1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

'Web of Trust' Browser Extension Cannot Be Trusted

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Nov 16, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    The 'Web of Trust' Browser Extension Cannot Be Trusted

    "The popular browser extension busted selling very detailed information about you to third parties"

    Not all browser extensions can be trusted, though, and an investigation by German TV channel NDR has uncovered a serious breach of privacy by the Web of Trust (WOT) service, which over 140 million Web surfers trust to help keep them safe online.

    WOT has been around since 2007 and claims to be a "Safe Web Search & Browsing" service. What that boils down to is a website reputation and review system fueled by crowdsourcing. Users can view ratings on a per-site basis for trustworthiness and child safety or rate sites themselves.

    It sounds like a clever way to check whether your favorie sites visit can be trusted. However, the WOT service itself is far from trustworthy.

    The NDR investigation discovered that while you have the WOT extension installed, extensive data collection is going on in the background. But WOT not only collects and records data on a per-user basis, it then analyzes and sells it on to third parties.

    The WOT Privacy Policy states that your IP, geographic location, device type, operating system, browser, the date and time, Web addresses, and overall browser usage are all collected, but that it is "non-identifiable."

    But NDR found that it was a simple task to link the anonymized data to individual users of the service. The data retrieved included:

    Account name
    Mail address
    Travel plans
    Illnesses
    Sexual preference
    Drug consumption
    Confidential company information
    Ongoing police investigations
    Browser surfing activity including all sites visited


    This information was pulled from a small data sample accounting for around 50 users. Now imagine having access to data for all 140 million users and you can see why this is of huge concern.

    Spiegel Online reports that Mozilla has already removed the WOT extension from its Firefox Add-ons page due to guideline violations. It seems likely other software that supports WOT will follow. Anyone currently using the WOT extension should seriously consider whether they wish to continue doing so. WOT also has a mobile app, which won't be immune to this data collection.

    http://www.pcmag.com/news/349328/web-of-trust-browser-extension-cannot-be-trusted
     
    • Thanks Thanks x 1
  2. shanna_doll

    shanna_doll Power Member

    Joined:
    Apr 10, 2012
    Messages:
    654
    Likes Received:
    324
    Location:
    Bosnia and Herzegovina
    I am glad to see downfall of WOT. WOT is nothing but a circlejerk of idiots who pump up sites of each other and shit on other websites' reputation when there is no reason whatsoever.

    It's a shitty community that's not helping Internet users at all.
     
  3. Joseph Lich

    Joseph Lich BANNED BANNED

    Joined:
    Nov 25, 2015
    Messages:
    402
    Likes Received:
    79
    Spies are everywhere. They go deep into and embed in our livers.
     
  4. AceWallGromit

    AceWallGromit Regular Member

    Joined:
    Jul 23, 2016
    Messages:
    375
    Likes Received:
    255
    Location:
    Canada
    [​IMG]
     
    • Thanks Thanks x 2
  5. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    you can try this instead,

    Features:
    Real Time: TrafficLight scans the pages you visit for malware and phishing attempts each and every time you access them to avoid the threat of legitimate but recently compromised websites.

    Precise: TrafficLight won't block an entire website if just some pages within are malicious. Only the potentially harmful elements are blocked, leaving you free to view the rest of the site if you so choose.

    Unintrusive: TrafficLight does not add a toolbar to your already-cluttered browser interface. Its interface remains invisible until your input is needed or it's called up with a simple mouse gesture.

    Search Results: TrafficLight flags malware and fraudulent websites in search results. It also detects suspicious links on your Facebook wall and Twitter feed, and blocks them.

    Tracker Revealer: Trackers are code snippets included in web site pages to track and analyze your browsing behavior. TrafficLight quickly identifies and lists them.

    https://addons.mozilla.org/en-US/firefox/addon/trafficlight/
     
  6. Winston_

    Winston_ BANNED BANNED

    Joined:
    Jul 9, 2016
    Messages:
    41
    Likes Received:
    11
    Gender:
    Male
    I have an alternative to TrafficLight.
     
  7. pressrelease

    pressrelease Power Member

    Joined:
    Jan 6, 2016
    Messages:
    676
    Likes Received:
    241
    Location:
    Disneyland
    good, its finally going to die.
     
  8. Zhuk_Roman

    Zhuk_Roman Registered Member

    Joined:
    Jul 14, 2016
    Messages:
    50
    Likes Received:
    14
    Gender:
    Male
    Home Page:
    Such a classical case..
     
  9. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
  10. JustUs

    JustUs Power Member

    Joined:
    May 6, 2012
    Messages:
    626
    Likes Received:
    588
    Old words of wisdom: If you don't pay for the product, then you are the product.

    New words of wisdom: even if you pay for the product, you are still the product.
     
  11. Winston_

    Winston_ BANNED BANNED

    Joined:
    Jul 9, 2016
    Messages:
    41
    Likes Received:
    11
    Gender:
    Male
    Facebook debunked my little trick:
    I uploaded an ID image downloaded from the web, pretending it's me;
    How the hell fb knew this?
    Code:
    Hi ,
    
    We've asked you to verify your identify because it looks like you may have multiple accounts or may not be using your authentic identity.
    
    If you've already tried to log in to Facebook and followed the instructions, but weren't able to verify your identity, please reply to this email and attach an image of your government-issued photo ID to the message. You can use a scanner or take a photo of your ID.
    
    If you don't have a government-issued photo ID, you can also send us 2 different forms of ID (ex: school ID, credit card) that both show the same name. One of the IDs must also include a photo or date of birth that matches the information on your Facebook profile.
    
    If you don’t have an ID that shows the name you use in real life and your photo or date of birth, you can provide 2 forms of ID that show the same name and a government ID that includes a date of birth or photo that matches the information on your profile.
    
    Learn more about the different types of IDs we accept in the Help Center:
    
    https://www.facebook.com/help/159096464162185?ref=cr
    
    Please note that we won't be able to process your request unless you've submitted an accepted form of ID.
     
    View updates from your Support Inbox: https://fb.me/xxxxxxxxxxxxxxx
    
    Thanks,
    The Facebook Team
     
  12. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    this also describes TV - the viewer is sold to the advertisers.
     
  13. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,427
    Likes Received:
    8,126
    Haha pretty funny they basically got busted doing exactly what they claim to be hoping people to avoid.
     
  14. Winston_

    Winston_ BANNED BANNED

    Joined:
    Jul 9, 2016
    Messages:
    41
    Likes Received:
    11
    Gender:
    Male
    I think the reason is: I uploaded a gril's ID; and fb doesn't like me camouflage as a disguising pussy under their nose.