Well this is bad.
Earlier in November, a report out of Germany claimed the popular Web of Trust (WoT) browser add-on was selling its users’ browser histories to third-parties without properly anonymizing the data, resulting in the personal identification of Web of Trust users. There was also some debate over whether the company behind WoT (WOT Services) properly informed its users of data collection actions performed by the extension.
Web of Trust’s web of trust was broken. Following the German-language report, Mozilla yanked Web of Trust from Firefox’s add-on catalog. On Sunday, WoT voluntarily pulled down its add-on from the extension libraries of all others browser, including Chrome and Opera.
It’s not clear when WoT plans to reintroduce its add-on to all the various browsers it previously supported, including Chrome, Firefox, Internet Explorer, Opera, Safari, and others.
The impact on you at home: If you’re currently using WoT in your browser, it’s probably a good idea to manually uninstall it. WoT believes the problem of non-anonymous data leakage to third parties affected only “a very small number of WOT users.” Nevertheless, until WoT has figured out how to correct this problem the add-on just isn’t worth the risk of having your data leaked to third parties.
What is Web of Trust?
Before the privacy revelations, Web of Trust was a popular browser add-on that PCWorld has even recommended on several occasions. The free WoT extension rates sites based on their trustworthiness using crowdsourced data. The add-on employs a simple green, yellow, and red rating system, with red meaning the site has a poor reputation. The idea is that the rating system—and warning boxes that appear when you land on a red-rated site—keeps you safe from scam sites or sites loaded with potential malware.
As with many free services created by a private company, WoT needed a way to make money. The way WoT chose to do this was by collecting usage data from its users (browsing history in this case), anonymizing it (or at least claiming to), and then selling that usage data to firms looking to analyze large data sets.
The problem was that at least some of the data WoT was passing on wasn’t anonymized. German-language reporters for Norddeutscher Rundfunk (NDR) were able to take a small set of WoT information and personally identify more than 50 users. The “anonymized” data included, for example, email addresses that were embedded in some of the URLs passed on to third parties, making it trivial to figure out who the users were. The browsing histories also allowed the researchers to figure out the sexual preferences and phone numbers of some users, among other personal details.
As a result of NDR’s discoveries WoT says it is conducting a “full security assessment and review” and will overhaul the company’s “data ‘cleaning’ process” for anonymizing usage data sold to third parties. You can check out WoT’s full statement on its user forums.
WoT might become a trustworthy service again in the future. But for now it’s probably best to stay away from this extensio—and maybe conduct an evaluation of all your browser add-ons.