Web of Trust says it is investigating reselling of internet histories

The company behind the Web of Trust browser extension says it is investigating the resale of users’ internet history. This week, the German broadcaster NDR reported that the extension does not sufficiently anonymize data and sell it on to third parties.

A Web of Trust spokesperson says it will investigate and take action “if it appears that user data was insufficiently anonymized and protected,” writes the site Heise. In addition, the spokesperson points out that passing on anonymized data to third parties is mentioned in the terms of the extension and that the company never reveals user login details.

During the NDR’s investigation, it appeared that it was possible to identify different users on the basis of the Web of Trust data, for example with e-mail addresses and URLs. On Thursday, the NDR issued a new press release, which shows that the data of various German politicians can also be viewed. This concerns, for example, confidential data about agreements, internal affairs and personal information of politicians.

In addition, Mozilla volunteer Rob Wu published a post on GitHub examining the Web of Trust extension. During his research, he came across a source code component that allows Web of Trust to run arbitrary code on web pages. He reports that this allows the extension to steal banking information or install malware, but that this function has not yet been used.

He reported his finding on the Bugzilla platform. There is the discussion to remove the add-on completely. A Mozilla employee responded to Wu’s report saying that it is more common that “add-on code execution is possible, but generally not allowed.”

On Tuesday, the NDR presented the results of its investigation, which showed that Web of Trust and other undisclosed add-ons do not adequately anonymize users’ data and sell it on to third parties. Researchers got their hands on the data by posing as a ‘big data’ company.