Web of Trust services have been compromised.

As a result of an investigation by journalists from the German public broadcaster NDR, it turned out that the Web of Trust service was selling the collected data about its users to third parties. What is Web of Trust? Faced with a site that you don’t know, you risk losing your personal data, finances, or you may accidentally become a victim of malicious software distributed from such a site. To prevent such a situation, you can use any existing rating sites that even before going to an unknown page will tell you whether you can trust it.

Web of Trust ratings (literally - “trust network”) are based on the opinions of many users about a specific resource (exaggerating, can be explained as follows: the red rating reports that the resource is extremely dangerous, green - that the resource is useful, the yellow rating - with a resource that Something not right, low-popular or new sites are indicated by a transparent icon).

The simplest example of use: it is enough for your elderly parents to explain that you can only go to sites with a green rating, and the problems with their computer on your head will fall much less.

What happened to the Web of Trust? According to the informationfrom Svea Eckert, Jasmin Klofta and Jan Lukas Strozyk, journalists through a front company, supposedly specializing in processing Big Data, were able to access data from three million site visits by German users. As it turned out, the data was collected using Web of Trust. The information was provided to a front company as a free trial sample - in fact, much more is available. According to the materials received, journalists were able to deanonimize about 50 people (diseases, sexual preferences, information about police investigations and drug use are mentioned as disclosed data).

Information about the sale of Web of Trust data was published on German-speaking resources as early as November 1, but the response of the Web of Trust spokesman appeared only on November 3: Web of Trust has promised to take measures to protect its users if there have been instances of the transfer of non-anonymous information. At the same time, the press secretary emphasized that the transfer of anonymous information about the Web of Trust user to third parties was mentioned in the user agreement :

"It can be made up of the use of the WOT Utilities (" Non-Personal Information "). Non-Personal Information is collected. ”.

For the sake of interest, let us turn to the official Russian-language version of the agreement (although it is clearly reduced): “WOT Services can save impersonal statistical information (containing no personal information),” there is no mention of the possibility of passing this information to third parties.


In conclusion, you can read an article in German about what the Web of Trust plugin sends to its servers. Its author does not recommend using Adblock Plus with Ghostery ( accusations against Ghostery are frequent ) and says that many extensions from the Google Chrome directory may collect information about you.

What is the result? At the moment, Web of Trust extensions are not available in the Mozilla and Google Chrome directories, and the Web of Trust application has been removed from the Play Market. Users are advised to manually remove Web of Trust add-ons from their browsers.

Update : when analyzing an add-on in its code, a backdoor was discovered that allows you to download a malicious script running with add-on rights .

PSI used the Web of Trust for the last seven years (in the process of writing this article in my head I even had an idea to put a negative rating on their site and write a corresponding comment).

Alternatively, you can use similar services from antivirus vendors, for example, McAfee , Norton or Avast (I haven't used it myself yet, I can't recommend anything). In the comments, you can share your experience of using web-rated extensions.