Product Updates - March 2020

Post Reply
User avatar
MyWOT-Team
Posts: 683
Joined: Mon Nov 30, 2015 12:05 pm

Product Updates - March 2020

Post by MyWOT-Team » Mon Mar 30, 2020 5:14 pm

We are happy to announce some significant upgrades to our product.

In the next few days, we will be launching a series of significant upgrades to WOT’s algorithms and exciting new features for Android - including Wi-Fi and app scanning.
This upcoming launch will offer an innovative Machine Learning algorithm predictor which will determine the safety of websites and.
In addition, we have upgraded our Blacklist integration which will provide further details on blacklisted websites.

Blacklist:
We have reinstated our algorithm connection with some of our most trusted blacklist partners, and now users will receive updated information on harmful websites.
In the current version, the blacklist warning on a website appears under the scam, malware, and phishing categories.
As part of our product upgrade, WOT will show the users which website is on which blacklist - right on the site’s scorecard and on your extension.

Machine Learning (ML) Prediction Algorithm:
Today, millions of new websites (both safe and harmful) are created in a heartbeat, and every second thousand of safe and trusted websites can be turned malicious.

The idea behind our new ML algorithm is to create a self-learning predictor which is based on previously accumulated knowledge. By doing so, we create a safety prediction for Unknown (Grey websites without enough confidence) in order to color them as Safe (Green) or UnSafe (Red).

Some important details and notes:
The priority and focus of WOT’s algorithm was and will remain users’ ratings, reviews and trusted third-party black-lists. On top of these, we added the ML prediction as an extra layer of online safety.

WOT’s algorithm priority from now on is:
1. User rating and reviews/categories.
2. Third-Party BIack-lists.
3. ML Prediction.

This prioritization means that we still do not change colored sites (only the WOT community has the power to do so), and if a website earns enough confidence, the algorithm will choose users’ ratings and reviews over predictions.

Scorecard/Extension visibility:
We’ve added new text for sites that are colored by the algorithm -
“Estimated as Un/Trusted by WOT.”

What do we need from you?
1. Keep rating websites! This is our main source of knowledge to keep you safe.
2. Let us know of any problems you detect and for any unusual behavior of the WOT Algorithm
3. You can comment in this post to provide any feedback you like.

WOT - The Future of Safe Browsing.

spectre
Posts: 7921
Joined: Sun May 03, 2009 10:43 pm

Re: Product Updates

Post by spectre » Wed Jun 03, 2020 7:57 pm

MyWOT-Team wrote: ↑
Mon Mar 30, 2020 5:14 pm

Machine Learning (ML) Prediction Algorithm:
Today, millions of new websites (both safe and harmful) are created in a heartbeat, and every second thousand of safe and trusted websites can be turned malicious.

The idea behind our new ML algorithm is to create a self-learning predictor which is based on previously accumulated knowledge. By doing so, we create a safety prediction for Unknown (Grey websites without enough confidence) in order to color them as Safe (Green) or UnSafe (Red).
The 'predictor' is 'colouring' a lot of dangerous (Malware, Phishing, Hacking, Scam) sites as Safe (Green). I've not seen any 'Unknowns' coloured Red or a warning that they may be dangerous.
The 'predictor' is also showing 'considered safe by Wot' on scorecards where there are multiple reviews, not just 'Unknowns'.

Image

'Considered Safe by Wot', and no blacklist info.
See phishtank.com/phish_detail.php?phish_id=6595122 and
virustotal.com/gui/url/340a19f36b3839c5749ed7eec5b1bfa58c3b98f8157a2019fb05c0e4235aef70/detection
Previously Wot itself had no involvement in the calculation of site reputation. I have concerns about this tool.

Where does the "No.1 Website Security Service" title come from, did Wot win an award recently?

