Forum Discussion

knerkin2's avatar
knerkin2
Freshman
9 years ago

FYI: 'Web Of Trust' Browser Add-On Caught Selling Users' Data — Uninstall It Now

An investigation by German television channel NDR (Norddeutscher Rundfunk) has discovered a series of privacy breaches by Web Of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online.

Web of Trust has been offering a "Safe Web Search & Browsing" service since 2007. The WOT browser extension, which is available for both Firefox and Chrome, uses crowdsourcing to rate websites based on trustworthiness and child safety.

However, it turns out that the Web of Trust service collects extensive data about netizens' web browsing habits via its browser add-on and then sells them off to various third party companies.

What's extremely worrying? Web of Trust did not properly anonymize the data it collects on its users, which means it is easy to expose your real identity and every detail about you.

The WOT Privacy Policy states that your IP address, geo-location, the type of device, operating system, and browser you use, the date and time, Web addresses, and browser usage are all collected, but they are in "non-identifiable" format.

However, NDR found that it was very easy to link the anonymized data to its individual users.

The reporters focused on just a small data sample of around 50 WOT users, and were able to retrieve a lot of data, which included:
  • Account name
  • Mailing address
  • Shopping habits
  • Travel plans
  • Possible illnesses
  • Sexual preferences
  • Drug consumption
  • Confidential company information
  • Ongoing police investigations
  • Browser surfing activity including all sites visited
This data belonged to just 50 users, and WOT has more than 140 Million users. From here, you can imagine why the whole matter is of huge concern.

[reproduced from The Hacker News]
  • Gwalk900's avatar
    Gwalk900
    Honorary Alumnus

    WOT responded with:


    Dear users,

    Thank you for your patience. We apologize for our delayed public reply and any anxiety this incident has caused. It has taken us some time to understand what has happened and how best to ensure we protect our users.

    We take our obligations to you very seriously. While we deployed great effort to remove any data that could be used to identify individual users, it appears that in some cases such identification remained possible, albeit for what may be a very small number of WOT users.

    Of course, if the data allows the identification of even a small number of WOT users, we consider that unacceptable, and will be taking immediate measures to address this matter urgently as part of a full security assessment and review.

    Additionally, after Mozilla notified us that they were removing the WOT add-on from their store (pending responses to a set of questions / proposed changes they sent to us), we voluntarily removed the WOT add-on from all other platforms, including the Chrome store, in order to resolve this matter properly and comprehensively.

    To that end, we are taking the following steps:

    * Reviewing our privacy policy to determine which changes need to be made in order to enhance and ensure that our users privacy rights are properly addressed.
    * For the user browsing data used to enable WOT's website reputation service, we intend to provide users the ability to opt-out from having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.
    * For people who agree to let us use their browsing data in order to support WOT, we will implement a complete overhaul of our data 'cleaning' process, to optimize our data anonymization and aggregation objectives to minimize any risk of exposure for our users.

    We will spend the coming weeks making the changes to WOT which will ensure we are back on the right track. You, our community of users are the real power behind WOT and we will continue serving you as such.

    Yours,

    --- MyWOT Team


    Source:

    https://www.mywot.com/en/forum/70818-to-the-wot-community


    In addition to the obvious privacy concerns we also have to consider the "data leak" the this entails .... more data being used by a background process.


    There are also reports that graphic card/chip maker Nvidia is collecting "telemetry":


    An anonymous reader shares a report on Ghack: Telemetry -- read tracking -- seems to be everywhere these days. Microsoft pushes it on Windows, and web and software companies use it as well. While there is certainly some benefit to it on a larger scale, as it may enable these companies to identify broader issues, it is undesirable from a user perspective. Part of that comes from the fact that companies fail to disclose what is being collected and how data is stored and handled once it leaves the user system. In the case of Nvidia, Telemetry gets installed alongside the driver package. While you may customize the installation of the Nvidia driver so that only the bits that you require are installed, there is no option to disable the Telemetry components from being installed. These do get installed even if you only install the graphics driver itself in the custom installation

     dialog.Further reading on MajorGeeks.


    https://yro.slashdot.org/story/16/11/07/1427257/nvidia-adds-telemetry-to-latest-drivers


    It looks like the "leaks" are turning into a flood.







  • BirdDog's avatar
    BirdDog
    Assistant Professor
    Honestly never heard of it but thanks for the heads up!
  • At least they have gotten ahead of this debacle. Thanks for the info guys
  • BirdDog's avatar
    BirdDog
    Assistant Professor
    Now I'm upset, I use Nvidia graphics. Big Brother has arrived but it seems it is corporations doing even more than governments.
  • Gwalk900's avatar
    Gwalk900
    Honorary Alumnus

    Nvidia here also.

    I slammed the door on all Widows updates for most of my remaining MS OS's about a year ago. The same really with driver updates ... if its not broke don't fix it.

    I do keep up to date updates for browsers, A/V and anti-malware but I find myself using my Linux based machines more and more.

    Its a jungle out there.


  • BirdDog's avatar
    BirdDog
    Assistant Professor
    I'm sick of all the hoops have to jump through just to lock down the OS these days, now even drivers are doing telemetry. Gobsmacked, just gobsmacked!

    Come'on HughesNet are you guys doing anything we should know about? I think there are laws against ISP's doing it. Aren't there, I hope so anyway.