to receive 560 (about $645) per month.

In theory, this project would give the world new insights into the logistics and consequences of introducing a UBI system. However, the trial has been riddled with issues and mistakes from the start due to improper planning and a troubled political environment, and now, it is little more than a lesson of how not to run a UBI experiment.

Among the most serious errors was a slashing of the sample size to just one-fifth the number suggested in the original proposition. This extremely small dataset is not enough to be scientifically viable.

Additionally, the trial kicked off during a period of economic turmoil in Finland. The country’s economy had suffered three recessions since 2008, and this state-sponsored UBI project was launched in a time of economic austerity.

Although the results of the project, which will be announced in 2019, may give us some insights into the viability of future UBI programs, even those who designed the Finnish experiment are skeptical of its validity. Olli Kangas, Kelas coordinator for the program, TOLD THE ECONOMIST that it was currently in a state of neglect, comparing politicians’ actions to “small boys with toy cars who become bored and move on.”

A Worldwide Question

Universal basic income has been proposed as a solution to two issues that are currently shaking society: poverty and the integration of artificial intelligence (AI) into the jobs sector. In an INTERVIEW WITH THE GUARDIAN, Stephen Hawking warned that the latter will cause “job destruction deep into the middle classes,” and ELON MUSK HAS ASSERTED that there will be fewer and fewer jobs that “a robot cannot do better” as the technology develops.

The idea of a UBI system is to automatically award every citizen with a state-sponsored wage, which could then be augmented by further work. This would provide those displaced by robotic systems with a way to support themselves on the most basic level.

Although Finland’s lackluster experiment remains the largest state-sponsored experiment to date, various governments are considering conducting their own UBI trials.

India, the world’s largest democratic country, has endorsed the system claiming in a report that it is “basically the way forward” - and is now considering the best way to introduce it to its populous. The state of Hawaii, which also recently accepted the terms of the Paris Agreement despite Donald Trump’s federal withdrawal, has also announced on Reddit that they will “begin evaluating universal basic income.”

The system is not without its skeptics, however. Experts question who would provide the money to fund such projects, asserting that a universal basic income of $10,000 a year per person could add approximately $3 trillion to national spending in the U.S.

Individuals such as Mark Cuban and Robert Gordon, an economist at Northwestern University, have suggested that we should optimize existing benefits systems. Gordon told the MIT Technology Review that his idea is to make ԓbenefits more generous to reach a reasonable minimum, expand the Earned Income Tax Credit, and greatly expand preschool care for children who grow up in poverty.

We won’t know for sure how effective a UBI could be until someone actually implements an experiment large enough to provide meaningful data, and right now, Finland doesnt appear to be that entity.



Money for nothing: is Finland’s universal basic income trial too good to be true?

Europe’s first national experiment in giving citizens free cash has attracted huge media attention. But one year in, what does this project really hope to prove?

By Jon Henley in Helsinki
January 12, 2018

One year on from its launch, the world remains fascinated by Finland’s groundbreaking universal basic income trial: Europe’s first national, government-backed experiment in giving citizens free cash.

In January 2017, the Nordic nation began paying a random but mandatory sample of 2,000 unemployed people aged 25 to 58 a monthly L560 (475). There is no obligation either to seek or accept employment during the two years the trial lasts, and any who do take a job will continue to receive the same amount.

With the likes of Mark Zuckerberg, Stephen Hawking, Elon Musk and Bernie Sanders all proponents of a universal basic income (UBI) model, Finnish officials and participants have been inundated with media requests from around the globe. One participant who hoped to start his own business with the help of the unconditional monthly payment complained that, after speaking to 140 TV crews and reporters from as far afield as Japan and Korea, he has simply not been able to find the time.

But amid this unprecedented media attention, the experts who devised the scheme are concerned it is being misrepresented. “It’s not really what people are portraying it as,” said Markus Kanerva, an applied social and behavioural sciences specialist working in the prime ministers office in Helsinki.

“A full-scale universal income trial would need to study different target groups, not just the unemployed. It would have to test different basic income levels, look at local factors. This is really about seeing how a basic unconditional income affects the employment of unemployed people.”

While UBI tends often to be associated with progressive politics, Finland’s trial was launched - at a cost of around 20m ($17.7m) - by a centre-right, austerity-focused government interested primarily in spending less on social security and bringing down Finland’s stubborn 8%-plus unemployment rate. It has a very clear purpose: to see whether an unconditional income might incentivise people to take up paid work.

