Facebook recently announced a partnership with Finnish company Web of Trust (WOT) who provide community-based site ratings for websites. The reason for using WOT isn’t clear, but I suspect that it’s because they have no obvious commercial strategy as well as being very community-based which is what Facebook is all about. So what is WOT? It is an application plug-in for your web browser (Internet Explorer and Firefox supported). If a website isn’t all it seems (i.e. is used for spamming or malicious purposes for example) the Internet community (you and me) will rate it. This fits very nicely in line with the Facebook ‘community’ model.
So what are the risks? Community-based website ratings are dangerous because they will have a high false positive rate. Safe sites will be rated as dangerous and legitimate websites will be unable to remove themselves from the blacklists. I’m not a big fan of any white/black listing model, but it’s all we can use right now until behavioural programming intelligence improves. Personally safe browsing tools like McAfee SiteAdvisor, AVG Link Scanner, Finjan, Firetrust SiteHound or TrendProtect to name a few should be considered ahead of WOT, based mainly on the URL collection method used, lower URL link false positives and the frequency they intelligently gather white and black listed URLs.
What will WOT be doing when malware writers target their rating system? It’s not impossible that cyber criminals will pay people to improve the ratings of websites they want you to visit.
Note: WOT also protects users from malicious URL shortening links – this is a growing threat vector. ShuURL is a URL shortening service that uses WOT to alert people that a link may lead to a dangerous website before they click it. With SHUURL service you get a screen shot of the link your about to visit, the actual link that has been shortened and most importantly a safety test which will tell you if the site is safe or not. Nice. 🙂
Safe surfing folks!