Also, a German data protection commissioner chastised WoT for not doing enough to get the consent of its users (and there are many of them, with 140 million downloads) before gathering and selling info. Moreover, there's evidence that the software can run the code it wants on any web page. There aren't any known in-the-wild exploits, but that's not exactly reassuring.

To its credit, WoT is taking steps to mend its ways. It's reexamining its privacy policy, offering an opt-out for the data you share and revamping the way it 'cleans' data to get rid of potentially identifying info. Its previous approach "may not have been sufficient" to fully anonymize your data, a spokesperson tells The Register. The company is quick to add that only Mozilla pulled the add-on -- WoT says it voluntarily yanked the add-on from the Google and Opera portals to "make appropriate changes."

You should see an improved version of the add-on in the weeks ahead. However, questions remain: why sell histories without explicitly warning users, and making absolutely sure there wasn't identifying data? And why not make data sharing opt-in? No matter what the answers, the findings are a reminder that promises of anonymized data by themselves aren't enough. A company has to make sure that your sensitive content remains a secret in practice, not just in theory.