A browser add-on designed to keep you secure online has been pulled after an investigation found that it wasn’t so safe and secure after all.
Web of Trust described its add-on, which shares the company’s name, as one that allows users to check if the websites they visit would respect their privacy and collect the minimum amount of data about them. However, an investigation by German broadcaster NDR discovered that the company was selling user data to third parties without fully anonymizing it.
NDR said it was able to identify some key traits about users from this data, including browsing history and even sexual preferences and health conditions.
The investigation found that the add-on gathers a considerable amount of data about its users, whether it’s the sites they visit, search terms, devices they’re using, location, or files they’re sharing. It claimed that Web of Trust was selling this info on to third-party marketing and ad agencies for the purpose of facilitating targeted advertising.
NDR obtained some of this data, which it said was not anonymized and left users “naked on the net,” as it was quite easy to pinpoint the users’ identities. Some of these users included judges, police officers, and journalists.
Johannes Caspar, Hamburg’s data protection commissioner, added that Web of Trust would need full permission from users to carry out this kind of data transfer.
In a statement, Web of Trust said that the matter was “unacceptable” but went on to say that it does indeed anonymize data, and that NDR’s investigation pertained to a “very small number of WOT users.”
“Of course, if the data allows the identification of even a small number of WOT users, we consider that unacceptable, and will be taking immediate measures to address this matter urgently as part of a full security assessment and review,” the company said.
- This huge password manager exploit may never get fixed
- Ranking all 12 versions of Windows, from worst to best
- Hackers dug deep in the massive LastPass security breach
- If you use PayPal, your personal data may have been compromised
- Hackers stole $1.5 million using credit card data bought on the dark web