Browser extensions have become a standard part of the most popular browsers and essential part of our lives for surfing the Internet.
But not all extensions can be trusted.
One such innocent looking browser add-on has been caught collecting browsing history of millions of users and selling them to third-parties for making money.
An investigation by German television channel NDR (Norddeutscher Rundfunk) has discovered a series of privacy breaches by Web Of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online.
Web of Trust has been offering a "Safe Web Search & Browsing" service since 2007. The WOT browser extension, which is available for both Firefox and Chrome, uses crowdsourcing to rate websites based on trustworthiness and child safety.
However, it turns out that the Web of Trust service collects extensive data about netizens’ web browsing habits via its browser add-on and then sells them off to various third party companies.
What’s extremely worrying? Web of Trust did not properly anonymize the data it collects on its users, which means it is easy to expose your real identity and every detail about you.
However, NDR found that it was very easy to link the anonymized data to its individual users.
The reporters focused on just a small data sample of around 50 WOT users, and were able to retrieve a lot of data, which included:Account name
Confidential company information
Ongoing police investigations
Browser surfing activity including all sites visited
This data belonged to just 50 users, and WOT has more than 140 Million users. From here, you can imagine why the whole matter is of huge concern.
Mozilla has already removed the WOT extension from Firefox Add-ons page, and WoT, in turn, removed the extension from the Chrome Web Store as well.
For the user browsing data used to enable WOT website reputation service, we intend to provide users the ability to opt-out of having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.
For people who agree to let us use their browsing data to support WOT, we will implement a complete overhaul of our data ‘cleaning’ process, to optimize our data anonymization and aggregation objectives to minimize any risk of exposure for our users.
For now, anyone using the WOT extension is strongly recommended to immediately uninstall the extension right now. WOT also has a mobile app that will not be immune to this data collection.