SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Web of Trust's browser was pulled for being, well, untrustworthy.
When you include the word "trust" in your internet company's name, you're under more pressure than most to respect the privacy of your customers... and one firm is learning that lesson the hard way. Web of Trust Services' browser add-on has left the extension libraries for Chrome, Firefox and Opera after a German broadcaster's investigation revealed that Web of Trust was collecting and selling users' web histories to third parties. While the company said that it was anonymizing data, that didn't hold up under scrutiny. The broadcaster managed to identify over 50 people from sample data, and uncovered everything from active police investigations to the implied sexual orientation of a judge.
Also, a German data protection commissioner chastised WoT for not doing enough to get the consent of its users (and there are many of them, with 140 million downloads) before gathering and selling info. Moreover, there's evidence that the software can run the code it wants on any web page. There aren't any known in-the-wild exploits, but that's not exactly reassuring.
To its credit, WoT is taking steps to mend its ways. It's reexamining its privacy policy, offering an opt-out for the data you share and revamping the way it 'cleans' data to get rid of potentially identifying info. Its previous approach "may not have been sufficient" to fully anonymize your data, a spokesperson tells The Register. The company is quick to add that only Mozilla pulled the add-on -- WoT says it voluntarily yanked the add-on from the Google and Opera portals to "make appropriate changes."
Source: https://www.engadget.com/2016/11/08/web-of-trust-sold-browser-history/
(Score: 2, Informative) by Anonymous Coward on Saturday November 12 2016, @11:11PM
I mean, anyone with two functioning brain cells can rub them together and figure out that any addon that does a "check" for you of a website you're visiting can and will in fact be able to see the sites you visit intentionally or not
No, it does not. That is the lazy way and obviously lends itself to privacy invasion, but there is at least one privacy preserving method to do the same thing.
Instead of phoning home for every website you visit (which, BTW, would be damn slow), you just periodically download a database of hashed URLs of known bad sites. Then whenever you load a URL you just hash it and check the local database. Collision handling makes it more complicated, but you can mitigate that - hits in the "bad" list will be rare so if you do get a hit, then you can phone home, give the server the hash and ask it to give you back the full URL from their database and you can compare against that. So the server operator will only know about websites you visit that are in their hash list (and even then they can't be 100% confident it wasn't a collision, only you know for sure).
You could probably go even further and download the entire database, since it is manually curated it can't be terribly big, maybe 10GB? Just guessing. Might not be suitable for mobile, but on the desktop everybody's got terabyte sized disks nowadays.