To the WOT community

User avatar
MyWOT-Team
Posts: 284
Joined: Mon Nov 30, 2015 12:05 pm

To the WOT community

Post by MyWOT-Team » Sun Nov 06, 2016 10:08 pm

Dear users,

Thank you for your patience. We apologize for our delayed public reply and any anxiety this incident has caused. It has taken us some time to understand what has happened and how best to ensure we protect our users.

We take our obligations to you very seriously. While we deployed great effort to remove any data that could be used to identify individual users, it appears that in some cases such identification remained possible, albeit for what may be a very small number of WOT users.

Of course, if the data allows the identification of even a small number of WOT users, we consider that unacceptable, and will be taking immediate measures to address this matter urgently as part of a full security assessment and review.

Additionally, after Mozilla notified us that they were removing the WOT add-on from their store (pending responses to a set of questions / proposed changes they sent to us), we voluntarily removed the WOT add-on from all other platforms, including the Chrome store, in order to resolve this matter properly and comprehensively.

To that end, we are taking the following steps:
  • Reviewing our privacy policy to determine which changes need to be made in order to enhance and ensure that our users privacy rights are properly addressed.

  • For the user browsing data used to enable WOT’s website reputation service, we intend to provide users the ability to opt-out from having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times.

  • For people who agree to let us use their browsing data in order to support WOT, we will implement a complete overhaul of our data ‘cleaning’ process, to optimize our data anonymization and aggregation objectives to minimize any risk of exposure for our users.


  • We will spend the coming weeks making the changes to WOT which will ensure we are back on the right track. You, our community of users are the real power behind WOT and we will continue serving you as such.

    Yours,

    peace100
    Posts: 1
    Joined: Sun Nov 06, 2016 11:55 pm

    RE: To the WOT community

    Post by peace100 » Sun Nov 06, 2016 11:55 pm

    So you really want to tell us that you created a system which can anonymize millions of URLs? Please upload this to github.com so everyone can see what you did there...

    You sold/sell URLs including query strings. Why should we trust you?

    Are you even aware of the effects of your acting?
    Do you know what can happen if someone unauthorized gets access to the data?
    Didn't you heard about the suicides after the hack of ashley madison?

    User avatar
    destinationtruth
    Posts: 404
    Joined: Tue May 12, 2015 7:47 pm
    Location: Cherokee Nation

    RE: To the WOT community

    Post by destinationtruth » Mon Nov 07, 2016 12:02 am

    Open your whois would be a good start.
    In 2015, WOT Services officially changed its name to TOW Software, and finally ceased operations in June 2016. While the service still operates. Just who in the hell Owns WoT!

    How can we trust you when you don't trust us with this information.

    Jtaylor83
    Posts: 58
    Joined: Sat Dec 13, 2008 5:46 am

    RE: To the WOT community

    Post by Jtaylor83 » Mon Nov 07, 2016 5:14 am


    Open your whois would be a good start.
    In 2015, WOT Services officially changed its name to TOW Software, and finally ceased operations in June 2016. While the service still operates. Just who in the hell Owns WoT!

    How can we trust you when you don't trust us with this information.


    Unreliable source added to Wikipedia article.


    User avatar
    MysteryFCM
    Posts: 2486
    Joined: Mon Jul 14, 2008 4:47 pm

    RE: To the WOT community

    Post by MysteryFCM » Mon Nov 07, 2016 5:32 am

    To my mind, there's two immediate things that need to be done here;

    1. Publicly disclose whether such information is being shared/sold to third parties, and if so - who and what (data)
    2. Publish the *current* code to the GitHub repo (failure to do this will not appease those that have (for obvious reasons) taken this recent issue so personally

    The issue of user privacy disclosure, whether accidental or otherwise, is wholly unacceptable, and understandably, both users and the wider security community are taking this extremely seriously.

    As far as the stats code itself, this must be limited only to the data needed, and such disclosed extremely clearly, to users of the software (and discard Base64 encoding, it's not even close to secure ;) ).

    With regard to this;

    "For the user browsing data used to enable WOT’s website reputation service, we intend to provide users the ability to opt-out from having such data saved in our database or shared. This opt-out will be available from the settings menu, as we want to provide each user with a clear choice at all times."

    I'd strongly urge it be opt-in, not opt-out (anything opt-out always goes against both the ethos of protecting users, and *always* ends badly, given most Joe Average users, don't check the settings etc of software to begin with, let alone the EULA' that go with them).

    User avatar
    Dareks67
    Posts: 223
    Joined: Sun Nov 13, 2011 1:05 pm

    RE: To the WOT community

    Post by Dareks67 » Mon Nov 07, 2016 12:02 pm

    I was a user WOT from 2011 until today. I uninstalled this add-on.
    With curiosity I expect, until this matter is cleared up completely.

    Sioban44
    Posts: 5
    Joined: Wed Jun 12, 2013 7:20 am

    RE: To the WOT community

    Post by Sioban44 » Mon Nov 07, 2016 1:19 pm

    Not a good thing.
    You've just lost trust. You know, the thing you've been relying on ?

    User avatar
    Dynamoo
    Posts: 9
    Joined: Tue May 10, 2016 9:34 pm

    RE: To the WOT community

    Post by Dynamoo » Mon Nov 07, 2016 6:48 pm

    Actually the Finnish register of companies DOES say that WOT Services Oy changed name to to TOW Software Oy in February 2016, but that the company has also been in liquidation since June 2016. The Business ID remains the same, so it is the exact same business. Whether or not TOW is actually currently the owner of WOT is unclear from that data

    hxxps://tietopalvelu.ytj.fi/yritystiedot.aspx?yavain=1998957&tarkiste=AF057A9D1864600E8029A4E3E180046A0FB5F746

    Jtaylor83
    Posts: 58
    Joined: Sat Dec 13, 2008 5:46 am

    RE: To the WOT community

    Post by Jtaylor83 » Mon Nov 07, 2016 8:49 pm

    If you're worried about your privacy, don't use the internet.

    Facebook, Google, Twitter, Yahoo, Bing and other websites give away your data to third parties.

    Jtaylor83
    Posts: 58
    Joined: Sat Dec 13, 2008 5:46 am

    RE: To the WOT community

    Post by Jtaylor83 » Mon Nov 07, 2016 8:57 pm


    Actually the Finnish register of companies DOES say that WOT Services Oy changed name to to TOW Software Oy in February 2016, but that the company has also been in liquidation since June 2016. The Business ID remains the same, so it is the exact same business. Whether or not TOW is actually currently the owner of WOT is unclear from that data

    hxxps://tietopalvelu.ytj.fi/yritystiedot.aspx?yavain=1998957&tarkiste=AF057A9D1864600E8029A4E3E180046A0FB5F746


    Read my comment. That source is unreliable, it was removed from Wikipedia.


    Post Reply

    Who is online

    Users browsing this forum: No registered users and 4 guests