Cool, thanks! I'll check it out. It's BitDefender, right? I've changed my router's DNS setting from my ISP's servers (which are the fastest for me) to Norton ConnectSafe for now.
It seems to slow Cyberfox and there is no icons next to Google Search Results, but I tested it at the AMTSO Phishing Test Page and it did pop up and block a "phishing attempt". Undecided for now.
How does TrafficLight work? Does it perform cloud queries and/or phone home other information? If so, what is sent?
From the Chrome version of their Privacy Policy (PDF): The site icon / annotations seems to only show up on the second page of search results on for some reason.
WoT was never good in the first place, I would come across various sites that had been marked as untrusted simply because someone didnt like the site's content.
I had to remove BD Trafficlight because I noticed a few times that I couldn't open the Cyberfox Menu from the hamburger button. ... NEXT?!
https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/reviews/ Now lets see if the developers have anything to say.
Well thanks for posting the link and quote, but what I really meant was: Have any users (and/or prospective users) here done some assessment of their own? For example, by examining traffic reported by their browser or another extension, by looking over the addon source, etc. To identify and verify specific things of importance (and which privacy policies often ignore or gloss over). Such as: Does it eliminate or at least reduce phone home by utilizing downloaded lists? Does it leverage hashing techniques or send actual browsing data to the cloud? Does it send just hostnames, or URLs sans query string, or full URLs to the cloud? Does it send any POSTed data to the cloud? Does it utilize internal whitelisting, filtering, or the like to avoid or reduce the collection of particularly sensitive information (personal info, financial transactions, health care reports, etc)? Are cloud queries accompanied by a cookie or GUID that ties the queries and exposed information together? Is there a social networking component that utilizes social platform APIs in a way that causes greater privacy issues? For example, does it gather viewing and/or sharing information that is not necessary for protective purposes? Is there analytics and/or error reporting that exposes more information?
No worries, mate. In fact, I feel pretty good about it. Someone momentarily overlooked the fact that I am like a broken record on the subject!
Good thing, that browsers/installers show, what extensions can do. I have only one, which can read history, search related, obviously. I might remove it.
LOL, I've always said that these kind of tools should not be blindly trusted, and I guess I was right again. I never liked these kind of tools anyway. But I do wonder how trustworthy certain extensions like for example ABP annd Ghostery are. Extensions are the perfect spying tools, besides the browser itself of course.
But what about network requests? When I was still using Google Chrome, I noticed in uMatrix that an addon (unfortunately I can't remember anymore which one - I think it was one to control referrers) contacted a specific website every time I opened a new website. Since I had uMatrix configured to block behind-the-scene requests by default, that other addon had no chance to spy my browsing data out. Unfortunately, in Chrome v. 47 there was a change in the chrome.webRequest API with the result that uMatrix (or uBlock Origin) was no longer able to monitor and control network requests of other addons. In other words: Not knowing what addons which are known to make cloud requests are doing exactly is bad enough. However, in Chrome you even cannot easily see if addons make network requests at all - and if you do you can't stop this behaviour. That's one important reason why I went back to Firefox: In this browser uMatrix (or uB0) is still able to monitor and block network requests by other addons. I sincerely hope that Mozilla won't change that, either.
Good to know. The last time i checked these requests, was long time ago and uMatrix was able to see them. I tried it today with Chrome, and uMatrix can't see request from other addons. Only it's own behind-the-scene-request. That's not nice
No I haven't but I think I'll give them all a miss for now and instead trust the malware lists in uBO and Norton ConnectSafe in my router, oh and my gut instinct. The story only mentions WoT by name but says there are others doing the same thing. Until we find out what the other extensions are I'll find it hard to trust any.
I did so, but last check was probably 2+ years ago. Few people posting to this thread probably know/remember the history. Time-wise, WebOfTrust emerged in the wake of the SiteAdvisor sellout. Prior to its acquision (and gutting) by McAfee(sp), SiteAdvisor had an active, vibrant user community. Many of the SA participants drifted, emigrated, to WOT ~~ we had high hopes, high spirits. One of the WOT principals (IIRC named "Timo") was a brilliant, capable, PhD-level programmer & expressed his commitment toward "getting it right" in terms of creating and maintaining an effective reputation system. Timo explained (correctly, IMO) that in order to avoid gaming, an effective "Reputation" system must consider both the reps of individual raters as well as the products (websites in this case). The WOT system would, we were told, permit anonymous participants to submit site reviews (textual, anecdotal, observations and opionion) but WOULD NOT "count" the numerical rating associated with any such anonymous review/report. POINT: from inception, if one opted-in by creating a mywot site login account... and installed browser extension in order to gain easy ability to submit ratings, CLEARLY one would be personally-identifiable ~~ at least to the extent of one's activity being associated with email address used (and confirmed, at time of registration)(which was not-so-common at the time) with mywot site account. On paper, in theory... everything sounded great. Oops, Timo's bidness partner set out and solicited investors; they hired a PR/Marketing person & set out on an "advertising spend" campaign and travelled to tech shows/conventions... ...with that new/paid wave of popularity came droves of CLUELESS new users, asinine "reviews" (dont hardly visit this site cuz it sux it got my cat pregnant!) as well as paid-to-slander review submissions. Apparently the WOT "business model", as pitched to investors, was that the service would be free to users & would be paid for by businesses/sites coughing up $$$ to have any less-than-glowing reviews adjudicated and/or removed. {rolleyes} POINT: The WOT principals apparently caved to "business interests" early in the game, now many years ago. Most of us SiteAdvisor raters/emigrants became disillusioned with WOT, and left, within the first year or two. For me, the camelback -breaking straw was observation that the user forum was being purged of any less-than-peachy posts. I wrote "observation"; what I meant was "first-hand" ~~ I witnessed removal of WOT posts I had written and discussion threads I had participated in. POINT: I'm surprised that it took this long, this many years, until public awareness (and outcry) caught up with WOT and bit them in the ass. No, and the realtime mechanism (vs periodically dl/ed blacklists) was touted as a beneficial design feature. "If a site becomes compromised, our users need to know right away..." I recall that their RESTful API used a ping.pong to retrieve a "nonce" via plain http, and... ...and regardless what else I correctly/incorrectly recall, my hands-on observations are now outdated. a "nonce" token (if you've setup a WOT site account, and a valid login cookie is present) Amid our privacy discussion, I'll reiterate the point tha "effectively maintaining a reputation system" demands this. I could (and early on, was comfortable doing so) enable the restartless WOT extension "as needed", in order to report a badsite... then clear cookies and/or disable the extension. Ultimately, I wound up removing the extension and just occasionally visited the mywot site to check rep for a given site. Still holds today, but was moreso a factor back in the day: hostname or domain -based blocking/rating is way too inaccurate and leaves us with a users, hosters, badbuys scenario of "lose-lose-win". Naw, I'm not gonna chase my tail maintaining blocklist(s) containing inexhaustible hostname permutations like "phentermine94a.ual.com.br", nor am I keen on outright blocking "blogspot.com" just because its free hosting continually breeds maggots... In the Google (and if you believe it is separate, Mozilla) safeBrowsing and antiphishing mechanisms, they are using hashing and periodically-downloaded blocklists -- but only as a first line of defense, right? Unless you change default prefs, Mozilla would have your browser calling out real-time, reporting to mothership what file/attachment you're downloading and querying "izzit SAFE?", right? Is there a social networking component? More worrisome question (to me) was: Are they (WOT) now providing openAuth services? "Hi. For your protection, and for your convenience, this site doesn't support user account login. You can login with Google | login with WOT | login with FaceTwit" ...or you can stand out in the cold.
Interesting read... while it's still there. https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible Also, a statement: https://www.mywot.com/en/forum/70476-user-update-from-wot
It sounds like the business model came to involve secondary use and sharing of the data they acquire. Do you remember hearing anything about that aspect? Have any personal thoughts as to when that may have started? In any form, I mean. Regardless of whether or not they consider[ed] it to be aggregated, anonymous, non-personal, etc.
