User update from WOT

destinationtruth
Posts: 806
Joined: Tue May 12, 2015 7:47 pm
Location: Cherokee Nation

RE: User update from WOT

Post by destinationtruth » Fri Nov 04, 2016 7:35 pm

Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.

procyon
Posts: 162
Joined: Sat Oct 01, 2016 8:22 am

RE: User update from WOT

Post by procyon » Fri Nov 04, 2016 8:10 pm

This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).

destinationtruth
Posts: 806
Joined: Tue May 12, 2015 7:47 pm
Location: Cherokee Nation

RE: User update from WOT

Post by destinationtruth » Fri Nov 04, 2016 9:10 pm

<quote user="procyon">
This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).
[/quote]

Thanks for the information!

Javelina
Posts: 221
Joined: Sun Oct 24, 2010 5:34 pm

RE: User update from WOT

Post by Javelina » Sat Nov 05, 2016 12:38 am

<quote user="site-rater">
Regarding the Wikipedia article, has it been proofread for NPOV, proper sources, etc?
Should one of the tags at en.wikipedia.org/wiki/Wikipedia:Current_event_templates be used on the article?
[/quote]

I have had enough experience on Wikipedia and with WOT to know that disgruntled website owners and outright spammers will often complain about WOT. This is a different situation.

German media has a different style than US media, and different priorities due to differences in perception of online privacy, as well as differences in the law. I tried to get some help on the article talk page so that I could confirm my understanding of the German language news articles, see here en.wikipedia.org/wiki/Talk:WOT_Services#NDR_Germany_investigation_of_privacy_concerns
I am FeralOink. The single response by an IP user, telling me that I was incorrect, was not at all helpful!

Here are my edits to the newly written "Privacy Concerns" section en.wikipedia.org/w/index.php?title=WOT_Services&action=history

Yes, I proofread the article for NPOV and proper sources. Heise is only so-so as an NPOV source, but NDR and online news sites (Spiegel and Taggeschau) are well regarded. The reporting is not technically detailed (to protect against further abuses according to NDR), so I can't do an approximate check on the claims about collecting a sample of 50 users or the extent of the inadequate anonymization. I am a statistician and know about protecting private health care data, so more details would be helpful.

It seems like NDR conducted a sting operation in order to find out whether browser use data was being resold, see here hxxp://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html That article was used as a reference in the Wikipedia article, along with this forensic blog post hxxp://www.kuketz-blog.de/wot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht/

Thank you for suggesting that I tag the article to indicate recency due to a still-developing current event. Good idea! Wikipedia editors shouldn't have any objection to that.

Javelina
Posts: 221
Joined: Sun Oct 24, 2010 5:34 pm

RE: User update from WOT

Post by Javelina » Sat Nov 05, 2016 12:51 am

<quote user="destinationtruth">
Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.
[/quote]
You are correct. I see some familiar forum names in the comments for the plugin hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/reviews/201631/ "This is an XML search bar plug-in for TB3.x This is restricted to German users as opposed to the multi-language plug-in available on WOT Wiki, originally authored by WOT user Creastery."

Sadly, that plugin is still listed by Mozilla whereas the real WOT plugin has been pulled by Mozilla for Firefox browser, redirecting here hxxps://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/

Javelina
Posts: 221
Joined: Sun Oct 24, 2010 5:34 pm

RE: User update from WOT

Post by Javelina » Sat Nov 05, 2016 12:54 am

<quote user="site-rater">
According to the update noted at hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332#c6 (right before WOT became closed-source) the add-on was modified to log every URL visited, and attempt to obfuscate it by applying Base64 encoding twice.

The commit for the Firefox add-on is at hxxps://github.com/mywot/firefox-xul/commit/0df107cae8ac18901bd665acace4b369c244a3f9
[/quote]
Is WOT closed source now?! When did this happen? I didn't realize.

Site-rater
Posts: 5839
Joined: Tue Sep 15, 2009 7:48 pm

RE: User update from WOT

Post by Site-rater » Sat Nov 05, 2016 1:04 am

<quote user="javelina">
Is WOT closed source now?! When did this happen? I didn't realize.
[/quote]

The latest updates are closed-source as far as I can tell; I have found no links to source code for any 2016 versions.
(edit: outdated GitHub repos are at https://github.com/mywot )

procyon
Posts: 162
Joined: Sat Oct 01, 2016 8:22 am

RE: User update from WOT

Post by procyon » Sat Nov 05, 2016 6:37 pm

Data are encrypted via double base 64 encoding:
&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).

geryoei
Posts: 14
Joined: Wed Nov 02, 2016 2:14 pm

RE: User update from WOT

Post by geryoei » Sun Nov 06, 2016 10:25 am

<quote user="procyon">
(...)
Data are encrypted via double base 64 encoding:

&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).
(...)
[/quote]

Thank you for the brief analysis.

I would like to add, that base 64 ENCODING is not ENCRYPTION (sic!).

Cryptographic security can only be achieved by using a known, secure cryptographic function and using a secure and private key. The security should not rely on the knowledge of used function but on the privacy of the key.

regards

G.OEI

OvaisAlam
Posts: 47
Joined: Sun Oct 30, 2011 1:24 am

RE: User update from WOT

Post by OvaisAlam » Wed Nov 09, 2016 7:52 pm

WOT Addon disabled.
I hope that you'll come up with a valid reason (ASAP) for selling the data.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests