Web of Trust – no longer worthy of your trust

by
Play

Millions of people use the service called “Web of Trust”. It’s a crowdsourced process that is supposed to tell you if a website you’re about to click on is trustworthy or malicious, based on the input of the other Web of Trust users. Recently, information has been uncovered about Web of Trust that indicates this service itself is not to be trusted.

web of trust logo

I tried Web of Trust a while ago but stopped using it after a short time. However, I know a lot of people do use it.

The theory behind it is good. It’s based on a large group of people, pooling their information. If you visit a website and find that it pops up a fake virus alert, or tries to sneak software on to your computer, you can give it a negative rating in the Web of Trust browser extension database. Presumably, lots of other people are doing the same thing with websites they visit.

So when you do a Google search and you see all the search results listed there waiting for you to click on them, each one of them has the little Web of Trust indicator right next to it, telling you if other users have determined it’s safe to click through, or a site that should be avoided.

As I mentioned, this is a great idea in theory. The problem comes up when there are humans involved, and they get tempted by cash. It appears that this is what has happened with WOT.

Web of Trust claims that their browser extension has been downloaded by over 140 million users:

web of trust claims 140 million users

 

When a database is that large, it is very attractive to companies that want to target those users with advertising. Web of Trust was clear up front that some information about users was collected, but that it was collected anonymously. That information included geographic location, websites visited, computer operating system, IP address and other details.

But it turns out that linking that data to individual users of the WOT service was very simple to do. This means Web of Trust users could have a lot of private information divulged about them, including:

  • confidential information about work
  • future travel plans
  • medical history
  • sexual preference
  • use of drugs
  • criminal investigations
  • mailing address

Not good! Think about how valuable it would be to have that kind of specific information for 140 million people. From what we can tell, WOT could not just keep it to themselves. They sold this information (which could then be connected to specific individuals) to third parties.

When confronted with this, Web of Trust responded with a statement that really didn’t do much. The statement said they are taking the following steps:

  • Reviewing our privacy policy to determine which changes need to be made in order to enhance and ensure that our users privacy rights are properly addressed.
  • For the user browsing data used to enable WOT’s website reputation service, we intend to provide users the ability to opt-out from having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.
  • For people who agree to let us use their browsing data in order to support WOT, we will implement a complete overhaul of our data ‘cleaning’ process, to optimize our data anonymization and aggregation objectives to minimize any risk of exposure for our users.

That’s fine, but it’s probably too late for that. Trust is earned, and it’s not easy to recover once it’s lost. I recommend that you uninstall the Web of Trust browser extension.

listen to my podcast in iTunes

Share this post