[bimmer44]

Web of Trust is a browser extension that claims 140 million installs. The marketing language on the home page [1] is all about how the extension will help users decide which websites to trust.

Their privacy statement [2] includes a section that describes "Browsing usage, including visited web pages, clickstream data or web address accessed;" as one of the categories of "non-personal information" that they may disclose or share with 3rd parties.

I'd imagine most users installing an extension to make their browsing safer would not be happy to know they were also making their entire browsing history available to 3rd party data brokers at the same time.

Unscrupulous business practices are definitely made easier when no one actually reads Privacy Policies...

[1] https://www.mywot.com/

[2] https://www.mywot.com/en/privacy/privacy_policy

[mkesper]

The info collected is not considered as consented by the user in Germany by the Hamburg commissioner for data protection: "disclosure of personal data, companies need basically a data subject's consent." "an extensive evaluation the data by Web of Trust is therefore under German law "not allowed"

https://translate.google.com/translate?sl=auto&tl=en&js=y&pr...

[RobAley]

And I think, assuming its the same as many other EU countries, that means active consent, not just implicit (e.g. you used the product so you implicitly consented to the privacy policy)

[raverbashing]

Do you know what would be a great way to prevent this?

Every data send by an extension should be user viewable.

Here's the json file (or maybe something better) that we are posting, press Agree to send it

[byuu]

They would just start obfuscating the data (with ciphers, word replacements, encoding, minification, etc.)

They'd then claim it was for your security/privacy/protection. You know, like how Microsoft encrypts your Windows 10 usage data it sends them.

At least you could use the presence of such obfuscation as a sign there's probably something bad afoot. Presuming only a tiny number of extensions try to encode the data they send.

[yuhong]

This extension already does in fact, with double base64 (see btoa in source).

[jlgaddis]

> ... you could use the presence of such obfuscation as a sign there's probably something bad afoot.

So, that "if you have nothing to hide..." argument, basically?

[singold]

Similar but not the same, one thing is hiding your own information, but another very different is you taking my information and hiding it from me

[blub]

No, the only thing that will work is to pummel guilty companies into the ground with fines.

But you can bet GooBookSoft will lobby against that like their lives depended on abusing customer data. And they do depend on it.

[codedokode]

I do not think collecting data on users is necessary. You still can show ads in search results even if you don't know anything about a user. And you don't need user's browsing history to sell him an airplane ticket.

[commentzorro]

Nope. I'm going for FaceGooSoft or FaceGleSoft. First writes better. Second sounds better. But you can have the copyrite because all are fun.

[mootothemax]

>Nope. I'm going for FaceGooSoft or FaceGleSoft. First writes better. Second sounds better.

With much regret, MiFaceGoo is rarely appropriate in the professional world.

[codedokode]

You cannot make a technical solution to this. Now every company tries to collect as much information as they can. Only laws can help.

> Every data send by an extension should be user viewable.

You can start Wireshark and get that data. But it would be too complicated for an average Joe.

[GTP]

Most people would just press "Agree" without reading it, but giving the possibility to read the data only when you want would give to expert users the way to occasionally check what the addons are doing.