Web of Trust 20170120 and lower has been blocked for your protection.

MiahX
Posts: 10
Joined: Wed Jan 25, 2017 3:44 pm

Web of Trust 20170120 and lower has been blocked for your protection.

Post by MiahX » Wed Jan 25, 2017 3:44 pm

hxxps://blocked.cdn.mozilla.net/i1523.html


Web of Trust 20170120 and lower has been blocked for your protection.

Why was it blocked?
Versions 20170120 and lower of the Web of Trust add-on send excessive user data to its service, which has been reportedly shared with third parties without sufficient sanitization. These versions are also affected by a vulnerability that could lead to unwanted remote code execution.
Who is affected?
All Firefox users who have these versions of the Web of Trust add-on installed.
What does this mean?

The problematic add-on or plugin will be automatically disabled and no longer usable.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.

Blocked on Jan 24, 2017. View block request.

stws
Posts: 2
Joined: Wed Jan 25, 2017 4:40 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by stws » Wed Jan 25, 2017 4:40 pm

Yes and why is only Chrome WOT plugin now available, are WOT working to restoring trust again in it's other browser plugins like firefox?

https://www.mywot.com/en/forum/73280-web-of-trust-for-firefox-question

MiahX
Posts: 10
Joined: Wed Jan 25, 2017 3:44 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by MiahX » Wed Jan 25, 2017 5:15 pm

More info (scroll down): hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332

Cedders
Posts: 45
Joined: Tue Jan 29, 2013 1:36 pm

RE: add-on privacy and Web of Trust blocked by FF

Post by Cedders » Wed Jan 25, 2017 6:28 pm

I'm very sad and disappointed that Mozilla have had to block the add-on: hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332#c9. It was a convenient way to look up and contribute domain ratings, but appears to have become a major privacy risk since 2015.This is a summary of how data was shared and not properly anonymised: hxxp://thehackernews.com/2016/11/web-of-trust-addon.html

Whoever now operates MyWOT (no longer Sami?) has put out some a sensible-sounding statement of intent at https://www.mywot.com/en/forum/70818-to-the-wot-community and then something that rather missed the point at https://www.mywot.com/en/blog/were-back.

I'm not sure how effective the new opt-out is of preventing storage and sharing of data, but one action was to be 'Reviewing our privacy policy to determine which changes need to be made in order to enhance and ensure that our users privacy rights are properly addressed'. Instead the policy has silently been relaxed.

The Terms of Service used to say "We are committed to the protection of privacy of our users, therefore we handle and store user data solely for the purpose of: (i) providing and enabling the Service; or (ii) Registration." and that has been changed to a privacy policy that "We are committed to the protection of the privacy of our users, and therefore we collect, use and store user data solely for the purposes, and in accordance with the terms, set forth in our Privacy Policy [available at: https://www.mywot.com/en/privacy]."

The privacy policy itself has been changed from:
When you download the Software for the first time, WOT automatically creates a random (anonymous) identifier for you. While using the Software it sends information about the identifier, the date and time of the request and the host name for each site you visit to WOT servers for the purpose of identifying the visited web sites and retrieving the corresponding rating information. This information will be stored only temporarily and will be erased after a month.
...
WOT will not disclose any user-originated personal information to any third parties without consent from you, with the exception of affiliated companies and WOT’s cooperation partners to the extent necessary to provide the service.
...
In case of substantial changes, WOT shall notify all its users by email or via notice on the Website
to
When you install and use the WOT app or WOT extension, we also automatically collect information from you related to your use of the WOT Services and your web browsing activity. This information may include, without limitation, the following:

From WOT desktop/mobile extension and desktop app - Internet Protocol Address; device type; operating system and browser; web pages visited and time stamp of the visit; automatically-generated GUID and WOT user ID.

Your Non-Personal Information may be included as part of data products that we license to certain businesses for research, analytics and related purposes. This is done in order to support our operations and enable us to provide the WOT Solutions free of charge. Such data products will only include Non-Personal Information, and will not be licensed or shared with any third parties for the purposes of direct marketing or for any purpose involving the tracking, identifying or targeting of individual users. NOTE: WOT users may opt-out of the sharing of data collected from their use of our apps or extensions at any time by opening the WOT app or extension, going to the menu and changing the “Real-time Protection” option to “Off”.
We were not warned about either the disclosure by the add-on of full URLs, nor the sharing of data with third-parties.

