Web of Trust, Downloaded 140M Times, Pulled From Extension Stores After Revelations That It Sells Users' Data (theregister.co.uk)

← Back to Stories (view on slashdot.org)

Web of Trust, Downloaded 140M Times, Pulled From Extension Stores After Revelations That It Sells Users' Data (theregister.co.uk)

Posted by msmash on Tuesday November 8, 2016 @07:20AM from the shoo-away dept.

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.

115 comments

Min score:

Reason:

Sort:

No big deal by Jack9 · 2016-11-08 07:24 · Score: 2, Insightful

It was in their terms of service. It's common and benign (most sites do it to some extent without explicitly stating that). I don't understand what else you could imagine the business model was or why this would be surprising.

--

Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
1. Re:No big deal by Anonymous Coward · 2016-11-08 07:40 · Score: 1
  
  But...but it was called "Web of Trust"! I trusted it!
2. Re:No big deal by Anonymous Coward · 2016-11-08 07:47 · Score: 0
  
  Obviously it is a big deal if people didn't realize that was happening.
3. Re: No big deal by xxxJonBoyxxx · 2016-11-08 07:48 · Score: 4, Insightful
  
  That's why people pick deceptive names for nasty stuff. For example, "Affordable Care Act" or "Patriot Act"
4. Re:No big deal by Anonymous Coward · 2016-11-08 07:54 · Score: 0
  
  And yet you people are so quick to jump at Microsoft for doing something similar in Windows 10, but it's even better than this because telemetry is not your god damn browsing history, but just what you use, when and how often.
5. Re:No big deal by Nadella+Onions · 2016-11-08 08:01 · Score: 1
  
  who says it's benign? ask a cat if swallowing a canary is benign, see what it says. there are so many astroturfers around........but just it's your world too jack, you too have to live in what you help create.
6. Re: No big deal by Anonymous Coward · 2016-11-08 08:05 · Score: 2, Insightful
  
  Or "Telemetry", "Genuine Advantage", "User Experience", "Digital Rights Management", and specially "Privacy Policy".
7. Re:No big deal by EvilSS · 2016-11-08 08:10 · Score: 1
  
  Normally I would agree. Collecting aggregated, anonymous data, and informing the users of such, isn't always a big deal. But in this case it sounds like the data most certainly wasn't anonymous enough since the reporters were able to identify individual users from the data they acquired. That is a big deal.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
8. Re:No big deal by Anonymous Coward · 2016-11-08 08:24 · Score: 0
  
  Lots of things are happening that you don't realize, like what Natalie Portman is doing right now. If you didn't bother to read what was made explicitly available, it's still not a big deal.
9. Re:No big deal by omnichad · 2016-11-08 08:42 · Score: 1
  
  meow?
10. Re:No big deal by Jack9 · 2016-11-08 08:51 · Score: 1
  
  People have a reasonable choice to not use WOT (regardless of the stores pulling it or not). I didn't have to read the TOS (this isn't a new method or even scheme for data monetization). In this way, it's similar to finding a hilt-less blade. I chose not to possibly hurt myself by using with it because I've seen it before (yahoo toolbar anyone?).
  Apple, Google, Oracle, IBM, this is basic digital advertising 101 stuff. They all have some api to read your cookie and pull your information via api, you just don't know what that API is (it tends to change when it gets exposed improperly).
  
  --
  
  Often wrong but never in doubt.
  I am Jack9.
  Everyone knows me.
11. Re:No big deal by Nadella+Onions · 2016-11-08 09:04 · Score: 1
  
  fair enough jack.......but still, that doesn't mean it is benign.
12. Re:No big deal by Anonymous Coward · 2016-11-08 09:07 · Score: 1
  
  Lots of things are happening that you don't realize, like what Natalie Portman is doing right now.
  Natalie is currently sucking my dick while I read Slashdot. Why is that your fucking business?
  -Benjamin Millepied
13. Re: No big deal by Anonymous Coward · 2016-11-08 12:52 · Score: 0
  
  and specially "Privacy Policy".
  I'm not sure what's so confusing about a policy that provides you with no privacy.
14. Re: No big deal by Anonymous Coward · 2016-11-08 19:46 · Score: 0
  
  Suzuki Swift, Pontiac Trans Sport, Chevy Sprint, Pontiac Le Mans.
Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 07:26 · Score: 0, Insightful

