Mozilla and Google remove WOT extension from Store
The popular browser extension Web of Trust is no longer available on the Firefox add-on repository or the Google Chrome Web Store.
Mozilla and Google have pulled the extension from their stores after a report aired on German national television that the company was selling the browsing history of its users.
The browser extension, designed to inform users about security or privacy issues on sites they visit, is currently not available for download.
Users who try to open the add-on site on Mozilla's Firefox add-ons site get a "we're sorry, but we can't find what you're looking for" error message currently.
Google's Chrome Web Store merely states that "the requested URL was not found on this server".
Information is scarce at this point as both Mozilla and Google have not openly released information about the removal.
The German newspaper FAZ managed to get a statement from Mozilla about the removal. According to the statement, Web of Trust was pulled because it violated add-on guidelines, and specifically transparency in regards to the add-on's collection of user data.
According to Web of Trust, which Faz got a statement from as well, this was caused by the company's latest privacy policy published on the company website not being made available on the Firefox add-on site.
If you check out the privacy policy on the Web of Trust website, you will notice that it collects the following information: IP address, geographic location, type of device, operating system and browser, date and time, browsing usage including visited web pages, clickstream date or web address accessed, browser identifier and user ID.
Users who have Web of Trust installed in the browser won't be affected by the pulling of the add-on.
According to research posted on Bugzilla@Mozilla, the tracking that is been discussed in German media has been added to the extension back in 2015.
So what is going to happen now?
The most likely cause of action is the following one. Web of Trust updates the privacy policy on the store pages of the add-on to better highlight the data collecting of the add-on. Mozilla and Google will then re-enable the extension on their Stores so that users can download and install it again.
It is unclear right now whether WOT is asked to modify code of its extension in regards to user tracking, or if the simple highlighting of the fact that the add-on collects user data is enough for restoration.
Now You: What's your take on the whole situation?
Yet Again, 1 More Evidence That Blocking External Extensions Is Stupid – It Is Impossible To Completely Remove Wolves In Sheep Clothing.
Give Normal Users All The Warnings They Need…
…But Let FREAKING Power Users Be FREAKING Responsible For The FREAKING Software They FREAKING Want To FREAKING Install, FREAKING Period.
Did I Say The Word **FREAKING** Enough Times For CHROME To Take Notice ?
—
Bye Bye Mozilla.
I’m dropping you.
What alternative am I suppose to use? All I find about WOT is bunch of lies spread by big corporations paying the German media to lie that WOT is evil just to protect their reputation.
All of this is FUD.
If you’re worried about your privacy, don’t use the internet and go live a cave.
Why to blame Mozilla? Ghostery, AVG, McAfee add-ons collects personal data too, it’s not Mozilla fault.
Basic alternative to WOT is already built in to the Firefox – SafeBrowsing.
At least I removed that after 2-3 years of using it and I even deleted my account there after reading negative comments about that multiple times; first time – “no way, really?”.
Privacy invading, “safe” sites (actually dangerous), WoT sending some data even when you remove it (reinstall browser), %your_negative_comment_about_WoT%, etc.
And now, this.
I never used their add-on nor their website much but they seem to unfairly rate sites as bad or unsafe
when in fact it’s the opposite.Basically giving good safe sites a poor rating.
Here is a site explaining why it’s a scam:
https://mywotlies.wordpress.com/2011/06/18/web-of-trust-web-of-lies/
Oh, so you think that all web rating add-ons like TrafficLight.are evil.
Have fun destroying your mobile device.
You are being fed with lies by a reputation protecting corporate troll.
I reported the extension as a bad one to Mozilla when not too long after it came out.
They would not believe me.I guess I get the last laugh … stOOPid Mozillians.
Shame! Ding! Shame! Ding! Shame! Ding!
Seriously, how many people care about it? Most people even don’t know about AdBlock (uBlock) and blocking ad at all. Who don’t care except Mozilla, Google and few faggots?
All together now with Shirley And Company …
[CHORUS]
Shame shame shame hey shame on you
If you can’t dance too
I say shame shame shame
Shame shame shame
Shame shame on you
If you can’t dance too
Sunday Night not alive at all …
Tomorrow Monday is another day and for all countries which don’t start the week on Sunday (mama mia…) another week as well : enjoy!
