Monday, December 12, 2016 by Randall Wilkens
The Internet is similar in many ways to an ocean. It connects various multi-cultured regions similar to (albeit much faster than) modern global shipping routes. Like an ocean has a vast surface covering millions of square miles, the Internet’s surface covers millions of topics and services, such as shopping, social media and entertainment. Most users of the Internet are like a boat motoring along on the ocean, mainly enjoying everything that the surface has to offer. Other, more consummate users, have experienced the varying levels of depth that remain hidden from the casual user’s eyes, comparable to the crew of a submarine as opposed to that of a smaller craft. It is this underlying worldwide presence (which often delves into activities of questionable legality) that keeps antivirus and anti-malware companies afloat in order to prevent some massive digital leviathan from wreaking havoc on everyone, from the casual user to regional power grids.
It is this fear of a giant, unknown, unseen monster that web-based companies prey upon in order to peddle their wares, some worthwhile, some not so much. While a lot of privacy advocates have recently focused their concerns toward news regarding a nondescript National Security Agency building in New York City, new attention has been drawn to the tools that are marketed to the average citizen under the guise of security.
There are numerous web browsers which can be used to traverse the internet, all of which have their own niches and functions designed to attract new users. Web browsers can range from the commonplace, such as Mozilla’s Firefox and Google’s Chrome, to the more privacy oriented like Tor, which provides anonymity through rerouting of the user’s request through numerous points worldwide. One feature that newer browsers have incorporated, which allows the user to personalize their experience, is extensions.
Extensions can be used for a multitude of functions that may not be immediately available on a bare-bones browser, but will not interfere with that specific browser’s originally intended purpose. These extensions are commonly authored using HTML, Java or CSS coding. Some extensions add new search engines, while others can add a new menu or toolbar where one does not currently exist. Other extensions are specific to certain websites, such as updating social media or online shopping.
Some users may choose to employ browser extensions designed for security purposes. One such extension which has claimed to be a “Safe Web Search & Browsing” service since 2007, goes under the moniker of Web Of Trust (WOT). There are over 140 million installations of Web Of Trust on systems where the user desires a sense of security during typical day-to-day browsing. Unfortunately for users of WOT – one of the top privacy and security extensions available for Firefox or Chrome – it appears that the user’s privacy and security is not necessarily the company’s main focus.
Web Of Trust uses crowdsourcing as a means to rate websites based on their trustworthiness and how safe they are for children. This information is then used to display a simple stoplight style warning system when a user lands on a website. Based on the site’s reputation, the user sees a red display for unsafe sites and a green display for safe sites. This is done to avoid malware and scams. The problem lies in the fact that WOT collects data from the user and sells it to 3rd party sites. While a lot of other extensions do essentially the same thing, Web Of Trust was not properly anonymizing users’ data, and therein lies the problem.
Since the issue was brought to light via an investigation by the German TV Channel NDR, the extension has since been pulled from Chrome and Firefox, with little notification as to when (or if) an updated version would be released that fully honored users’ privacy rights. In the same way that a ship’s credibility lies in its ability to stay afloat, should software fail to deliver when it comes to user anonymity, it too shall sink.