Yet again. You need to start _PAYING_ for your software. This will happen again and again. Start paying your developers, people ! If you don't, then they're going to find another way to get paid, and you probably won't like it.
1. Re:Free Software Business Model Fail.. by chipschap · 2016-11-08 07:36 · Score: 4, Insightful
  
  We paid Microsoft for Windows 7 and 8 and they still backported all their telemetry. Unfortunately paying for software is no guarantee of anything.
2. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 07:37 · Score: 0
  
  So if I pay for Windows 10, I won't be tracked? /s
3. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 07:37 · Score: 0
  
  Because that worked out so well for Microsoft products where they take your money at the computer purchase, then they still sell your data.
4. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 07:48 · Score: 0
  
  You're exploitable either way. There's a cash grab either way. Paying for your cable doesn't do fuck-all about injecting commercials. Stop pretending there's any sense of exchange or obligation; anything they can do they will do, and until that changes (I would like it to) so should you.
  
  The concept of you paying me for something I wrote is incongruent. Paying me for it when I'm six feet under is incongruent and impossible.
5. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-08 07:52 · Score: 1
  
  No guarantee, but it lowers the chances from 100%. If you're getting something for free, YOU are the commodity. I cannot believe that people don't get this still.
6. Re:Free Software Business Model Fail.. by Nutria · 2016-11-08 07:57 · Score: 1
  
  No guarantee, but it lowers the chances from 100%.
  Whatever evidence do you have for that assertion?
  
  --
  "I don't know, therefore Aliens" Wafflebox1
7. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 08:35 · Score: 0
  
  capitalism+business+math? We call it the real world. Spending on alternate revenue streams over the core is less preferable (or it would be the core, as it is with free products in general) reducing the effort and duration of data collection schemes.
8. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-08 08:35 · Score: 1
  
  Simple logic? If I have a "free" service that it costs me money to maintain, I must somehow make it profitable despite not getting money from end users or I go bankrupt. Which generally means ads (monetizing the end users for views and clicks) or selling telemetry to interested buyers. If I sell software for a profit up front, or a fee I don't necessarily need to sell anything to keep the lights on. Examples - Blizzard and World of Warcraft, Salesforce.com, many game companies, AV companies, etc. If it was discovered that Salesforce.com was selling anything on its users to 3rd parties there'd be a massive shitstorm that could put the company under. Companies are already cagey enough about having that sort of critical data in a 'trusted" 3rd party's hands to begin with.
9. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 09:11 · Score: 0
  
  There are thousands and thousands of examples of "free things" that are privately funded by donations and don't exploit end users. You're high as fuck.
10. Re:Free Software Business Model Fail.. by Raenex · 2016-11-08 09:15 · Score: 1
  
  No guarantee, but it lowers the chances from 100%. If you're getting something for free, YOU are the commodity.
  So where's your evidence that Debian is selling out its users?
11. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-08 09:23 · Score: 1
  
  That's the great thing about fools making absolute statements: You only have to find a single counterexample :)
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
12. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-08 10:46 · Score: 1
  
  I'm talking about for-profit companies, not foundations.
  Jesus.
13. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-08 10:54 · Score: 2
  
  That's the great thing about arguing on the internet, you can twist someone's original statement to make yourself look clever. As I mentioned elsewhere I was talking about companies, not foundations or OSS projects. That said, being a foundation didn't stop Mozilla from selling default search engine placement to Google for a billion dollars over 3 years, now did it? Some may make the argument that would constitute them "selling out their users".
14. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 11:23 · Score: 0
  
  Some may make the argument that would constitute them "selling out their users".
  Why would they make that argument? What difference does a default make?
15. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-08 11:30 · Score: 1
  
  Examples? If there are "thousands" surely it would be pretty easy to rattle off a few well known ones. Ubuntu? Oh wait.. Mozilla? Nope, they love that Google money way too much. MySQL AB, oh maybe not... Google? Facebook? Twitter? (favorite webmail service) ? (favorite hosting service) ?
  If you're talking about GPL projects or similar then yes. WOT was NEVER that. Quit being a dick.
16. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-08 11:31 · Score: 1
  
  Yet again. You need to start _PAYING_ for your software.
  