@Tom Hawack – i’ve tried that https bookmarklet and it works and does what it’s supposed to do, i like it and i’ve bookmarked that one as well, thanks. i have noticed on some sites it doesn’t work as well as https everywhere add-on, say nike.com because the URL changes more than just an “s”, like “http://store.nike.com/us/en/” to “https://secure-store.nike.com/us/en_us/” but i don’t even recommend https everywhere on nike.com anyway unless maybe your in checkout because it will cause trouble while viewing items/changing colors/changing sizes, it’s been a goofy site anyway since they redone it years ago, the site has been finicky with Firefox at times while trying to check out and complete purchases even in safe mode, i had to complete the purchase in google chrome on Windows XP but that was the first other browser i tried, and Firefox is the only browser i will install on my windows 7/10 laptops, so i will try Edge next time if i have the same issue.
That print friendly bookmarklet i bookmarked as well, i’m not sure yet what the advantages are if any as i’ve not tried it yet but it’s interesting non the less.
i haven’t tried that “Skip Redirect” add-on yet either but have bookmarked that in my Firefox folder with the other add-ons i use and will give it a try and look at it’s settings, i don’t think i’ll be able to make my own, i don’t know if “Clean Links” you can make your own either but i tried. When doing some research i found “Redirector” – https://addons.mozilla.org/en-US/firefox/addon/redirector/ in a posting which i didn’t bookmark but it was someone wanting to default to YouTube gaming for certain videos and someone recommended the “Redirector” add-on and posted this image which i did bookmark – https://imgur.com/MA50RE1 – and it shows how to do it. i wanted to default to a clean YouTube video URL such as – https://www.youtube.com/watch?v=7ItsgC0FNZc when i receive a video by e-mail instead of https://www.youtube.com/watch?v=7ItsgC0FNZc&feature=em-uploademail – i could not get it to work for me. if you know of a way to get it to work or another add-on that will do it and easy to work with i would appreciate it very much even though i hate to ask as i feel i’ve been bothering you already in this thread, if so i’m sorry in advance, but thanks once again for all your input in this thread, it has been very useful.
@ Rick,
I’m as well a bookmarklet fan, these are so handy; as well I have a dedicated Bookmarks Toolbar sub-folder, including some of those you mentioned together with others, of which several don’t call a site but simply operate a function on the site they’re called from, for instance toggling a site from http to https :
javascript:((function(){window.location=location.href.replace(/^http/i,”https”).replace(/^http\w{2,}/i,”http”);})());
To be noted :
1- Javascript must be active, of course; also, if using an add-on such as uBlockO, per-site scripting must not be disabled.
2- Firefox Add-ons such as ‘Clean Links’ or ‘Skip Redirect’ must include in their options exceptions to handle sites called by bookmarklets…
2.1- ‘Clean Links’ add-on : add in its Options / Skip Domains domains included in a bookmarklet (the called domain, not the calling domain, i.e. “www.virustotal.com” if using the VirusTotal bookmarklet).
2.2- ‘Skip Redirect’ add-on : same as with ‘Clean Links’ but this time in ‘Skip redirects’ Options / Exceptions.
I prefer ‘Skip Redirect’ to ‘Clean Links’ now, because the latter seems outdated and problematic here…
One last bookmarklet “pour la route” as we say in French (no idea how to translate that, means something like “in case of, to be sure”), which performs a call to PrintFriendly which prints (or PDF) the page it’s called from in a neat way :
javascript:void(open(‘http://www.printfriendly.com/print/?url=’+location.href))
Bookmarklets are a great tool applicable in many situations and concerning many topics. When it appears to be tough to make our own searching the Web sometimes brings the answer, i.e. the bookmarklet for VirusTotal which I would have been unable to determine myself.
To end with the artist’s feeling : ‘bookmarklet’ sounds so nice :)
i see how the comments and replies work now.
Tom, i couldn’t reply to those comments as maybe you don’t want to be bothered, but i need to say THANK YOU! They all work perfectly and now i don’t have to copy and paste them into that particular website and don’t have to use their add-ons. You even added a couple that i didn’t know about. Thanks again, made my day.
i would like to add that when i tried to create them myself they would’ve worked but i just realized an add-on “Clean Links”-(Firefox) i have is the reason they weren’t working, have to click on it to disable it otherwise it just opens the homepage of the website i’m trying to use it on.
Also, Martin, maybe you should do a quick article on this as i’m sure some of your other users might find this interesting and useful. i have all the JavaScript Bookmarklets in a folder on my bookmarks toolbar for easy access, each one paired with the actual homepage bookmark both between separators to easily tell them apart.
Safe and privacy focused browsing everyone.
@ Rick, I forgot McAfee’s SiteAdvisor ->
javascript:void(open(‘http://www.siteadvisor.com/sites/’+location.hostname))
safeweb.norton.com ->
javascript:void(open(‘https://safeweb.norton.com/report/show?url=’+location.hostname))
urlvoid.com ->
javascript:void(open(‘http://www.urlvoid.com/scan/’+location.hostname))
virustotal.com ->
javascript:void(open(‘https://www.virustotal.com/url/submission/?force=1&url=’+location.href))
urlquery.net -> Couldn’t make it
phishtank.com -> Couldn’t make it*
scamvoid.com ->
javascript:void(open(‘http://www.scamvoid.com/check/’+location.hostname))
scamidentifier.com ->
javascript:void(open(‘http://www.scamidentifier.com/review/’+location.hostname))
urlcheck.info ->
javascript:void(open(‘http://urlcheck.info/en/verify.htm?urlOrIP=’+location.hostname))
webinspector.com -> Couldn’t make it
*For Phishtank, following sites/bookmarklets provide results which include Phistank’s analysis :
scanurl.net ->
javascript:void(open(‘http://scanurl.net/?u=’+location.hostname))
onlinelinkscan.com ->
javascript:void(open(‘http://onlinelinkscan.com/results/’+location.hostname))
Hope this helps. Some sites are easy to handle, others more complicated, some impossible because the return url replaces the source with an ID.
Tom, i was not able to reply to your previous post about your JavaScript Bookmarklet –> javascript:void(open(‘https://www.mywot.com/en/scorecard/’+location.hostname)) which is brilliant. i’ve tried to create some for other services as well but was unsuccessful. Are you able to make some JavaScript Bookmarklets for these services please, it would be very appreciated sir and i’m sure other would appreciate it as well. Some of these i’ve just learned about in another post in this article, so i haven’t did any research on them yet.
https://safeweb.norton.com/
http://www.urlvoid.com/
https://www.virustotal.com/en/#url
https://urlquery.net/
https://www.phishtank.com/
http://www.scamvoid.com/
http://www.scamidentifier.com/
http://urlcheck.info/en/
https://app.webinspector.com/
McAfee doesn’t have anywhere to paste links in the website anymore for Site Advisor at https://www.siteadvisor.com/final/ unless someone knows a way around this.
I use NoScript, an extension that can block scripts from running from domains called upon by a given site. One of its features is that if you use the toolbar button’s dropdown arrow to display a site’s “contributing” domains, you can shift-left-click on a domain and get a list of “security and privacy information” vetting sites’ pages for that domain. Web of Trust used to be one of NoScript’s default vetting sites .. but not anymore!
I will not give them a second chance. I will never use WOT in my life and I hope the company will go bankrupt.
The original founders left the company in 2014. One of them now has tweeted about the recent developments and praises NDR for exposing it : “What happens when venture capitalists are left in charge? Nice investigative journalism by @sveckert et al.” See https://twitter.com/samitolvanen/status/793992335772225536 . Martin, why not ask him about what happened?
Could just use Malwarebytes Antimalware. Not only are you protecting all your browsers, but also your system in one.
Isn’t there a clever way
to use the WOT addon in Firefox
but “neutralize”/cancel
the IP, etc info being leaked back to WOT?
Just asking…
I uninstalled WOT when I realized that the ratings there could not be relied on. You can check the reputation of websites at any of these:
http://www.scamvoid.com
http://www.scamidentifier.com
http://www.urlvoid.com
http://urlcheck.info/en/
Some include WOT ratings as well as other information about the site being checked.
https://app.webinspector.com is another useful tool, though it takes a couple of minutes to return results.
Those sites are crap. You have to check every site one at a time by typing/pasting in the URL. WOT automatically checked all links for you. You forgot McAfee Site Advisor. Now it’s called Web Advisor.
I’m really pissed off about this. I don’t care if they’re selling my history. It’s a small price to pay for safety on the web. Now I’m such with crappy Mcafee Site Advisor. Almost all software gathers users data. No one says anything about that. :(
There are means to be safe — or at least as safe as with WOT — without the cost of one’s data. I cannot and will never get undressed for either a service or a protection : neither prostitution nor an accepted racket. That’s the tend, that’s how many companies wish the scenario to be and to be understood as such. Of course some of us don’t care and get undressed free, some do care and get a service/protection for getting undressed, and some do care even more and get a service/protection without getting undressed. There’s always a price, but my privacy is worth more than what is offered. My privacy is priceless.
Business is planetary now, especially with the Internet. Broader the audience wider the number of those who accept to exchange their privacy for a service/protection, and that should be far enough to keep the business machine rolling, hence allow those who refuse to keep on getting many things free : it’s called a population’s disparity. If business cannot deal with that then it’ll be what it is already : a combat.
WOT is not a victim of persecution but happens to have been caught. WOT is not the only only, other sites have similar practices among which some haven’t been caught. OK. Yet, this attitude “All or so many do it than what the heck? Why not take the good and accept the bad?” seems to me a cynical, hence a defeatist attitude, a trending one especially amid the younger generation.
Honesty, integrity together with talent and skill exist everywhere in life, on the Internet as well. You have to make the effort to find them and of course no motivation for effort if cynicism leads one’s thoughts or if cynicism is the pretext of laziness.
Your “Probably half the sites does that” is meaningless and can be easily toggled to “half the sites doesn’t do that”. Being concerned by security without having to pay the price of our privacy aims to search for that other half. But it requires indeed efforts and not the easy way out, that of defeatism.
Probably half of the free software does that. Why are they singling out WOT? Undressed? Prostitution? What drug are you on? :(
Let them post a new privacy policy and/or terms of service and allow them to be listed again, only for people to ignore those pieces of text anyway?
I think, for the credibility of their web-stores, both Google and Mozilla should either ban the piece of software entirely now and in the future, or if they don’t, then at the very least they need to create an extension rating/categorization system that can tell even the average end-user if his or her privacy will be compromised by using this or that extension. Doubt that’ll happen though, because both companies (the former without a doubt but in some ways also the latter) are interested in making money from user data.
I too have had worries regarding f-secure, but I’ve never read any concrete damning evidence against them. If you have any relevant new/articles, thanks in advance if you’ll post links.
wot for firefox had a remote code execution vulnerability where wot or another addon could use wot to execute any code with system level privileges this was one determine factor that got wot removed. the researcher could not see any cases where this was abused but who know what wot did they changed owners without telling anyone then the code to collect data was added. this seems to be a popular trend where addons a selling out with large user bases then updates land doing very questionable things.
When did WOT change ownership? Who currently owns it?
I wasn’t aware of the change & AFAIK was never notified via email regarding my user account at the mywot site.
“this seems to be a popular trend where addons a selling out with large user bases then updates land doing very questionable things”
I AGREE! It is an alarming trend
WoUntrustable should be obliterated from the net. But they are not the problem. The problem the pathetic lack of a decent permissions model where add-ons are concerned, let alone the web overall. Compared to the mobile phone app ecosystems, the web is sorely lacking in this regard. As a huge supporter of the open web, this is greatly distressing to me. The vast majority of people DO NOT READ privacy policies. To suggest that users be expected to do so is ludicrous. Users are not all lawyers! The best way to ensure users are conscious of the choices they’re making and privacy they’re relinquishing when installing an add-on, is to create the sort of framework of per-activity/function permission system Android 6 and the like currently implement. I’m sure it’s not perfect but compared to the web’s invisible privacy / permissions framework, the mobile phone system is like a rolls royce compared to a trabant.
Noscript also removed it from the middleclick domain info thingie.
Wot always was useful and transparent under the custody of the original creators. Sad it has to end this way.
I agree, I am certain they were trustworthy. It must be very saddening for them to watch this happen to their brainchild.
I like to run with the minimum number of extensions I “have to have” (currently 7). WOT was never one of them.
Perfectly said Tom !
This WOT has been roaming around for years ,Time to see it end ,
Time to see it end just because it has been around for years?
IF YOU WERE TO READ WHAT I WROTE…..Perfectly said Tom
WOT IS PURE SPYWARE AND NOOB CRAP
I’ve never used WOT not because I feared privacy issues but because I disliked the very concept, that of people interfering in the fame or shame of a Web site, too subjective and at worst too much of a temptation to praise or condemn on the ground of personal feelings.
Now that privacy issues seem to be factual is of course a +minus.
On the other hand, if questionable behaviors need to be questioned and negative answers followed by sanctions, we all know that the planetary hysteria loves to hate as it loves to love, that it loves to feel and express emotions rather than objectivity. WOT’s crucifixion will undoubtedly be acclaimed by many of which some as always with the “hang ’em up and high” state of mind (or whatever was the wording in that Wild West).
I’ll just keep on avoiding WOT should it re-appear.
The idea of having many people voting on the trustworthiness of a site is that the chance of undue negative or positive bias is minimised. I don’t believe that a good site can be sunk by a bandwagon effect of negative votes, nor that a bad site can be turned positive by a bandwagon effect. I don’t know of any other extension that gives similar a visual warning or approval of sites; I do rely heavily on that from WOT.
