Browser extensions have become a standard part of the most popular browsers and essential part of our lives for surfing the Internet.
But not all extensions can be trusted.
One such innocent looking browser add-on has been caught collecting browsing history of millions of users and selling them to third-parties for making money.
An investigation by German television channel NDR (Norddeutscher Rundfunk) has discovered a series of privacy breaches by Web Of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online.
Web of Trust has been offering a “Safe Web Search & Browsing” service since 2007. The WOT browser extension, which is available for both Firefox and Chrome, uses crowdsourcing to rate websites based on trustworthiness and child safety.
However, it turns out that the Web of Trust service collects extensive data about netizens’ web browsing habits via its browser add-on and then sells them off to various third party companies.
What’s extremely worrying? Web of Trust did not properly anonymize the data it collects on its users, which means it is easy to expose your real identity and every detail about you.
However, NDR found that it was very easy to link the anonymized data to its individual users.
The reporters focused on just a small data sample of around 50 WOT users, and were able to retrieve a lot of data, which included:
- Account name
- Mailing address
- Shopping habits
- Travel plans
- Possible illnesses
- Sexual preferences
- Drug consumption
- Confidential company information
- Ongoing police investigations
- Browser surfing activity including all sites visited
This data belonged to just 50 users, and WOT has more than 140 Million users. From here, you can imagine why the whole matter is of huge concern.
Mozilla has already removed the WOT extension from Firefox Add-ons page, and WoT, in turn, removed the extension from the Chrome Web Store as well.
In a statement, WOT said “we take our obligations to you very seriously. While we deployed great effort to remove any data that could be used to identify individual users, it appears that in some cases such identification remained possible, albeit for what may be a very small number of WOT users,” claiming that they are taking these steps:
- For the user browsing data used to enable WOT website reputation service, we intend to provide users the ability to opt-out of having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.
- For people who agree to let us use their browsing data to support WOT, we will implement a complete overhaul of our data ‘cleaning’ process, to optimize our data anonymization and aggregation objectives to minimize any risk of exposure for our users.
For now, anyone using the WOT extension is strongly recommended to immediately uninstall the extension right now. WOT also has a mobile app that will not be immune to this data collection.