Authorities believe it will shed light on whether unemployed Finns, as experts believe, are put off taking up a job by the fear that a higher marginal tax rate may leave them worse off. Many are also deterred by having to reapply for benefits after every casual or short-term contract.

“It’s partly about removing disincentives,” explained Marjukka Turunen, who heads the legal unit at Finland’s social security agency, Kela, which is running the experiment. Kanerva describes the trial as an experiment in “smoothing out the system.”

To maintain privacy and avoid bias, Kela is not contacting any of the 2,000 participants for the duration of the two-year trial. A handful have given interviews to journalists (several have said they feel less stressed thanks to the scheme), but no official conclusions are yet being drawn from these anecdotal experiences.

According to Kanerva, however, the core data the government is seeking on whether, and how, the job take-up of the 2,000 unemployed people in the trial differs from a 175,000-strong control group - will be robust, and usable in future economic modelling when it is published in 2019.

Unintended benefits

The idea of UBI had been circulating in left-of-centre political circles in Finland since the 1980s, mainly as a way to combat the economic and social consequences of falling industrial employment by freeing all from students to the elderly; stay-at-home parents to the unemployed - to make meaningful contributions to society by, for example, volunteering.

Appealing both to the left (who believe it can cut poverty and inequality) and, more recently, to the right (as a possible way to a leaner, less bureaucratic welfare system), UBI looks all the more attractive amid warnings that automation could threaten up to a third of current jobs in the west within 20 years. Other basic income schemes are now being tested from Ontario to rural Kenya, and Glasgow to Barcelona.

But there is little consensus so far on what UBI should look like in practice, or even on the questions that need to be answered first: which model to adopt, what level of payment, how to combine UBI fairly with other social security benefits, and how the tax and pension system should treat it.

For UBI purists, the fact that the monthly Finnish payment roughly equivalent to basic unemployment benefit - is going to a strictly limited group, and is not enough to live on, disqualifies the Finnish scheme. But while it may not reveal as much as a broader trial would have, the schemes designers are confident it will shed new light on several key social policy issues.

For example, Kela hopes additional data that is being collected as part of the trial from healthcare records will provide useful information on whether the security of a guaranteed unconditional income, paid in advance so beneficiaries can budget for it, might have a positive impact on anxiety, prescription drug consumption or doctor’s visits.

One participant has said she is less anxious because she no longer has to worry over calls from the job centre offering a job she can’t accept because she is caring for her elderly parents, Turunen said. “We may be able to see from the trial data whether it has had unintended benefits - such as reduced medical costs.”

The trial data may also allow the government to spend less on bureaucracy by simplifying Finland’s complex social security system - currently, it offers more than 40 different means-tested benefits - which is struggling to cope with a 21st-century labour market of part timers, short-term contracts and start-ups.

The benefit system is simply “not suited to modern working patterns,” Turunen said. “We have too many benefits. People don’t understand what they’re entitled to or how they can get it. Even experts don’t understand. For example, it’s very hard to be in the benefit system in Finland if you are self-employed - you have to prove your income time and time and time again.”

Perhaps most significantly, “the trial marks a real breakthrough for field experiments,” according to Kanerva. Rolled out in record time and after a brief, one-line pledge in the governments platform, it had to function alongside all existing social security laws and clear numerous legal obstacles - including Finland’s constitution, which requires all citizens to be treated equally.

“It was a huge effort to get it over the line,” Turunen said. “The government was determined it must be based on specific legislation - most experiments are not and that it had to launch in January last year ... It was quite a task.”

The Finnish experiment’s design and objectives mean it should perhaps not really be seen as a full-blown UBI trial at all, cautioned Kanerva: People think we’re launching universal basic income. Were not. W’֒re just trialling one kind of model, with one income level and one target group.

But as experts around the world increasingly debate how a bold but ill-defined concept might actually work in practice, the Finnish experiment will at least “produce meaningful results - albeit in a limited field,” according to Kanerva. In an area where convictions are often more abundant than facts, It has forced people to talk specifics.


Posted by Elvis on 01/15/18 •
Section Revelations
View (0) comment(s) or add a new one
Printable viewLink to this article

Session Replay Scripts

pc-eye.jpg alt:images: snoppy pc

This is the first post in our “No Boundaries” series, in which we reveal how third-party scripts on websites have been extracting personal information in increasingly intrusive ways. [0]

By Steven Englehardt, Gunes Acar, and Arvind Narayanan
Freedom To Tinker
November 15, 1017

Update: we’ve released our data the list of sites with session-replay scripts, and the sites where we’ve confirmed recording by third parties.

You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make.  But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.

