According to a report from the German television channel NDR, Web of Trust, one of the top privacy and security extensions out there, collects and sells a bunch of data about your browsing habits and doesn’t anonymise it properly. If you have it installed, it’s best to uninstall it right now.
Web of Trust is a browser extension for Firefox and Chrome that uses crowdsourcing to rate sites based on trustworthiness and child safety. It turns out that it also collects a bunch of data about your browsing habits, then sells it off to various third party companies. This alone isn’t terribly abnormal, but it turns out that Web of Trust did not anonymise that data very well, which means it’s easy to identify who are you. Web of Trust collected a lot of data, including mailing addresses, travel plans and possible illnesses (basically anything you searched for). The initial NDR report only focused on a small data sample of around 50 users, but the problem’s big enough that Mozilla responded by removing the add-on from their store, and WoT in turn removed the extension from the Chrome Web Store.
In a statement from WoT, they don’t really do much to shore up the issues, claiming that they’re taking these steps:
- For the user browsing data used to enable WOT’s website reputation service, we intend to provide users the ability to opt-out from having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.
- For people who agree to let us use their browsing data in order to support WOT, we will implement a complete overhaul of our data ‘cleaning’ process, to optimise our data anonymization and aggregation objectives to minimise any risk of exposure for our users.