WoT = VIRUS/SPYWARE - DO NOT INSTALL / UNINSTALL AS SOON AS POSSIBLE

[Site-rater]

Weird, if I Google mywot spyware the only thing that comes up are the troll pages from years past.

[Site-rater]

Maybe they should start selling those trust seals again, on the premise that if the site owner's site goes red the seal goes red on the customer's site, with no refund, and make it as clear as possible the seal doesn't mean buying trust (I remember you had to be green to buy one).

All the past claims against WOT's trust seal were from disgruntled site owners who couldn't get a good rating.

[Guest]

Well, been using it for years but going to uninstall it now

[williKi]

Folks,

If what is being said is the WOT add-on is actually malware, then I don't know what you are talking about. At home I run AVG Antivirus (pay) and Malwarebytes Premium. At work, Sophos Enterprise - all of which have no problem whatsoever with this add-on. Yes, I read the article (Google Translate), and IMHO, it is a stretch.

[mario692]

@williKi: Don't trust your antivirus. They can't really judge if an addon is malicious or not. Most antivirus are limited to executable only. Secondly, your antivirus won't protect you from greedy dishonest companies, they only protect you from malware in the strict sense.

Read hxxp://www.ghacks.net/2016/11/01/browsing-history-sold/ (replace hxxp by http). They summarized it pretty well.

[geryoei]

I Agree - reading the authors resume on this issue - it seems WOT retrieves the full - personalized - browser history.

I am not sure, if you cancel the service,that this will stop them from selling your personal information and your browsing behavior

The resulting effect is - you should never trust a provider's promise your data will not be used and will be safe - NEVER TRUST.

regards

G.OEI

P.S. I've de-installed WOT from all my local and mobile devices now, until we have a statement from the board which clarifies the situation.

[williKi]

Well, I am willing to hear from WOT Support about this. Until then, I'm not making a decision.

[procyon]

<quote user="niki49">
You're right. Goodbye forever!

Just for reference, here is the in-depth technical blogpost of the German security researcher who revealed all this:
hxxps://www.kuketz-blog.de/wot-addon-wie-ein-br ... ausspaeht/

You may need to use Google Translator:
hxxps://translate.google.com/translate?ie=UTF-8&u=https%3A%2F%2Fwww.kuketz-blog.de%2Fwot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht%2F&edit-text=
[/quote]

I am a little confused with this article. Not only because an old github release was used for tests but also the nonce is interpreted as sending confidential data. The goal is to have a unique (not already used number), so using several data to compose it before the hash is not abnormal. The more they are, better are chances to make it unique.

[geryoei]

<quote user="procyon">
I am a little confused with this article. Not only because an old github release was used for tests but also the nonce is interpreted as sending confidential data. The goal is to have a unique (not already used number), so using several data to compose it before the hash is not abnormal. The more they are, better are chances to make it unique.
[/quote]

The article describes very thoroughly how url history in a non-anonymized way is being stored and re-sold to 3rd parties. It is not only the fact, that your browsing behavior has been sold despite promises not doing so, it is about the security and privacy relevant information within those URLs that are critical.

Regards


G.OEI

[NotBuyingIt]

<quote user="niki49">



You're right. Goodbye forever!

Just for reference, here is the in-depth technical blogpost of the German security researcher who revealed all this:
hXXps://www.kuketz-blog.de/wot-addon-wie-ein-br ... ausspaeht/

You may need to use Google Translator:
hXXps://translate.google.com/translate?ie=UTF-8&u=https%3A%2F%2Fwww.kuketz-blog.de%2Fwot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht%2F&edit-text=
[/quote]

Users are reminded not to post live links in the forum. Change http to hxxp (as I have had to edit the quoted comment).