  As I mentioned elsewhere I was talking about companies, not foundations or OSS projects.
  Red Hat. You don't pay them for their software; you pay them for support. And they're an open-source company, not a foundation.
  Whoops, no longer 100%.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
17. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-08 11:34 · Score: 1
  
  As I mentioned elsewhere I was talking about companies, not foundations or OSS projects.
  Umm...aren't you kind of setting up a tautology here? What sort of company sets out to not make any money? By definition that's a nonprofit organization or charity. Privately-held companies whose owners just don't give a shit? The rest have to worry about the shareholders.
  So yes, if you only count the group that axiomatically needs to make money, that group needs to make money. Congratulations.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
18. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-08 11:37 · Score: 1
  
  Ubuntu is indeed an example. It was initially funded by Mark Shuttleworth's private fortune, and they don't sell software as far as I'm aware. I would assume they're like Red Hat and probably sell support contracts, but you explicitly said "pay for your software."
  Mozilla doesn't sell their software either, mister words lawyer.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
19. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 11:42 · Score: 0
  
  GPL = among the thousands, you answered your own questions before you specified contrary criteria, cocksucker.
20. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 11:49 · Score: 0
  
  But Microsoft backports all sorts of useful stuff to previous versions of windows all the time, just look at DirectX.......
21. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-08 12:13 · Score: 1
  
  That's the great thing about arguing on the internet, you can twist someone's original statement
  When you make blanket statements without properly qualifying them, people finding counterexamples is basically the only way to disagree with you.
  
  As I mentioned elsewhere I was talking about companies, not foundations or OSS projects.
  After rereading your (assuming you're also that AC) initial statement, I'm not sure why you're making this distinction...except perhaps for the part where not doing so means you're trivially wrong.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
22. Re:Free Software Business Model Fail.. by Anonymous Coward · 2016-11-08 16:45 · Score: 0
  
  What difference does a default make?
  About a billion dollars over three years, apparently. Weren't you paying attention?
23. Re:Free Software Business Model Fail.. by barc0001 · 2016-11-09 04:06 · Score: 1
  
  > So yes, if you only count the group that axiomatically needs to make money, that group needs to make money
  That's the group I was talking about yes. I forgot that /. is packed to the gills with pedants who take a general piece of advice and look for every possible exception to start an argument. All I was warning people about is if some company is giving you a product or service, don't be surprised when it turns out that they're doing something extremely shady with your usage of it to make a buck.
24. Re:Free Software Business Model Fail.. by TangoMargarine · 2016-11-09 04:12 · Score: 1
  
  I'm not surprised, but you're the one busting out "100%" lines.
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
25. Re:Free Software Business Model Fail.. by Raenex · 2016-11-09 06:36 · Score: 1
  
  I'm talking about for-profit companies, not foundations.
  Jesus.
  You made no such distinction in your comment, and neither did the AC who started this who insisted we needed to start paying for software. In a world with open source software to cover practically every basic need in computing, your statement on its face was dumb. That's your fault for using terms like "100%" and not considering the obvious counter-examples.
  You also haven't considered the "freemium" model, where the base package is given away for free and premiums are sold on top of it.
26. Re:Free Software Business Model Fail.. by Nutria · 2016-11-10 02:46 · Score: 1
  
  Simple logic? If I have a "free" service that it costs me money to maintain, I must somehow make it profitable
  That's not answering my question.
  
  If I sell software for a profit up front, or a fee I don't necessarily need to sell anything to keep the lights on.
  Shit. Even in this election season, that's the dumbest thing I've read this month.
  Why? Because the purpose of business (especially a publicly traded one) is to make lots of money, not just "keep the lights on."
  
  If it was discovered that Salesforce.com was selling anything on its users to 3rd parties there'd be a massive shitstorm that could put the company under.
  If it was explicit in the EUA/TOS that they could do it, there would be a bit of a storm, but not much.
  
  Companies are already cagey enough about having that sort of critical data in a 'trusted" 3rd party's hands to begin with.
  Stop smoking so much dope. Or believing in fairy tales.
  If businesses really cared about that kind of thing, then hosted services wouldn't be so popular.
  
  --
  "I don't know, therefore Aliens" Wafflebox1
Author/Publisher by Anonymous Coward · 2016-11-08 07:30 · Score: 0

Who is the author and developer of that extension? I smell Mossad.
1. Re:Author/Publisher by Chmarr · 2016-11-08 09:56 · Score: 1
  
  It's probably something lodged up your nose. See your doctor.
Lawsuit? by ilsaloving · 2016-11-08 07:31 · Score: 2, Insightful

Is a class action lawsuit available in such cases? While I can understand that they need to make money, siphoning full browser histories is sketchy. Failing to properly anonymize the data is criminal negligence that can put people at risk of all sorts of things, the least of which being spam and identify theft.
1. Re:Lawsuit? by Anonymous Coward · 2016-11-08 08:32 · Score: 0
  
  No. The Web of Trust is about what websites are safe (for their metric of safety) not about anonymizing your visits. This smacks of some kid mad that he bought a bag of chips and over half of it was air and wants the company shut down because he can't even!
  > https://www.mywot.com/en/terms
  How this got modded insightful is beyond me. It's ignorant.
2. Re:Lawsuit? by slack_justyb · 2016-11-08 09:17 · Score: 1
  
  No.
  The details would easily be a multi-page article in of itself, but the short answer is that the legal system is nowhere near a point where any of this could be called "criminal negligence". Just to give you a jumping off point, in the spectrum of culpability there needs to exist a legally defined "reasonable expectation", currently in the realm of your personal information, there's next to nothing in the form of what is legally the minimum a reasonable person would do to protect it. In fact, your personal information isn't really viewed as something that needs protection. Getting on the Internet is basically, expect zero privacy while on it, as far a legality goes.
  The why and how to change it, I'm sure someone could write a book on.
Ok guys by Anonymous Coward · 2016-11-08 07:31 · Score: 0

Now what did we all learn this time? That's right, no extension is a good extension if you can't validate the code yourself.
Addons mean not trusted by WillAffleckUW · 2016-11-08 07:34 · Score: 1

Seriously folks, don't do addons.
You can only trust the trusted. Not stuff that runs on them.

--
-- Tigger warning: This post may contain tiggers! --
1. Re:Addons mean not trusted by Anonymous Coward · 2016-11-08 09:15 · Score: 0
  
  Maybe someone should write an addon that checks addons for trustworthyness (and then sell the data they gathered from that.)
2. Re: Addons mean not trusted by Anonymous Coward · 2016-11-09 06:47 · Score: 0
  
  Then we will need an addon to check the addon checker. And an addon to check the checker for the addon check checker. I heard you like add ons!!!
  It's addons all the way down boys.
Remember this rule of thumb by tkrotchko · 2016-11-08 07:34 · Score: 2

Everybody always says the opposite of what they mean.
If they call themselves the "web of trust", then it means exactly the opposite.
Real blockers like uBlock Origin don't try so hard to convince you of what they're doing.

--
You were mistaken. Which is odd, since memory shouldn't be a problem for you
1. Re:Remember this rule of thumb by Nadella+Onions · 2016-11-08 08:33 · Score: 1
  
  doublespeak and big brother are the reality in this age, as well as paid liars posting fake comments and content. but spying cuts both ways, at the end of the day no one has exclusive technology. there is no reason for there to be any back room politics anymore, no more secret meetings and secret deals. the old question used to be "who watches the watchers?" the answer has become clear, "the watched watch the watchers". eventually all this spying capability will be used against those doing the spying.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 07:37 · Score: 0, Flamebait

APK is a big ol' dick, as big as a dick can be,
He's got a purple helmet and wrinkled shaft,
And he pierces anuses for free!
Known this for some time: with proof. by Chmarr · 2016-11-08 07:42 · Score: 4, Interesting

