An investigation has uncovered a serious breach of privacy by Web of Trust (WoT), a Finnish firm that specialises in a browser add-on for secure web browsing.
The findings have already prompted Mozilla to remove the WoT add-on from its store. Following that, the firm voluntarily removed the WoT add-on from all other platforms, including the Chrome and Opera store.
Web of Trust (WoT) is essentially a website review and reputation service that since 2007 has been helping people make informed decisions about whether to trust a website or not.
It has been downloaded over 140 million times, and is a popular browser add-on for Firefox, Google Chrome, Opera and Internet Explorer. It uses a crowdsourcing approach to rate websites based on trustworthiness and child safety.
But the German TV channel NDR discovered some worrying privacy issues with WoT.
Firstly it seems that WoT has been collecting the browsing history of its millions of users and has been selling this data to third parties.
This is in direct violation of WoT’s own privacy policy.
That policy does admit that the firm collects the user’s IP address, geo-location, the type of device, operating system, and browser, as well as the date and time, web addresses, and browser usage. But it said that this data in stored in a “non-identifiable” format.
However the NDR investigation found it was very easy to link the anonymised data to its individual users.
For example, the investigators, using the sample data from just 50 WoT users, were able to identify a raft of high personal information including the account name, mailing address, shopping habits, travel plans, possible illnesses, sexual preferences, drug consumption, confidential company information, ongoing police investigations, and finally the entire browser surfing activity including all the websites visited.
WoT has promised a ‘complete overhaul’ of its data cleaning process, but only for those users whose data it uses.
“We take our obligations to you very seriously,” it said in a statement. “While we deployed great effort to remove any data that could be used to identify individual users, it appears that in some cases such identification remained possible, albeit for what may be a very small number of WOT users.”
The firm said it was now reviewing its privacy policy to determine which changes need to be made; and will give users the ability to opt out from the data stored in its database.
It said those people who opt to continue to allow WoT to use their browsing data, “we will implement a complete overhaul of our data ‘cleaning’ process, to optimize our data anonymisation and aggregation objectives to minimise any risk of exposure for our users”.
“We will spend the coming weeks making the changes to WOT which will ensure we are back on the right track,” it added.
It now remains up to WoT users to decide whether to trust the firm, or uninstall the add-on completely.
Mozilla last week also disabled an API in Firefox over concerns it could be used to track users. It said it had disabled the ability of websites to access the Battery Status API in Firefox 52, after warnings from security researchers that the feature could allow the user to be tracked.
Think you know all about online privacy? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…