Page 3 of 5

RE: User update from WOT

Posted: Fri Nov 04, 2016 7:35 pm
by destinationtruth
Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.

RE: User update from WOT

Posted: Fri Nov 04, 2016 8:10 pm
by procyon
This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).

RE: User update from WOT

Posted: Fri Nov 04, 2016 9:10 pm
by destinationtruth
<quote user="procyon">
This add on doesn't seem to be up-to-date. Applications working with the WOT API only send domain names to api.mywot.com to get the json result for ratings. Also, frequency of visited sites can't be known, as they are supposed to use a cache system (a call to the API is only done when no rating is recorded in the local cache).
[/quote]

Thanks for the information!

RE: User update from WOT

Posted: Sat Nov 05, 2016 12:38 am
by Javelina
<quote user="site-rater">
Regarding the Wikipedia article, has it been proofread for NPOV, proper sources, etc?
Should one of the tags at en.wikipedia.org/wiki/Wikipedia:Current_event_templates be used on the article?
[/quote]

I have had enough experience on Wikipedia and with WOT to know that disgruntled website owners and outright spammers will often complain about WOT. This is a different situation.

German media has a different style than US media, and different priorities due to differences in perception of online privacy, as well as differences in the law. I tried to get some help on the article talk page so that I could confirm my understanding of the German language news articles, see here en.wikipedia.org/wiki/Talk:WOT_Services#NDR_Germany_investigation_of_privacy_concerns
I am FeralOink. The single response by an IP user, telling me that I was incorrect, was not at all helpful!

Here are my edits to the newly written "Privacy Concerns" section en.wikipedia.org/w/index.php?title=WOT_Services&action=history

Yes, I proofread the article for NPOV and proper sources. Heise is only so-so as an NPOV source, but NDR and online news sites (Spiegel and Taggeschau) are well regarded. The reporting is not technically detailed (to protect against further abuses according to NDR), so I can't do an approximate check on the claims about collecting a sample of 50 users or the extent of the inadequate anonymization. I am a statistician and know about protecting private health care data, so more details would be helpful.

It seems like NDR conducted a sting operation in order to find out whether browser use data was being resold, see here hxxp://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html That article was used as a reference in the Wikipedia article, along with this forensic blog post hxxp://www.kuketz-blog.de/wot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht/

Thank you for suggesting that I tag the article to indicate recency due to a still-developing current event. Good idea! Wikipedia editors shouldn't have any objection to that.

RE: User update from WOT

Posted: Sat Nov 05, 2016 12:51 am
by Javelina
<quote user="destinationtruth">
Curious how many German users were using the German wot add on :hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/?src=search

Not made by WoT.
[/quote]
You are correct. I see some familiar forum names in the comments for the plugin hxxps://addons.mozilla.org/en-US/firefox/addon/wot-scorecard-de/reviews/201631/ "This is an XML search bar plug-in for TB3.x This is restricted to German users as opposed to the multi-language plug-in available on WOT Wiki, originally authored by WOT user Creastery."

Sadly, that plugin is still listed by Mozilla whereas the real WOT plugin has been pulled by Mozilla for Firefox browser, redirecting here hxxps://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/

RE: User update from WOT

Posted: Sat Nov 05, 2016 12:54 am
by Javelina
<quote user="site-rater">
According to the update noted at hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332#c6 (right before WOT became closed-source) the add-on was modified to log every URL visited, and attempt to obfuscate it by applying Base64 encoding twice.

The commit for the Firefox add-on is at hxxps://github.com/mywot/firefox-xul/commit/0df107cae8ac18901bd665acace4b369c244a3f9
[/quote]
Is WOT closed source now?! When did this happen? I didn't realize.

RE: User update from WOT

Posted: Sat Nov 05, 2016 1:04 am
by Site-rater
<quote user="javelina">
Is WOT closed source now?! When did this happen? I didn't realize.
[/quote]

The latest updates are closed-source as far as I can tell; I have found no links to source code for any 2016 versions.
(edit: outdated GitHub repos are at https://github.com/mywot )

RE: User update from WOT

Posted: Sat Nov 05, 2016 6:37 pm
by procyon
Data are encrypted via double base 64 encoding:
&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).

RE: User update from WOT

Posted: Sun Nov 06, 2016 10:25 am
by geryoei
<quote user="procyon">
(...)
Data are encrypted via double base 64 encoding:

&nbsp;https://github.com/mywot/firefox-xul/blob/master/content/stats.js#L307

So they could be decoded from server side (opposite operation).
(...)
[/quote]

Thank you for the brief analysis.

I would like to add, that base 64 ENCODING is not ENCRYPTION (sic!).

Cryptographic security can only be achieved by using a known, secure cryptographic function and using a secure and private key. The security should not rely on the knowledge of used function but on the privacy of the key.

regards

G.OEI

RE: User update from WOT

Posted: Wed Nov 09, 2016 7:52 pm
by OvaisAlam
WOT Addon disabled.
I hope that you'll come up with a valid reason (ASAP) for selling the data.