If you think many people voting won’t influence bias, I’ll give you a keyword that you should do a search on: “Boaty McBoatface”. (Hint: it’s one active community fully controlling an open voting system)
“I don’t believe that a good site can be sunk by a bandwagon effect of negative votes”
Yes, it really can. Further, and not specific to WOT, a market has sprung up for “buying likes, buying favorable mentions, buying positive reviews, etc.” and employing such has been an increasingly common tactic of advertising campaigns; part of the “ad spend” is budgeted toward paying brokers to have AmazonTurk -like worker bees post favorable mentions, favorable reviews.
“I don’t believe that a good site can be sunk by a bandwagon effect of negative votes”
Yes, it really can. Further, and not specific to WOT, a market has sprung up for “buying likes, buying favorable mentions, buying positive reviews, etc.” and employing such has been an increasingly common tactic of advertising campaigns; part of the “ad spend” is budgeted toward paying brokers to have AmazonTurk -like worker bees post favorable mentions, favorable reviews.
Look at the rating for Conservapedia. https://www.mywot.com/en/scorecard/conservapedia.com
Whether you agree with their politics or not, the site definitely does not serve up malware. However, it is rated at 32 and all the comments on why the reviewers don’t trust it are political.
I’ve noticed that sites are sometimes punished for political views and nothing more.
I’ve seen okay sites being marked as super dangerous and virus-giving download sites being marked as completely trustworthy. That’s when I uninstalled WOT.
One of the worst privacy violations of the 21st century, I hope the addon never returns in any form.
More evidence that add-on signing is worthless
It has NOTHING to do with add-on signing, so what do you want to say?
David is trying to say that add-on signing does absolutely NOTHING to keep potentially dangerous extensions from being installed, because it only controls who is allowed to distribute extensions, and doesn’t do anything about lack of integrity of the add-ons themselves.
So it has EVERYTHING to do with add-on signing (which is supposed to keep the “bad ones” out, by definition).
I am always concerned by privacy violations, as is the case here. Nevertheless, the info WOT supplies about websites’ trustworthiness is ver important. I don’t know any other extension that supplies this kind of info without raping you at the same time. And I consider security more important than privacy, so will not uninstall WOT. I did implement the uBlockO filtering that Tom Howach mentioned on this site yesterday.
These rules only have a chance to work if the WoT leaks are filtered by the lists you use with uBO. That also assumes that these leaks can be separated by rules from legitimate WoT traffic needed for the extension to work. (I never used WoT but I don’t think they can.)
I wouldn’t consider myself protected unless I verified this first hand.
An alternative is to only use the website WoT, not the add-on, so in practise it would only be for sites you have a reason to doubt. You could use a bookmark keyword “wot ghacks.net” or add a WoT search engine or something to make the website check as quick as possible.
“An alternative is to only use the website WoT, not the add-on, so in practise it would only be for sites you have a reason to doubt.”
I agree. I’ve set a bookmarklet to get WOT information about a site, including users’ reviews, which I run when, as you write, I have a doubt : javascript:void(open(‘https://www.mywot.com/en/scorecard/’+location.hostname))
Bitdefender Trafficlight
WOT is totally an extension I will avoid. where’s the good old Opensource/free software (including extensions) made to just help people that live through donations? people that make something, waste their time to help others, waste their money, and don’t ask for nothing. that’s people that I would support every month if I had some extra money, that’s people that we should care about, developers that make something in exchange of nothing. for me, devs like the ones behind WOT that collect everything a user does online are scam. I will totaly avoid WOT.
Oddly enough it is opensource (even if only released in an older version)
https://github.com/mywot
And here is the change to the Chrome extension that added the “spyware”:
https://github.com/mywot/chrome/commit/2206b8f4eeb50fc59eee9613f17599a2851a9a3c
And for the Firefox addon:
https://github.com/mywot/firefox-xul/commit/0df107cae8ac18901bd665acace4b369c244a3f9
Good riddance. They should have their code audited (as every extension should) to be validated.. this safe until proven otherwise clearly doesn’t work.
It was removed because half of googles paid ads were showing up as red. I am a tech and have used it for 2 year. It has always been spot on. Half of googles income is from malware site advertising. To test I have on numerous times started virtual PC and gone to the sites listed as red. Bam infected every time.
i found that WOT , was slowing down webpage loading so i uninstalled it anyways