The stated purpose of this data collection includes gathering insights into how users interact with websites and discovering broken or confusing pages. However the extent of data collected by these services far exceeds user expectations [1]; text typed into forms is collected before the user submits the form, and precise mouse movements are saved, all without any visual indication to the user. This data can’t reasonably be expected to be kept anonymous. In fact, some companies allow publishers to explicitly link recordings to a users real identity.

For this study we analyzed seven of the top session replay companies (based on their relative popularity in our measurements [2]). The services studied are Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam. We found these services in use on 482 of the Alexa top 50,000 sites.


What can go wrong? In short, a lot.

Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes.

The replay services offer a combination of manual and automatic redaction tools that allow publishers to exclude sensitive information from recordings. However, in order for leaks to be avoided, publishers would need to diligently check and scrub all pages which display or accept user information. For dynamically generated sites, this process would involve inspecting the underlying web applications server-side code. Further, this process would need to be repeated every time a site is updated or the web application that powers the site is changed.

A thorough redaction process is actually a requirement for several of the recording services, which explicitly forbid the collection of user data. This negates the core premise of these session replay scripts, who market themselves as plug and play. For example, Hotjar’s homepage advertises: Set up Hotjar with one scriptin a matter of seconds and Smartlooks sign-up procedure features their scripttag next to a timer with the tagline every minute you lose is a lot of video.

To better understand the effectiveness of these redaction practices, we set up test pages and installed replay scripts from six of the seven companies [3]. From the results of these tests, as well as an analysis of a number of live sites, we highlight four types of vulnerabilities below:

1. Passwords are included in session recordings. All of the services studied attempt to prevent password leaks by automatically excluding password input fields from recordings. However, mobile-friendly login boxes that use text inputs to store unmasked passwords are not redacted by this rule, unless the publisher manually adds redaction tags to exclude them. We found at least one website where the password entered into a registration form leaked to SessionCam, even if the form is never submitted.

2. Sensitive user inputs are redacted in a partial and imperfect way. As users interact with a site they will provide sensitive data during account creation, while making a purchase, or while searching the site. Session recording scripts can use keystroke or input element loggers to collect this data.

All of the companies studied offer some mitigation through automated redaction, but the coverage offered varies greatly by provider. UserReplay and SessionCam replace all user input with an equivalent length masking text, while FullStory, Hotjar, and Smartlook exclude specific input fields by type. We summarize the redaction of other fields in the table below.


Automated redaction is imperfect; fields are redacted by input element type or heuristics, which may not always match the implementation used by publishers. For example, FullStory redacts credit card fields with the `autocomplete` attribute set to `cc-number`, but will collect any credit card numbers included in forms without this attribute.


To supplement automated redaction, several of the session recording companies, including Smartlook, Yandex, FullStory, SessionCam, and Hotjar allow sites to further specify inputs elements to be excluded from the recording. To effectively deploy these mitigations a publisher will need to actively audit every input element to determine if it contains personal data. This is complicated, error prone and costly, especially as a site or the underlying web application code changes over time. For instance, the financial service site has several redaction rules for Clicktale that involve nested tables and child elements referenced by their index. In the next section we further explore these challenges.

A safer approach would be to mask or redact all inputs by default, as is done by UserReplay and SessionCam, and allow whitelisting of known-safe values. Even fully masked inputs provide imperfect protection. For example, the masking used by UserReplay and Smartlook leaks the length of the user’s password

3. Manual redaction of personally identifying information displayed on a page is a fundamentally insecure model. In addition to collecting user inputs, the session recording companies also collect rendered page content. Unlike user input recording, none of the companies appear to provide automated redaction of displayed content by default; all displayed content in our tests ended up leaking.

Instead, session recording companies expect sites to manually label all personally identifying information included in a rendered page. Sensitive user data has a number of avenues to end up in recordings, and small leaks over several pages can lead to a large accumulation of personal data in a single session recording.

For recordings to be completely free of personal information, a sites web application developers would need to work with the site’s marketing and analytics teams to iteratively scrub personally identifying information from recordings as its discovered. Any change to the site design, such as a change in the class attribute of an element containing sensitive information or a decision to load private data into a different type of element requires a review of the redaction rules.

As a case study, we examine the pharmacy section of, which embeds FullStory. Walgreens makes extensive use of manual redaction for both displayed and input data. Despite this, we find that sensitive information including medical conditions and prescriptions are leaked to FullStory alongside the names of users.

We do not present the above examples to point fingers at a certain website. Instead, we aim to show that the redaction process can fail even for a large publisher with a strong, legal incentive to protect user data. We observed similar personal information leaks on other websites, including on the checkout pages of Lenovo [5]. Sites with less resources or less expertise are even more likely to fail.

