German national broadcaster NDR recently released the results of an investigation by in-house journalists claiming that the WOT (Web of Trust) browser extension collects, records, analyzes and sells user-related browser data to third-parties. Apparently, the data obtained was traceable to WOT and could be assigned to specific individuals, despite WOT’s claim that they anonymize user data. <source>
- Your Internet Protocol Address
- Your geographic location
- The type of device, operating system and browsers you use
- Date and time stamp
- Browsing usage, including visited web pages, clickstream data or web address accessed
- Browser identifier and user ID
As a result, both Firefox and Google have pulled the popular add-on and it is no longer available from the Firefox add-on repository or the Google Chrome Web Store.
According to German newspaper FAZ, Mozilla told them: “Mozilla removes browser extensions when we find that extensions violate our policies for add-ons. We’ve received complaints about Web of Trust, which are related to how transparent the add-on works.”
The Company Behind WOT
One of the most disturbing aspects of this situation is the unclear nature of WOT’s ownership. WOT Services was founded in 2006 by Sami Tolvanen and Timo Ala-Kleemola who both left the company in 2014. Since then, its ownership history is somewhat convoluted. According to Wikipedia: “In 2015, WOT Services officially changed its name to TOW Software, and finally ceased operations in June 2016. While the service still operates, its current ownership is unclear and not disclosed on the website“.
I seriously doubt this practice is confined to WOT alone and suspect that many extensions/add-ons are guilty of similar behavior. However, in WOT’s case – Web of TRUST – the irony is palpable.