The Asocial

The other Web of Trust

Yet another web scam

Image source Image source
Image license registered trademark
Article date February 16, 2018
URI https://www.mywot.com/
Category internet
Tags scam

Once upon a time, in the early 90s, Phil Zimmermann (the creator of PGP) proposed for people to sign one another’s keys, forming a “web” (a then-hyped term for a graph, cf. World Wide Web), so that a distributed, fault-tolerant, and verifiable key distribution would become possible. It didn’t get adopted widely enough to be useful, because most people don’t know what that is and/or don’t care, and it’s not great for privacy, since the mode of operation usually involves in-person meetings and IDs, but key signing parties provided at least some socialization for PGP users, so it wasn’t a complete failure in the matter of gaining popularity. That is called “Web of Trust”, by the way. Its “strong set” (strongly connected PGP keys) has a little over 60 thousand keys now, according to analysis of the strong set in the PGP web of trust.

In 2007, WOT Services (aka MyWOT, aka Web of Trust, too) appeared: with no connection to the actual WOT, of course, and doing something stupid like being an “online reputation system” (like “safe browsing” kind of nonsense that some web browsers provide on their own now). It provided a web browser plugin and had over 100 million downloads by the end of 2013, 140 million currently.

As many other web scams, and following the common theme of marketed “security” software actually being malware, it was involved into human web trafficking, but nobody cared until the following event:

In November 2016, a German state media investigation found that WOT had secretly collected personal user details and sold or licensed this information to unidentified third-party businesses and entities for data monetization purposes.

Promptly it got thrown out of web browser add-on stores, but added there again in a couple of months, promising that they wouldn’t secretly sell private information to unidentified third parties anymore. They must be trustworthy because there’s “trust” in the name, right?

As Wikipedia also mentions, it has partnerships with other dodgy web enterprises: Mail.ru, Facebook, hpHosts, LegitScript, Panda Security, Phishtank, GlobalSign and TRUSTe. Oh, look, “[Facebook] instructed to delete illegally collected data or face €100m in fines after it loses case over consent and tracking”, as found right after writing the rest of this very article, and they keep spewing marketing crap in response. Be careful with that gang!