4. Recording services may fail to protect user data. Recording services increase the exposure to data breaches, as personal data will inevitably end up in recordings. These services must handle recording data with the same security practices with which a publisher would be expected to handle user data.

We provide a specific example of how recording services can fail to do so. Once a session recording is complete, publishers can review it using a dashboard provided by the recording service. The publisher dashboards for Yandex, Hotjar, and Smartlook all deliver playbacks within an HTTP page, even for recordings which take place on HTTPS pages. This allows an active man-in-the-middle to injecting a scriptinto the playback page and extract all of the recording data. Worse yet, Yandex and Hotjar deliver the publisher page content over HTTP - data that was previously protected by HTTPS is now vulnerable to passive network surveillance.

The vulnerabilities we highlight above are inherent to full-page session recording. That’s not to say the specific examples can’t be fixed indeed, the publishers we examined can patch their leaks of user data and passwords. The recording services can all use HTTPS during playbacks. But as long as the security of user data relies on publishers fully redacting their sites, these underlying vulnerabilities will continue to exist.

Does tracking protection help?

Two commonly used ad-blocking lists EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts. EasyPrivacy has filter rules that block Yandex, Hotjar, ClickTale and SessionCam.

At least one of the five companies we studied (UserReplay) allows publishers to disable data collection from users who have Do Not Track (DNT) set in their browsers. We scanned the configuration settings of the Alexa top 1 million publishers using UserReplay on their homepages, and found that none of them chose to honor the DNT signal.

Improving user experience is a critical task for publishers. However it shouldn’t come at the expense of user privacy.

End notes:

[0] We use the term exfiltrate in this series to refer to the third-party data collection that we study. The term leakageђ is sometimes used, but we eschew it, because it suggests an accidental collection resulting from a bug. Rather, our research suggests that while not necessarily malicious, the collection of sensitive personal data by the third parties that we study is inherent in their operation and is well known to most if not all of these entities. Further, there is an element of furtiveness; these data flows are not public knowledge and neither publishers nor third parties are transparent about them.

[1] A recent analysis of the company Navistone, completed by Hill and Mattu for Gizmodo, explores how data collection prior to form submission exceeds user expectations. In this study, we show how analytics companies collect far more user data with minimal disclosure to the user. In fact, some services suggest the first party sites simply include a disclaimer in their sites privacy policy or terms of service.

[2] We used OpenWPM to crawl the Alexa top 50,000 sites, visiting the homepage and 5 additional internal pages on each site. We use a two-step approach to detect analytics services which collect page content.

First, we inject a unique value into the HTML of the page and search for evidence of that value being sent to a third party in the page traffic. To detect values that may be encoded or hashed we use a detection methodology similar to previous work on email tracking. After filtering out leak recipients, we isolate pages on which at least one third party receives a large amount of data during the visit, but for which we do not detect a unique ID. On these sites, we perform a follow-up crawl which injects a 200KB chunk of data into the page and check if we observe a corresponding bump in the size of the data sent to the third party.

We found 482 sites on which either the unique marker was leaked to a collection endpoint from one of the services or on which we observed a data collection increase roughly equivalent to the compressed length of the injected chunk. We believe this value is a lower bound since many of the recording services offer the ability to sample page visits, which is compounded by our two-step methodology.

[3] One company (Clicktale) was excluded because we were unable to make the practical arrangements to analyze script’s functionality at scale.

[4] FullStory’s terms and conditions explicitly classify health or medical information, or any other information covered by HIPAA as sensitive data and asks customers to not provide any Sensitive Data to FullStory.

[5] is another example of a site which leaks user data in session recordings.

[6] We used the default scripts available to new accounts for 5 of the 6 providers. For UserReplay, we used a scripttaken from a live site and verified that the configuration options match the most common options found on the web.



Website operators are in the dark about privacy violations by third-party scripts

By Arvind Narayanan
Freedom To Tinker
January 12, 2018

Recently we revealed that session replayӔ scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information in real time, as you type it. We released the data behind our findings, including a list of 8,000 sites on which we observed session-replay scripts recording user data.

As one case study of these 8,000 sites, we found health conditions and prescription data being exfiltrated from These are considered Protected Health Information under HIPAA. The number of affected sites is immense; contacting all of them and quantifying the severity of the privacy problems is beyond our means. We encourage you to check out our data release and hold your favorite websites accountable.

