Web of Trust services have been compromised.

As a result of the investigation of the journalists of the German public broadcaster NDR, it turned out that the Web of Trust service was selling the collected data about its users to third parties. What is Web of Trust? Faced with a site that you don’t know, you risk losing your personal data, finances, or you may accidentally become a victim of malicious software distributed from such a site. To prevent such a situation, you can use any existing rating sites that even before going to an unknown page will tell you whether you can trust it.

The Web of Trust ratings (literally, “trust network”) are based on the opinions of many users about a specific resource (exaggerating, can be explained as follows: the red rating reports that the resource is extremely dangerous, the green - that the resource is useful, the yellow rating - with a resource that Something not right, low-popular or new sites are indicated by a transparent icon).

The simplest example of use: it is enough for your elderly parents to explain that you can only go to sites with a green rating, and the problems with their computer on your head will fall much less.

What happened to the Web of Trust? According to information from Svea Eckert, Jasmin Klofta and Jan Lukas Strozyk, journalists through a front company, allegedly specializing in processing Big Data, were able to access data from three million site visits by German users. As it turned out, the data was collected using Web of Trust. The information was provided to a front company as a free trial sample - in fact, much more is available. According to the materials received, journalists were able to deanonimize about 50 people (diseases, sexual preferences, information about police investigations and drug use are mentioned as disclosed data).
')
Information about the sale of Web of Trust data was published on German-speaking resources as early as November 1, but the response of the Web of Trust spokesman appeared only on November 3 : Web of Trust promised to take measures to protect its users if there were any instances of non-anonymous information transfer. At the same time, the press secretary emphasized that the transfer of anonymous information about the Web of Trust user to third parties is mentioned in the user agreement :

"It can be made up of the use of the WOT Utilities (" Non-Personal Information "). Non-Personal Information is collected. ”.

For the sake of interest, let us turn to the official Russian-language version of the agreement (although it is clearly abbreviated): “WOT Services can save impersonal statistical information (containing no personal information),” there is no mention of the possibility of passing this information to third parties.


In conclusion, you can read an article in German about what the Web of Trust plugin sends to its servers. Its author does not recommend using Adblock Plus with Ghostery ( accusations against Ghostery are frequent ) and says that many extensions from the Google Chrome directory may collect information about you.

What is the result? At the moment, Web of Trust extensions are not available in the Mozilla and Google Chrome directories, and the Web of Trust application has been removed from the Play Market. Users are advised to manually remove Web of Trust add-ons from their browsers.

Update : when analyzing an add-on in its code, a backdoor was discovered that allows you to download a malicious script running with add-on rights .

PS I have been using the Web of Trust for the last seven years (in the process of writing this article in my head I even had an idea to put a negative rating on their site and write a corresponding comment).

Alternatively, you can use similar services from antivirus vendors, for example, McAfee , Norton, or Avast (I haven't used it yet, I can't recommend anything). In the comments, you can share your experience with the use of extensions rated websites.