Had I known full URL was going to be sent, I would never have used the extension. Presumably this patch was a mistake in 2015 and the privacy policy was not updated. In both UK and EU law, it is significant that web addresses are only metadata up to the first single slash.

Personal data as defined by the EU may well include MyWot IDs when these can be linked to other identifiable data (which can include IP address see eg hxxp://arstechnica.co.uk/tech-policy/2016/10/eu-dynamic-static-ip-personal-data/ ), so the privacy policy may now be inconsistent with law.

The FAQ still says:
Your privacy is very important to us. WOT collects information only for computing website ratings, performing statistical analysis and preventing abuse of our service. Any information that is no longer needed for these purposes is deleted. When loading reputations for the websites you visit, the software sends our service only the encrypted hostname and any ratings you may choose to give. The information about domains visited is stored only temporarily for computing ratings. Your IP address is never stored in our database.
I've been recommending MyWOT both to friends and strangers. I will now only use it as part of abuse reporting rather than my ordinary browser. It seems to me that the way forward is (a) an apology for the major privacy breach; (b) transparency both about what happened to the add-on and the organisation; (c) possibly a different funding model; (d) returning to the domain-only mechanism (we don't expect it to rate individual Twitface accounts which should be done by those large sites) and amending the privacy policy again; (e) deleting any data held without explicit informed consent (automatically, without having to write to support@mywot.com).

MiahX
Posts: 10
Joined: Wed Jan 25, 2017 3:44 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by MiahX » Thu Jan 26, 2017 4:34 pm

I find it telling that the links I posted above were clickable yesterday, but aren't today.

spectre
Posts: 7922
Joined: Sun May 03, 2009 10:43 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by spectre » Thu Jan 26, 2017 4:38 pm

<quote user="miahx">
I find it telling that the links I posted above were clickable yesterday, but aren't today.
[/quote]

Live links outside of Wot are not permitted in forum posts.
Please see https://www.mywot.com/en/guidelines/forum-guidelines

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by Dutch Mountain » Fri Jan 27, 2017 7:30 am

<quote user="miahx">
More info (scroll down): hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1314332
[/quote]

Dear MiahX :
I assume you're somehow involved with Mozilla ( Firefox ).

To me it seems that all of you stepped in a trap with your eyes wide open.

To explain what I mean I suggest you first read my blog about what's happening with WOT.
Link ( disabled with hxxp ) : hxxp://peterswebsafety.com/spams-scams-news-blog

And as an addition my thoughts I didn't want to publish in my blog, but OTOH I'm doing now bcoz it serves a good case..............

========================================

Addition :
Germany is our neighbor country and I have friends there.
But in its culture the Germans are different than us.
We in Holland lean more to the culture of the UK, Scandinavia and Ireland.
Going to these countries feels like coming home for us.
And that implies that news spreading in Germany ( TV, newspapers internet and radio ) is also different. A lot of news in Gemany is based on sensation, the worst example is the paper "Bild". Awful and far from reality. *That paper has cost our economy billions in the EHEC scandal, which later appeared to be a domestic German problem, caused by taugeh produced near Hamburg........
Knowing that Germany is an excellent country to set up a dirty plan. Once something is published there, it "explodes" in no time. Typical German......
I smell a conspiracy against WOT.
Cybercrime is big business and even some dodgy countries earn money with that. And WOT is succesful, has become big and mighty ( with > 150 million downloads ) and has made enemies. "We're standing in their way". I am thinking that the danger should come from the cybercrime world. And that can be everything, from spammers, scammers and hackers to even dodgy countries like North Korea, Vietnam, Kazachstan, Iran, Ukrain or whatever. You name it.

Now suppose you want to ruin a company ?
For that you need to reduce or block the money revenues and damage the reputation of a company. And that exactly is happening, WOT as a company seems to be in liquidation under the wings of a lawyers office and the community is attacked on it's weakest spot, Germany.
Why is it that no other country reports the same problems ?
This case stinks.

BTW : I'm still running WOT on Firefox, it's still active though removed from the FF addon list.

If my theory is right you ( at Mozilla ) also stepped in the trap.

I hope you understand that "between the lines" in my blog you can read more.

We the members are worried about the situation. / And what can we do ?
I think nothing, to be honest.