Student data exfiltration on Gradescope

As one example, a pair of researchers at UC San Diego read our study and then noticed that Gradescope, a website they used for grading assignments, embeds FullStory, one of the session replay scripts we analyzed. We investigated, and sure enough, we found that student names and emails, student grades, and instructor comments on students were being sent to FullStoryגs servers. This is considered Student Data under FERPA (US educational privacy law). Ironically, Princetons own Information Security course was also affected. We notified Gradescope of our findings, and they removed FullStory from their website within a few hours.

You might wonder how the companiesҒ privacy policies square with our finding. As best as we can tell, Gradescopes Terms of Service actually permit this data exfiltration [1], which is a telling comment about the ineffectiveness of Terms of Service as a way of regulating privacy.

FullStoryҒs Terms are a different matter, and include a clause stating: Customer agrees that it will not provide any Sensitive Data to FullStory.Ӕ We argued previously that this repudiation of responsibility by session-replay scripts puts website operators in an impossible position, because preventing data leaks might require re-engineering the site substantially, negating the core value proposition of these services, which is drag-and-drop deployment. Interestingly, Gradescopes CEO told us that they were not aware of this requirement in FullStoryҒs Terms, that the clause had not existed when they first signed up for FullStory, and that they (Gradescope) had not been notified when the Terms changed. [2]

Web publishers kept in the dark

Of the four websites we highlighted in our previous post and this one (Bonobos, Walgreens, Lenovo, and Gradescope), three have removed the third-party scripts in question (all except Lenovo). As far as we can tell, no publisher (website operator) was aware of the exfiltration of sensitive data on their own sites until our study. Further, as mentioned above, Gradescope was unaware of key provisions in FullStorys Terms of Service. This is a pattern weҒve noticed over and over again in our six years of doing web privacy research.

Worse, in many cases the publisher has no direct relationship with the offending third-party script. In Part 2 of our study we examined two third-party scripts which exploit a vulnerability in browsers built-in password managers to exfiltrate user identities. One web developer was unable to determine how the scriptwas loaded and asked us for help. We pointed out that their site loaded an ad network (, which in turn loaded, which finally loaded the offending scriptfrom Audience Insights. These chains of redirects are ubiquitous on the web, and might involve half a dozen third parties. On some websites the majority of third parties have no direct relationship with the publisher.

Most of the advertising and analytics industry is premised on keeping not just users but also website operators in the dark about privacy violations. Indeed, the effort required by website operators to fully audit third parties would negate much of the benefit of offloading tasks to them. The ad tech industry creates a tremendous negative externality in terms of the privacy cost to users.

Can we turn the tables?

The silver lining is that if we can explain to web developers what third parties are doing on their sites, and empower them to take control, that might be one of the most effective ways to improve web privacy. But any such endeavor should keep in mind that web publishers everywhere are on tight budgets and may not have much privacy expertise.

To make things concrete, here’s a proposal for how to achieve this kind of impact:

Create a 1-pager summarizing the bare minimum that website operators need to know about web security, privacy, and third parties, with pointers to more information.

Create a tailored privacy report for each website based on data that is already publicly available through various sources including our own data releases.

Build open-source tools for website operators to scan their own sites [3]. Ideally, the tool should make recommendations for privacy-protecting changes based on the known behavior of third parties.

Reach out to website operators to provide information and help make changes. This step doesn’t scale, but is crucial.

If you’re interested in working with us on this, wed love to hear from you!


We are grateful to UCSD researchers Dimitar Bounov and Sorin Lerner for bringing the vulnerabilities on to our attention.

[1] Gradescope’s terms of use state: “By submitting Student Data to Gradescope, you consent to allow Gradescope to provide access to Student Data to its employees and to certain third party service providers which have a legitimate need to access such information in connection with their responsibilities in providing the Service.”

[2] The Wayback Machine does not archive FullStory’s Terms page far enough back in time for us to independently verify Gradescope’s statement, nor does FullStory appear in ToSBack, the EFFs terms-of-service tracker.

[3] is one example of a nascent attempt at such a tool.


Posted by Elvis on 01/15/18 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Page 1 of 1 pages


Total page hits 7916201
Page rendered in 1.4881 seconds
40 queries executed
Debug mode is off
Total Entries: 3088
Total Comments: 337
Most Recent Entry: 02/14/2018 12:29 pm
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 6
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am

Email Us


Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

Imagination is more important than knowledge. - Albert Einstein


Advanced Search



January 2018
 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Must Read

Most recent entries

RSS Feeds

Today's News

External Links

Elvis Picks

BLS Pages


All Posts



Creative Commons License

Support Bloggers' Rights