I found this very thing out as a result of a email-based survey I'd sent to about 500 people. Here's a copy of the email I'd sent out to those affected:
-----
tl;dr version:
* The “Web of Trust” plugin is highly likely to be sending your browsing history, after it reaches the Web of Trust servers, to advertising companies.
* It’s likely that they’re _not_ sending personal details, but simply the list of URLs that you visit. This includes “private” urls such as what you received for the survey, but could also include things like the URLs you send when you share files via Dropbox, Hipchat, etc.
* If you’re not okay with this behaviour, I recommend you un-install the Web of Trust plugin.
* If you haven’t yet responded to my question of “do you have Web of Trust” installed, I’m still interested in hearing from you.
Detailed version:
* Shortly after folk started to respond to the survey, by chance I noticed unusual requests hitting the web server. An hour or two after the flurry of requests that I’d consider normal, I saw another request to _just_ the main URL, all from the same IP address (52.71.155.178), and the same user agent (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25)
To me, this implies that the supposedly secret URLs were not very secret.
* The address 52.71.155.178 has a DNS entry "nat-service.aws.kontera.com”. Kontera is an advertising company (remember those “in text” ads with the double underscore? Kontera was one of the players in that), which was bought by Amobee, a market research company. Amobee own the kontera.com domains and likely is related to the above activity.
* From some research, I discovered that others have seen these requests too, all to private URLs, and that the plugin “Web of Trust” was implicated.
https://www.abuseipdb.com/chec...
http://www.liveipmap.com/52.71...
* I saw 15 of these requests. I contact each of the 15 people and received 11 responses. 9 of the respondents were using the Web of Trust plugin.
* I don’t know what could explain the other 2. Certainly, Web of Trust can’t be the only company sending Kontera/Amobee data. Unfortunately attempts to replicate the issue for those two users have failed: it may be that Kontera have some kind of limit on how many URLs per domain they’ll probe per time period? I’d certainly want to do that if I wanted to stay under the radar, or thwart further analysis.
Conclusion:
Given that 9/11 is far, far above the expected install base of Web of Trust. It is very likely that Web of Trust is indeed forwarding your browser history to at least one advertising company: Kontera/Amobee
Sharing “non personal information” is not inconsistent with Web of Trust’s privacy policy: they do not consider the URLs you visit to be “personally identifiable information”.
Response:
What you do with the sites you visit is up to you. But if you don’t approve of what the company behind the plugin is doing, I suggest you uninstall this plugin. Apart from the risk of “private URLs” becoming non-private, I don’t think there’s any further security risk.
I am disinclined to make a wide announcement about this, especially not on WoT’s forums. From research, the company readily squashes any criticism against it, and a small but vocal fraction of its users have embarked on attacks against any persons or sites that have raised concerns against WoT’s activity. In many ways, WoT has become an extortion engine, such as offering a paid-for “badge of trust” to remove bad ratings.
http://mywot.info/
1. Re:Known this for some time: with proof. by ArsenneLupin · 2016-11-08 09:22 · Score: 1
  
  Just out of curiosity, I checked the web server logs for this user agent on 3 servers that I administer, and indeed I found a number of accesses using this user agent on all 3 of them (but in our case unfortunately none that are obviously not public knowledge). The most frequent IP (91 accesses) using this user agent was 52.71.155.178 and this is indeed nat-service.aws.kontera.com. This was followed ex aequo by 54.209.60.63 (also nat.aws.kontera.com) and 99.63.100.174 (99-63-100-174.lightspeed.bcvloh.sbcglobal.net)
  All accesses were suspicious, as they are obvious bots (it only accesses isolated URLs, but never any pictures nor other dependent content such as CSS), yet they masquerade as a interactive user agent (Mozilla on Macintosh).
  I promptly lodged a complaint at abuse@amazonaws.com.
  I recommend other webmasters do the same (i.e. check your logs, and if you find any similar occurrences, complain loudly to Amazon)
  Whois tells that the IP range is 52.64.0.0/12, in case anybody wants to firewall this.
2. Re:Known this for some time: with proof. by Chmarr · 2016-11-08 09:52 · Score: 1
  
  Blocking that /12 will unfortunately block hundreds of thousands of "perfectly legitimate" sites... essentially anyone deigning to use AWS. Kontera just happens to be one of the users. No idea about the sbcglobal.net one, though.
  The user agent is probably a perfectly valid one from some version of Safari (version 8.0, I believe), but one the Kontera coders decided to "appropriate" for their crawling software. However, if it _is_ Safari, Safari users will likely have updated their browsers long since afterwards, thus changing the User Agent, so this corroborates your analysis that they're all bots.
  And I would guess that, at least the Kontera ones, all come from some user visiting your site that was running the WoT plugin.
3. Re:Known this for some time: with proof. by Anonymous Coward · 2016-11-08 12:53 · Score: 0
  
  FYI, it is 1,048,574 IP addresses covered by that range.
4. Re:Known this for some time: with proof. by Chmarr · 2016-11-08 13:15 · Score: 1
  
  Yes. I can do 2**(32-12) as well as the next pythonista... but I said "hundreds of thousands" since the actual number of addresses _used_ in that range is probably only about a tenth of that.
5. Re:Known this for some time: with proof. by ArsenneLupin · 2016-11-08 18:20 · Score: 1
  
  Blocking that /12 will unfortunately block hundreds of thousands of "perfectly legitimate" sites... essentially anyone deigning to use AWS. Kontera just happens to be one of the users.
  Well, it's not as if this was any surprise. The WOT issue has been in the news for several days already, and apparently Amazon has not "deigned" to to do anything about it yet. Indeed both still reverse resolve to kontera.com... or did Amazon actually kick Kontera, but just forgot to update their name server?
  When choosing a cloud provider, smart users also consider the provider's reactivity, and his willingness to protect his legitimate customers' reputation and Amazon indeed seems to be lacking in this area...
Now for some turnabout... by Anonymous Coward · 2016-11-08 07:50 · Score: 0

One could only assume that, of the millions of browser/extension installs out there, a certain percentage are being used by minors, a.k.a. children. I'll be generous and say this figure is, oh, 5%.
So my question is, why is this company cyber-stalking, gathering information on, and virtually following 7 million innocent, defenseless little children around, gathering information on them, and selling this information to... who knows...? I mean, not only is this behavior disturbing and creepy, but is certainly illegal in many places. And who is to say who is buying up this information on your children?
And what are the purchases of this information doing with it? Why would they want to know exactly what your children are doing?
Won't someone think of the children?
meh by Anonymous Coward · 2016-11-08 07:52 · Score: 0

Two things that should never go together without "no" between them:
"web of"
"trust"
Sticky fingers by Spazmania · 2016-11-08 07:52 · Score: 1

Webs are sticky. They catch the spider's prey and don't let go.

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
uMatrix + uBlock is all you need by CrashNBrn · 2016-11-08 08:04 · Score: 2

uMatrix + uBlock covers everything you need, if you are willing to either:

1) Subscribe to the Block-Lists, or
2) Troubleshoot site compatibility manually.
On a site where you need to use both, you allow uMatrix to pass-through what you want fine-grained-control over (e.g. specific scripts, or inline-scripts). Then either:

1) Allow all of the scripts in uBlock, and selectively block some.
2) Block all of the scripts in uBlock, and selectively allow some.
1. Re:uMatrix + uBlock is all you need by number17 · 2016-11-08 08:21 · Score: 1
  
  Can a browsers add-on block the communication of another add-on to its mothership?
2. Re:uMatrix + uBlock is all you need by CrashNBrn · 2016-11-08 10:01 · Score: 1
  I doubt any "extension" in Chrome can actually prevent another Addon's internal url requests.
  You would want|need to:
  
  1. unpack the offending addon
  2. rip that crap out
  3. repack, and
  4. load an extension from disk
  
  In my experience, the Chrome Store (for Chrome) is chock-full of abandoned extensions - that haven't been updated in 3+ years. So not really even any additional work to repeatedly update|merge your changes.
3. Re:uMatrix + uBlock is all you need by Anonymous Coward · 2016-11-08 11:12 · Score: 0
  
  Ublock origin is on most of my browsers (except the ones I generally have javascript and cookies turned off- no need) and Privacy Badger too. I was using Ghostery, but a big update a few weeks ago seemed to imply it was now going to gather browsing data and phone it home and I've removed all traces of Ghostery.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 08:26 · Score: 1

Sorry asshole, I have a policy against using software written by spammers.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 08:46 · Score: 0

Adblock's ads are one-click disable-able and disclosed publicly up front in the installation and documentation. WOT by contrast did their shit in secret and has no way to disable it, and is untrustworthy by that criteria. It's night and day.
Get a clue.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 09:27 · Score: 0

Speak for yourself and get a clue loser. Neither one does a fraction of what hosts do for many orders of magnitude less and faster in kernelmode where addons bloat messagepassing, memory and cpu use, and are in slower usermode too. You lose, loser (again).
Computers mean not trusted by TangoMargarine · 2016-11-08 09:30 · Score: 1

Seriously folks, don't do computers.
You can only trust the trusted. Not stuff that runs on them.
How can you trust an operating system you haven't read the code of yourself? How can you trust chips running firmware you haven't read the code to? How do you know the precious metals in the hardware wasn't mined using slave labor in Africa? How do you know the computer companies you bought it from aren't paying lobbyists to oppose your interests?
Hell, look up "Reflections on Trusting Trust." You could read and understand the source code yourself, build it all from scratch, and your compiler could be compromised such that the resulting binaries aren't trustworthy either. Guess you'd better start reading the source to your compiler then, too...

--
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Greg, how come you don't like cats? by Thud457 · 2016-11-08 09:42 · Score: 1

Jack Byrnes is sooooo disappointed in them.

