User update from WOT

destinationtruth
Сообщения: 806
Зарегистрирован: Вт май 12, 2015 7:47 pm

RE: User update from WOT

Сообщение destinationtruth » Пт ноя 04, 2016 7:35 pm

Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.

procyon
Сообщения: 162
Зарегистрирован: Сб окт 01, 2016 8:22 am

RE: User update from WOT

Сообщение procyon » Пт ноя 04, 2016 8:10 pm

This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).

destinationtruth
Сообщения: 806
Зарегистрирован: Вт май 12, 2015 7:47 pm

RE: User update from WOT

Сообщение destinationtruth » Пт ноя 04, 2016 9:10 pm

<quote user="procyon">
This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).
[/quote]

Thanks for the information!

Javelina
Сообщения: 221
Зарегистрирован: Вс окт 24, 2010 5:34 pm

RE: User update from WOT

Сообщение Javelina » Сб ноя 05, 2016 12:38 am

<quote user="site-rater">
Regarding the Wikipedia article, has it been proofread for NPOV, proper sources, etc?
Should one of the tags at en.wikipedia.org/wiki/Wikipedia:Current_event_templates be used on the article?
[/quote]

I have had enough experience on Wikipedia and with WOT to know that disgruntled website owners and outright spammers will often complain about WOT. This is a different situation.

German media has a different style than US media, and different priorities due to differences in perception of online privacy, as well as differences in the law. I tried to get some help on the article talk page so that I could confirm my understanding of the German language news articles, see here en.wikipedia.org/wiki/Talk:WOT_Services#NDR_Germany_investigation_of_privacy_concerns
I am FeralOink. The single response by an IP user, telling me that I was incorrect, was not at all helpful!

Here are my edits to the newly written "Privacy Concerns" section en.wikipedia.org/w/index.php?title=WOT_Services&action=history

Yes, I proofread the article for NPOV and proper sources. Heise is only so-so as an NPOV source, but NDR and online news sites (Spiegel and Taggeschau) are well regarded. The reporting is not technically detailed (to protect against further abuses according to NDR), so I can't do an approximate check on the claims about collecting a sample of 50 users or the extent of the inadequate anonymization. I am a statistician and know about protecting private health care data, so more details would be helpful.

It seems like NDR conducted a sting operation in order to find out whether browser use data was being resold, see here hxxp://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html That article was used as a reference in the Wikipedia article, along with this forensic blog post hxxp://www.kuketz-blog.de/wot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht/

Thank you for suggesting that I tag the article to indicate recency due to a still-developing current event. Good idea! Wikipedia editors shouldn't have any objection to that.

Javelina
Сообщения: 221
Зарегистрирован: Вс окт 24, 2010 5:34 pm

RE: User update from WOT

Сообщение Javelina » Сб ноя 05, 2016 12:51 am

<quote user="destinationtruth">
Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.
[/quote]
You are correct. I see some familiar forum names in the comments for the plugin hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/reviews/201631/ "This is an XML search bar plug-in for TB3.x This is restricted to German users as opposed to the multi-language plug-in available on WOT Wiki, originally authored by WOT user Creastery."

Sadly, that plugin is still listed by Mozilla whereas the real WOT plugin has been pulled by Mozilla for Firefox browser, redirecting here hxxps://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/

Javelina
Сообщения: 221
Зарегистрирован: Вс окт 24, 2010 5:34 pm

RE: User update from WOT

Сообщение Javelina » Сб ноя 05, 2016 12:54 am

<quote user="site-rater">
According to the update noted at hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332#c6 (right before WOT became closed-source) the add-on was modified to log every URL visited, and attempt to obfuscate it by applying Base64 encoding twice.

The commit for the Firefox add-on is at hxxps://github.com/mywot/firefox-xul/commit/0df107cae8ac18901bd665acace4b369c244a3f9
[/quote]
Is WOT closed source now?! When did this happen? I didn't realize.

Site-rater
Сообщения: 5839
Зарегистрирован: Вт сен 15, 2009 7:48 pm

RE: User update from WOT

Сообщение Site-rater » Сб ноя 05, 2016 1:04 am

<quote user="javelina">
Is WOT closed source now?! When did this happen? I didn't realize.
[/quote]

The latest updates are closed-source as far as I can tell; I have found no links to source code for any 2016 versions.
(edit: outdated GitHub repos are at https://github.com/mywot )

procyon
Сообщения: 162
Зарегистрирован: Сб окт 01, 2016 8:22 am

RE: User update from WOT

Сообщение procyon » Сб ноя 05, 2016 6:37 pm

Data are encrypted via double base 64 encoding:
&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).

geryoei
Сообщения: 14
Зарегистрирован: Ср ноя 02, 2016 2:14 pm

RE: User update from WOT

Сообщение geryoei » Вс ноя 06, 2016 10:25 am

<quote user="procyon">
(...)
Data are encrypted via double base 64 encoding:

&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).
(...)
[/quote]

Thank you for the brief analysis.

I would like to add, that base 64 ENCODING is not ENCRYPTION (sic!).

Cryptographic security can only be achieved by using a known, secure cryptographic function and using a secure and private key. The security should not rely on the knowledge of used function but on the privacy of the key.

regards

G.OEI

OvaisAlam
Сообщения: 47
Зарегистрирован: Вс окт 30, 2011 1:24 am

RE: User update from WOT

Сообщение OvaisAlam » Ср ноя 09, 2016 7:52 pm

WOT Addon disabled.
I hope that you'll come up with a valid reason (ASAP) for selling the data.

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 4 гостя