Author Topic: WOT (Web Of Trust) privacy scandal  (Read 18155 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9343
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
WOT (Web Of Trust) privacy scandal
« on: November 02, 2016, 11:21:15 PM »
https://rejzor.wordpress.com/2016/11/02/web-of-trust-wot-privacy-scandal/

I'm not going to copy all the data here, you can read it on my blog with all the external original links and news. WOT is quite popular here if I remember correctly and I thought people will be interested in reading this...

I've now turned to avast! Online Security as primary rating tool. I really miss saving of existing ratings and comments with avast!, but it has other goodies and at least avast! team is more open when privacy concerns are raised.
Visit my webpage Angry Sheep Blog

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3661
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: WOT (Web Of Trust) privacy scandal
« Reply #1 on: November 02, 2016, 11:36:19 PM »
Personally I have never used WOT, Avast rating or any other rating tool, except for testing.
As I don't think user ratings/opinions add anything significant to a good configured security setup.

Greetz, Red.
OS: Win 10 / Debian / Tails / iOS
Real Time: Avast Free
VPN: NordVPN ( NordLynx ) with Cybersec

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: WOT (Web Of Trust) privacy scandal
« Reply #2 on: November 02, 2016, 11:43:14 PM »
Almost no user has a clue what he is talking about when it comes to security and things like that.
And since comments are not checked for accuracy, you can say they are worthless.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9343
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: WOT (Web Of Trust) privacy scandal
« Reply #3 on: November 02, 2016, 11:45:58 PM »
Maybe so, but I found it to be interesting resource. Individual comments maybe didn't mean much, but you could often see a trend and then form your own opinion.
Visit my webpage Angry Sheep Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83532
  • No support PMs thanks
Re: WOT (Web Of Trust) privacy scandal
« Reply #4 on: November 03, 2016, 12:34:59 AM »
I too used it, not as a slavishly following its rankings, but as guidance.

But that has now ended.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Re: WOT (Web Of Trust) privacy scandal
« Reply #5 on: November 03, 2016, 12:38:28 AM »
Hi RejZor,

Big thing with WOT canvas fingerprinting and selling your profile to the highest bidder.
Is not Ghostery just doing the same and loads of others. Difference they are upfront about it.

Only sin for WOT was they forgot to mention it in their eula. (vanished from their 2011 add-on edition).

Who was there first and no-one reacted? Wasn't that and isn't that  Big Data-slurper  nr. 1, Google,
and who moans about Facebook's ridiculous 'polycor' censorship? Too big to fail?
(without any rules nor even trying to defend their policies).

I know there is a big Russian userbase out there on WOT, and isn't that again the "Big Evil Empire" now?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Re: WOT (Web Of Trust) privacy scandal
« Reply #6 on: November 03, 2016, 01:18:47 AM »
RejZor is right however about the 100% insecure tracking there.
100% of the trackers on this site could be protecting you from NSA snooping. Tell mywot.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

6142544 api.mywot.com

And for my.WOT your also dependant on CloudFlare security (a service that I cannot and won't trust fully with e2e):
Unique IDs about your web browsing habits have been securely sent to third parties.

 wXw.mywot.com authid
d00b1cddd5a06799XXXXXXXXXXf85dd281476740859  cdnjs.cloudflare.com __cfduid (anonymized by me - pol)

And the canvas fingerprinting: CanvasFingerprintBlock
Blocked 1 potential HTML canvas fingerprinting attempt on this page
Prevented a script on -https://www.mywot.com from capturing the following 32px × 32px canvas (via toDataURL):

And just as I thought, here they are shown to be security dilletants, a meagre F-Status  ::)
Re: https://sritest.io/#report/a25ada39-6bff-4513-8b6c-eca48f5096e6

Scripts 2 issues
Tag   Result
<script type="text/javascript" src="-https://cdn-cf.mywot.net/files/js/a62c3c71189e6e035766d20b917784f1.js"></script>    Missing SRI hash
<script src="-https://cdnjs.cloudflare.com/ajax/libs/bxslider/4.2.5/jquery.bxslider.min.js"></script>    Missing SRI hash

Stylesheets 2 issues
Tag   Result
<link rel="stylesheet" href="-https://cdn-cf.mywot.net/files/css/7ed1941a63bcf84b0aa89e6644c3fc26.css" type="text/css" media="all">    Missing SRI hash
<link href="-https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic&amp;subset=latin,latin-ext" rel="stylesheet" type="text/css">    Missing SRI hash

And almost ashamed to present these mediocre results F-I-C-I-X with a few A's in between:
https://observatory.mozilla.org/analyze.html?host=www.mywot.com

RejZoR, the facts are in your favor, man. It's a drama, I have to admit.... :'(

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66005
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Re: WOT (Web Of Trust) privacy scandal
« Reply #8 on: November 03, 2016, 02:34:57 PM »
Hi Asyn,

WOT has now been catched almost red-handedly to do this. But Mike Kuketz says Ghostery is probably into this too and they are known to even ask their extension user permission to do this on installing the extension.
I see that it is a wide-spread issue on mobile platforms, think of AdMob and MoPub collecting location information and device or mobile network information, seems all Avast apps are AdMob driven now.

So I wonder how many of our Google Chrome extension api's are "kosher" or "hallal" in this respect.
There is a lot of temptation out there for developers and owners of extensions and it is all about big money.

Again the controversy around WOT never went away and was there from the start.
Read: https://forums.malwarebytes.org/topic/107753-web-of-trust-trusted/

It is the api that is spying on you too. Just install Nirsoft's WebCookieSniffer and you get an api.mywot.com cookie with authid, a session id cookie and  like Kuketz told a language cookie, and all of them are user identifiable. So first thing that happens when I start WebCookieSniffer is an api.mywot.com cookie is being set for all of my existing browsing session.
This is much as what Kuketz describes in a nutshell.

It is not unique as all extensions in Google Chrome are worked that way going first to https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js.
This is so for instance with DrWeb's URL checker .

There DrWEb is not involved,Google does this and whenever Google cannot do this,
the extensions are not allowed to be on their platform and are thrown out because of some dreamt-up violation of terms.

So actually we have to get accustomed to this situation going on behind our backs all of the time,
 and that there is no escape from this really

Now poor fanboyish WOT is being put into the hall of shame, when almost all and every Google or firefox extension/add-on,
for that matter is into this game in one way or another.

Sad, but it is the situation we have, we can no longer get away from this behavior
or are being asked to fill out CloudFlare captcha's all the time working tor or orbot to prove wer'e human sheeplings,
as RejZoR always so aptly classifies us as human beings.

polonus

 
« Last Edit: November 03, 2016, 02:38:33 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43869
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: WOT (Web Of Trust) privacy scandal
« Reply #9 on: November 03, 2016, 03:33:18 PM »
Don't tell me your still crying about a lack of privacy ???
Remember, there isn't any privacy.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Re: WOT (Web Of Trust) privacy scandal
« Reply #10 on: November 03, 2016, 04:17:49 PM »
Hi bob3160,

You are so right there, bob3160.

Again there is more to it, than we might think at first hand.
But we really should make people aware.

These extensions are a marvellous way of drawing you further into the so-called "Internet Bubble", like Pokemon Go etc.

With this "Internet Bubble" we mean that, whenever you expose yourself to services that get more and more of your profile,
you risk being more and more "fenced in" by your Internet surfing history and habits.

Google for instance knows exactly how to do this.
They turned it into a real science, and the final conclusion should be that anyone profits from it -but you, as you are the product.
You make think otherwise. You are wrong again.

By getting to know more and more specifics about your Internet profile, they will more and more confront you with what you already think about yourself.

More and more of your own preferences and likings are "mirrored back" to you to get you hooked into that tunnel vision of yourself further.

And so you may loose sight on what is outside, and that may just be what they want you to do.
That way you only pay attention to issues, that they want you to watch out for,
and you might miss what they do not want you to see.

Try to use a search engine that does not profile you like Duch duck go.
Send an old-fashioned card again once in a while.
Read an online e-book.
Oh, ...... and turn that screen resolution somewhat down at night in the bedroom,
you may sleep better!

polonus
« Last Edit: November 03, 2016, 04:20:23 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66005
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: WOT (Web Of Trust) privacy scandal
« Reply #11 on: November 04, 2016, 01:16:37 PM »
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43869
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: WOT (Web Of Trust) privacy scandal
« Reply #12 on: November 04, 2016, 01:42:13 PM »
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
It's still available for Mobile devices. Wonder if that also sells your browsing history ???
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 66005
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: WOT (Web Of Trust) privacy scandal
« Reply #13 on: November 04, 2016, 01:48:42 PM »
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
It's still available for Mobile devices. Wonder if that also sells your browsing history ???
I wouldn't take a chance Bob. ;)
Win 8.1 [x64] - Avast PremSec 20.7.2421.B#1 [UI.544] - CC 5.70 - EEK - FF ESR 68.11 [NS/AOS/uBO/PB] - TB 68.11 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43869
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: WOT (Web Of Trust) privacy scandal
« Reply #14 on: November 04, 2016, 02:11:09 PM »
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
It's still available for Mobile devices. Wonder if that also sells your browsing history ???
I wouldn't take a chance Bob. ;)
My recommendation is to remove it if you have it. Not to consider it if it's not currently installed.
http://bob3160.blogspot.com/2016/11/11-3-2016-wot-web-of-trust-not-so.html
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq