Commentary

Internet Security Company 'Web Of Trust' Sold Data About Users

Popular browser extension "Web of Trust" promised to protect users by giving them information about sites' reputations.

But it turns out that Web of Trust wasn't just offering crowdsourced data about Web sites. The company also was collecting and selling data about its users' browsing histories. What's more, in some cases, that data reportedly included email addresses, phone numbers and other information that could be tied to individuals.

Web of Trust's practices were uncovered by reporters for the Hamburg-based broadcaster Norddeutscher Rundfunk. They obtained some data being sold by Web of Trust, and found they were able to easily identify some of the add-on's users. In some cases, the data included URLs that contained embedded email addresses, according to PC World. The data also included enough information that the journalists were able to deduce some people's sexual preferences, PC World writes.

It's worth noting that Web of Trust isn't the only company that apparently exposed users' personal information through poor anonymization techniques. In one high-profile example, AOL once posted three months worth of search queries from 650,000 supposedly de-identified members. Despite AOL's steps to anonymize users, some were were identified based on the patterns in their search queries. Most famously, within days of the July 2006 data release, The New York Times identifed AOL user Thelma Arnold.

For its part, Web of Trust says it "deployed great effort to remove any data that could be used to identify individual users." But, the company added, "it appears that in some cases such identification remained possible, albeit for what may be a very small number of WOT users."

Mozilla removed the add-on late last week; World of Trust subsequently removed it from Chrome, at least temporarily. Going forward, Web of Trust promised to review its privacy policy, and to allow users to opt out of having data about their browsing history stored or shared. Web of Trust added that it will revise its anonymization procedures in order "to minimize any risk of exposure for our users."

Next story loading loading..