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 09:45 · Score: 0

A "ne'er-do-well" like you could never write your own software. You're a no talent menial is why and you know it. We do. Hahahaha.
Chrome: No, Firefox: Yes (for now?) by CrashNBrn · 2016-11-08 09:51 · Score: 1

Not in Chrome.It will work in Firefox, unless|until they break that feature during their stalwart march to Chrome-Addon compatibility.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 09:54 · Score: 0

We do.
Congratulations! Admitting your schizophrenia is the first step to getting help.
Re:Anonymous != Aggregated by Anonymous Coward · 2016-11-08 10:06 · Score: 0

Except that there is a difference between "anonymous" browsing data and "aggregated, anonymous data".
If they were collecting and selling "aggregated, anonymous data" then it would be something like this: 10k of our users visit xyz.com daily and 15k visit bca.com daily. However what they were doing is selling data that says user fda24ec3 visited this list of sites today and user c37a7e7b visited this other list of sites today.
Now do you see why collecting and selling "anonymous" individualized data is a problem? Because as we have seen it is fairly easy to reverse the process and determine that user c37a7e7b is actually John Smith who lives at 123 Nowhere St in Beverly Hills California with a phone number of 310-555-1212.
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 10:25 · Score: 0

Alex, stop referring to yourself in the third person. You've never fooled anyone into thinking that anyone supports you. You only embarrass yourself further by showing that you have no friends.
UBlock = inferior + inefficient vs. hosts by Anonymous Coward · 2016-11-08 10:30 · Score: 0

UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.
APK
P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons
Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...
Let me be the first to say by Anonymous Coward · 2016-11-08 10:41 · Score: 0

WoT?
/.'ers disagree outnumbering you by Anonymous Coward · 2016-11-08 10:43 · Score: 0

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

take a look at the APK hosts file engine by SuperKendall

APK is kinda right. I've tried his hosts file generating software. It works by bmo

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - Argue w/ those folks above.
APK
P.S.=> See subject - & those users above: Eat your words as many support me (want more?)... apk
1. Re:/.'ers disagree outnumbering you by Anonymous Coward · 2016-11-08 12:10 · Score: 0
  
  None of those people are making those AC posts praising you. All of them are you. Literally every single person who has ever read them immediately recognized them as you. Nobody other than you has ever claimed you won any argument, ever. Nobody ever will.
  You have proven me right, and you will now prove me right again.
2. Re: /.'ers disagree outnumbering you by Anonymous Coward · 2016-11-08 12:20 · Score: 0
  
  You do realize that the amount of effort you put into making others feel bad is directly proportional to how bad you feel inside, right?
Pulled the extension and... ... ?? by Anonymous Coward · 2016-11-08 11:07 · Score: 0

... someone going to jail maybe? Or is that all?
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 11:26 · Score: 0

Your bad minusmods of apk's posts to try hide 'em and your unidentifiable ac troll posts = credible? *Laughter* (not!).
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 12:34 · Score: 0

You pretending not to be APK is even less credible. The guy in your head who says "minusmods," does he have a name?
Malwarebytes = me? Wrong, lol... apk by Anonymous Coward · 2016-11-08 12:34 · Score: 0

I support APK's stand on the hosts file by Trax3001BBS

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid by JazzLad

APK was right! Is it time for us to point Sourceforge to a non-address in our hosts files by wonkey_monkey

APK's monolithic hosts file is looking pretty good by Culture20

APK... Awesome to see he's still spreading the good word by Molochi

ABP is insufficient as a solid hosts file does everything that APK reminds us about by fast turtle

APK, I know people give you a lot of shit regarding hosts, but please don't ever stop by nasredin

APK solution STILL relevant by Thud457

you're right about hosts files by drinkypoo

APK
P.S.=> Those folks above & in my last post != me - see subject - they host & recommend my work (how about you?)
Want even more?
(You PROJECT you sockpuppet + you DO use unidentifiable ac trolling of me (proves I have CRUSHED YOU BEFORE & you have to hide, lol))... apk
Re:Another addon f's users over? by Anonymous Coward · 2016-11-08 12:45 · Score: 0

Hahaha no denyin Apk slapped you around 2x making you eat your words https://yro.slashdot.org/comme... + https://yro.slashdot.org/comme... it's apparent he's done that to you a lot I bet. Why? Now you troll him by unidentifiable ac posts and he could throw your past defeats at his hands right back at you and you know it. You're obviously butthurt and lazy. Don't be such a loser. Do something others like (even big names like malwarebytes) instead of wishing you were him. Wishes don't make good things happen. Good work does. Work like Apk's.
UBlock = inferior + inefficient vs. hosts by Anonymous Coward · 2016-11-08 13:34 · Score: 0

UBlock can't do these as well as (or @ all) hosts do 4 speed, security, & reliability:
1.) Protect vs. bad sites (past ads)
2.) Protect vs. fastflux botnet C&C's
3.) Protect vs. dyndns botnet C&C's
4.) Protect vs. DGA botnet C&C's
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam payloads
9.) Protect vs. phish payloads
10.) Protect vs. caps
11.) Get past dns blocks
12.) Keep off dns request logs
13.) Speed up 2 ways (adblocks/hardcodes)
14.) Work on anything webbound multiplatform.
15.) Ez data edit
16.) Block ads more efficiently in cpu/ram/I-O use
17.) UBlock now uses hosts (no DNS benefits vs. dns issues) - poor imitation = "sincerest form of flattery"
Hosts = native vs. illogically "Bolting on 'MoAr'" & not ClarityRay blockable like addons.
APK
P.S.=> Hosts (1st resolver) do MORE w/ less in fast kernelmode & before slow usermode addons
Hosts ~3mb vs. UBlock = 64MB -> http://cdn.ghacks.net/wp-conte...
Best custom hosts file creator bar none by Anonymous Coward · 2016-11-08 13:41 · Score: 0

APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising) & privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )
WOT??? by Anonymous Coward · 2016-11-08 15:16 · Score: 0

I don't believe it!!!
***DUCKS***
Another addon f's users over? by Anonymous Coward · 2016-11-08 16:01 · Score: 0

This doesn't (more ability & efficiency too) APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising) & privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )
Alternative by sad_ · 2016-11-08 23:42 · Score: 1

Anybody know of an alternative that i can trust. I really like the concept of WoT, i don't use it myself, but for other people it is a great aid to warn them that clicking on a link is safe or not.

--
On a long enough timeline, the survival rate for everyone drops to zero.
Re:Another addon f's users over? by Big+Hairy+Ian · 2016-11-09 00:24 · Score: 1

WOT has been broken for years they never really did anything to verify if reviews were accurate or even made by a human so that most phishing email links get a green light from WOT.

--
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
I'll let Dr. "StRaNgE" speak for hosts then by Anonymous Coward · 2016-11-09 01:55 · Score: 0

"Thru the mystic arts we harness energy & shape reality - We travel great distances in an instant" https://www.youtube.com/watch?feature=player_detailpage&v=HSzx-zryEgM#t=20/
"The Avengers protect the world from physical dangers - we safeguard it against more mystical threats" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=31/
* Making it FASTER + SAFER vs. using remote DNS or browser addons for more security, speed, reliability & anonymity via what you have natively vs. illogically "Bolting on 'MoAr'" that uses more & DOES LESS!
APK
P.S.=> "How do I get from here to there?" https://www.youtube.com/watch?feature=player_detailpage&v=kNdM7b1Lm04#t=107/
ANSWER APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/... apk
Re:Another addon f's users over? by Anonymous Coward · 2016-11-09 03:55 · Score: 0

You're delusional. Enjoy Trumpland.
curso NR 10 by Instituto+Santa+Cata · 2016-11-09 04:30 · Score: 1

Curso NR 10 online curso NR 10 curso NR 10 online
Re:Another addon f's users over? by Anonymous Coward · 2016-11-09 10:34 · Score: 0

But, but... you said apk has no supporters. The links in the posts you replied to show otherwise so who's delusional?
Re:Another addon f's users over? by Anonymous Coward · 2016-11-09 18:04 · Score: 0

You say apk has no supporters embarassing yourself. 2 links show different https://yro.slashdot.org/comme... + https://yro.slashdot.org/comme...
Hosts files can (why 3x downmod?) by Anonymous Coward · 2016-11-11 07:40 · Score: 0

Best hosts file creator APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?...
Ads rob speed, security (malvertising) & privacy (tracking).
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively.
Works vs. caps & PUSH ads.
Avg. page = big as Doom http://www.theregister.co.uk/2... & ads = 40% of it.
Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity.
Compliments firewalls (blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load).
Gets data via 10 security sites.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "seen the code & it's safe" http://forum.hosts-file.net/vi... )