===============================

Comment of a befriended member in the USA I,ve contacted ( and my answers added ) :
cite >>MyWOT needs a business model of some sort, and quickly.<<
Absolutely right. The present situation is misty.
cite >>If MyWOT were to state who they were, that would help greatly. At the moment, we are trusting an unknown entity, TOW Software Oy. That is a poor business practice, to refuse to identify who owns and runs the company, other than a law firm. It tends to foster uncertainty, doubt and fear.<<
Also agreed. But they won't tell us for whatever reason.
cite >>So, Peter, my guess is that there are fears simmering among a few MyWOT members that somehow evil elements have infiltrated MyWOT. I doubt that any of it is true.>>
Agreed. Though the world stinks in a way. I have seen "House of Cards" and "Homeland" on TV and I wasn't surprised, that really happens ( and worse ).

========================================

So MiahX : I suggest you and your fellow Mozilla members reconsider what you're doing now.
You've made yourself a tool of the WOT enemies !!!!!!!!!!




NotBuyingIt
Posts: 6563
Joined: Fri Mar 11, 2011 6:21 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by NotBuyingIt » Fri Jan 27, 2017 6:18 pm

<quote user="dutch mountain">
So MiahX : I suggest you and your fellow Mozilla members reconsider what you're doing now.
You've made yourself a tool of the WOT enemies !!!!!!!!!!

[/quote]
I don't think that's the case because this thread's original post is simply a quotation of the advisories that over a million half a million WOT users received from Firefox. Several other users posted the same quotations in other forum threads ([url=https://www.mywot.com/forum/73010-please-fix-wot-for-firefox#comment-357650 t=_self]example[/url]).

To help answer another user's question, [url=https://www.mywot.com/user/7909096 t=_self]the original poster[/url] (OP) posted a second comment that pointed to a remark by the "WOT Team"; I had quoted from the same remark [url=https://www.mywot.com/forum/73010-please-fix-wot-for-firefox#comment-357564 t=_self]in another thread[/url].

I have read some unfairly derogatory remarks about WOT, apparently posted by trolls or enemies, but not in this thread.
&nbsp;

@all,
[url=https://www.mywot.com/user/7197704 t=_self]MyWOT Team[/url] posted a response about the Firefox "block" at
https://www.mywot.com/en/forum/73010-please-fix-wot-for-firefox#comment-357652
&nbsp;

Dutch Mountain
Posts: 2801
Joined: Wed May 12, 2010 5:20 pm

RE: Web of Trust 20170120 and lower has been blocked for your pr

Post by Dutch Mountain » Fri Jan 27, 2017 9:26 pm

<quote user="notbuyingit">
I don't think that's the case because this thread's original post is simply a quotation of the advisories that over a million WOT users received from Firefox.
[/quote]

Quotation or not.......whatever.
My post in this thread was meant as a wake up call to them ( at Mozilla ).
I try to see connections, there's more going on "behind the screens" than what 's published.
What are the underlying causes ?
And what's actually happening ?


NotBuyingIt
Posts: 6563
Joined: Fri Mar 11, 2011 6:21 pm

RE: Web of Trust 20170120 and lower has been blocked …

Post by NotBuyingIt » Sat Jan 28, 2017 12:31 am

<quote user="dutch mountain">
My post in this thread was meant as a wake up call to them ( at Mozilla ).
I try to see connections, there's more going on "behind the screens" than what 's published.
[/quote]
We know that Mozilla fans and community members —including those who are also WOT community members — have meant "wake up calls" to WOT without going behind the scene. See, for example,
https://bugzilla.mozilla.org/show_bug.cgi?id=1102532

… but yes, there was probably some "sour grapes" because WOT fixed the Chrome version of its browser add-on ahead of the Mozilla version for Firefox.

I can easily think of five issues that any fix for Firefox needs to address:

[*]1.) The Privacy Policy associated with the add-on much be ethical and accurate. (The most recent revision of the policy may be acceptable to Mozilla since Google Chrome accepts it.)
[*]2.) The add-on must meet Mozilla's new requirements for add-ons and in particular, its "Electrolysis".
[*]3.) The add-on must not have excessive execution privileges.
[*]4.) The add-on must not transmit or process more personal data than necessary.
[*]5.) The add-on must implement effective measures to securely transmit, process and store data.
&nbsp;

Post Reply

Who is online

Users browsing this forum: bookarmsa and 3 guests