Browser extensions have become an essential part of surfing the Internet. They add security, useful extra features, and act as a testing ground for functionality that may eventually become a standard part of the most popular browsers.

Not all browser extensions can be trusted, though, and an investigation by German TV channel NDR has uncovered a serious breach of privacy by the Web Of Trust (WOT) service, which over 140 million Web surfers trust to help keep them safe online.

WOT has been around since 2007 and claims to be a "Safe Web Search & Browsing" service. What that boils down to is a website reputation and review system fueled by crowdsourcing. Users can view ratings on a per-site basis for trustworthiness and child safety or rate sites themselves.

It sounds like a clever way to check whether your favorie sites visit can be trusted. However, the WOT service itself is far from trustworthy.

The NDR investigation discovered that while you have the WOT extension installed, extensive data collection is going on in the background. But WOT not only collects and records data on a per-user basis, it then analyzes and sells it on to third parties.

The WOT Privacy Policy states that your IP, geographic location, device type, operating system, browser, the date and time, Web addresses, and overall browser usage are all collected, but that it is "non-identifiable." But NDR found that it was a simple task to link the anonymized data to individual users of the service. The data retrieved included:

Account name

Mail address

Travel plans

Illnesses

Sexual preference

Drug consumption

Confidential company information

Ongoing police investigations

Browser surfing activity including all sites visited

This information was pulled from a small data sample accounting for around 50 users. Now imagine having access to data for all 140 million users and you can see why this is of huge concern.

Spiegel Online reports that Mozilla has already removed the WOT extension from its Firefox Add-ons page due to guideline violations. It seems likely other software that supports WOT will follow. Anyone currently using the WOT extension should seriously consider whether they wish to continue doing so. WOT also has a mobile app, which won't be immune to this data collection.

Further Reading

Software & Service Reviews