If you use the MyWOT (WOT, or Web Of Trust) extension for Google Chrome, Mozilla Firefox, and other internet browsers, there is a good chance that you your “very” personal information was sold off to third-parties. This includes your identification, the things you search for online, and the websites you visit. A recent investigation by German public broadcaster NDR revealed that MyWOT has been selling user information to third-parties without properly anonymizing it. In many cases, the user’s real identity and details about their browsing habits were exposed.
The German broadcaster’s reporters were able to get access to data samples that contained ten billion URLs WOT users had accessed. NDR reporters discovered information about police investigations, a judge’s sexual preferences, and user searches for drugs, prostitutes, and medical issues. This means that MYWOT has been selling your information to interested third-parties for quite some time and that the information sold to unknowns is cause for concern.
WOT claims to scramble user data in order to hide their identities; However, NDR reporters said it was very easy to identify clues in the URLs that connected the link with a username, email address, or name.
Following the report, WOT posted the following statement in their forum on November 2:
We take our users’ privacy rights very seriously, and for that reason we go to great lengths to anonymize and aggregate the data we collect to run our service, and we of course never license or disclose user registration information.
If there have been instances where any information was not adequately anonymized and protected, we will of course look into it and, where necessary, take measures to ensure adequate protection for our users. We appreciate the users who have contacted us and brought this to our attention.
We will continue to proudly protect our users from countless online threats as we have for the past decade.
This type of behavior from MYWOT comes as no surprise to the internet security and information community. In 2012 it was discovered that MYWOT had purchased fake Facebook likes and Twitter followers to boost their online reputation and we published an article about it (which has been removed). MYWOT employees, power-users, and co-founder Sami Tolvanen found the article and immediately started to retaliate. MYWOT employees, power-users, and Sami Tolvanen himself went as far as to publish my home address, the addresses of my neighbors, images of my house, and other personal information of mine in MYWOT comments and on third-party websites. In the industry this is known as “doxing.” Furthermore, within 30 minutes after we published the article our reputation on MYWOT went from 100% to below 50%.
This is just one example that proves how the MYWOT reputation and rating system is flawed and adds no value to anyone who uses it. Along with the current NDR report and the history of MYWOT it should be concluded that the MYWOT website and extensions are a malicious.