Browser extensions have become an essential part of surfing the Internet. They add security, useful extra features, and act as a testing ground for functionality that may eventually become a standard part of the most popular browsers.
Not all browser extensions can be trusted, though, and an investigation by German TV channel NDR has uncovered a serious breach of privacy by the Web Of Trust (WOT) service, which over 140 million Web surfers trust to help keep them safe online.
WOT has been around since 2007 and claims to be a "Safe Web Search & Browsing" service. What that boils down to is a website reputation and review system fueled by crowdsourcing. Users can view ratings on a per-site basis for trustworthiness and child safety or rate sites themselves.
It sounds like a clever way to check whether your favorie sites visit can be trusted. However, the WOT service itself is far from trustworthy.
The NDR investigation discovered that while you have the WOT extension installed, extensive data collection is going on in the background. But WOT not only collects and records data on a per-user basis, it then analyzes and sells it on to third parties.
The WOT Privacy Policy states that your IP, geographic location, device type, operating system, browser, the date and time, Web addresses, and overall browser usage are all collected, but that it is "non-identifiable." But NDR found that it was a simple task to link the anonymized data to individual users of the service. The data retrieved included:
- Account name
- Mail address
- Travel plans
- Illnesses
- Sexual preference
- Drug consumption
- Confidential company information
- Ongoing police investigations
- Browser surfing activity including all sites visited
This information was pulled from a small data sample accounting for around 50 users. Now imagine having access to data for all 140 million users and you can see why this is of huge concern.
Spiegel Online reports that Mozilla has already removed the WOT extension from its Firefox Add-ons page due to guideline violations. It seems likely other software that supports WOT will follow. Anyone currently using the WOT extension should seriously consider whether they wish to continue doing so. WOT also has a mobile app, which won't be immune to this data collection.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