NotBuyingIt
Posts: 6537
Joined: Fri Mar 11, 2011 6:21 pm

Re: Product Updates

Post by NotBuyingIt » Fri Jun 05, 2020 1:07 pm

spectre wrote: ↑
Wed Jun 03, 2020 7:57 pm
The 'predictor' is 'colouring' a lot of dangerous (Malware, Phishing, Hacking, Scam) sites as Safe (Green). I've not seen any 'Unknowns' coloured Red or a warning that they may be dangerous.
The 'predictor' is also showing 'considered safe by Wot' on scorecards where there are multiple reviews, not just 'Unknowns'.

...

'Considered Safe by Wot', and no blacklist info.
See phishtank.com/phish_detail.php?phish_id=6595122 and
virustotal.com/gui/url/340a19f36b3839c5749ed7eec5b1bfa58c3b98f8157a2019fb05c0e4235aef70/detection
Previously Wot itself had no involvement in the calculation of site reputation. I have concerns about this tool.
The site billing-three.com, which WoT has falsely marked "Safe", had its domain status set to "clientHold" on 02-June-2020. The day before that, it was hosted at IP 111.90.142.125 on the Shinjiru Technology network in Malaysia, along with numerous other sites — some of them with suspicious names such as UK-TAX-GOV.COM and REBATES-HMRC.COM.

The WoT reputation system should not be pulling reputations out of thin air for any reason and certainly not simply to boost its ratings count.

NotBuyingIt
Posts: 6537
Joined: Fri Mar 11, 2011 6:21 pm

Re: Product Updates

Post by NotBuyingIt » Mon Jun 15, 2020 3:06 am

The sub-domain gov.hmrc.calculation-form.uk, which WoT has falsely marked "safe", hosts a phishing scam that spoofs the GOV.UK taxation site. See the incident reports about phishing at
https://www.phishtank.com/phish_detail.php?phish_id=6630029
https://www.phishtank.com/phish_detail.php?phish_id=6630064

That sub-domain's scorecard displayed no data until I rated it adversely. WoT's "safe" marking appeared almost immediately after I submitted my rating. This wasn't the first time which I encountered a false marking on a new, unrated site immediately after I rated it.

The WoT reputation system should not be pulling reputations out of thin air for any reason.

spectre
Posts: 7921
Joined: Sun May 03, 2009 10:43 pm

Re: Product Updates

Post by spectre » Mon Jun 15, 2020 5:30 pm

NotBuyingIt wrote: ↑
Mon Jun 15, 2020 3:06 am

The WoT reputation system should not be pulling reputations out of thin air for any reason.

I'm wondering if the add-on is determining safety based solely on SSL certificates. The only sites I'm seeing marked as dangerous have poor security. They're not on any blacklists, and sites with good security that are on blacklists are mostly 'considered as safe by Wot'.

gov.hmrc.calculation-form.uk - ssllabs.com/ssltest/analyze.html?d=gov.hmrc.calculation-form.uk

It's also ignoring users' input in regards to safety, yet they claim 'Real-time protection from real users'

Currently, if I were to rate Wot elsewhere I would be rating it as misleading & unreliable.
It certainly doesn't live up to these claims:

Image

BTW - I have the add-on installed, so shouldn't be seeing these excessive download links. One download link on a page is adequate, 6 or 7 is too many and ruins the layout of the scorecards!

Site-rater
Posts: 5820
Joined: Tue Sep 15, 2009 7:48 pm

Re: Product Updates

Post by Site-rater » Sat Jun 20, 2020 2:04 pm

My website has full HTTPS with HSTS and the scorecard hasn't rated it safe with no AI, yet it is rated 77% (would be higher if I didn't have to yank the domain from a previously poorly rated squatter).

Of curse HTTPS should not be used as a signal saying it's safe because there are two main ways to get free SSL:
1. Get a Let's Encrypt certificate (if you run the server or your host is compatible).
2. Get Cloudflare, who hands out SSL certificates like candy with zero regulations. You can even cheat it in if your main host doesn't support it.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests