We have released an update for the add-on, which adds new features you have requested and fixes some problems. Please keep the suggestions coming!
Here are the notable changes compared to WOT 20070104:
New feature: adds an option to exclude reputations from being loaded for listed websites.
New feature: adds an option to show only bad reputations in search results.
Bug fix: fixes a problem with the toolbar icon creation if the address bar is moved elsewhere.
Bug fix: fixes a problem with the status showing an error if the current tab is changed before the reputation loads.
Bug fix: fixes a handful of other minor problems.
Version 20070226 is now available for download from our website.
(Visit Mozilla Add-ons for previous versions and a more detailed version history of the WOT add-on.)
Recently, there have been reports of vulnerabilities in the phishing protection included in Firefox and Opera. If an extra dot or a slash is added to the end of the hostname of a phishing site, the browser fails to warn you. Incidentally, WOT isn't vulnerable to these attacks, but even if it were, you could still tell something isn't quite right.
A major problem with current phishing filters is that you cannot really tell if they're working. If you don't receive a warning when you enter an unknown site, is it because it's not phishing or is the phishing protection just not working this time? There's no difference in the feedback you receive.
WOT solves this problem by always being there. You can see if it works, and you can see if it knows the website. If it doesn't, you know to watch your steps. This is especially true if you visit a site that you have known to have a good reputation previously. If WOT suddenly doesn't know it anymore, it's a good sign something phishy might be going on.
The problem of the phishing protection not being visible to the user also comes up in another very recent Firefox vulnerability. It turns out that a website can open an empty window or a new tab and modify its contents while the address bar the user sees appears blank. This means that a malicious website can simply open a new tab and add its phishing page there. The phishing filter on your browser doesn't have a chance of detecting this. However, if you are using WOT, you can tell it's not your bank, because the blank page doesn't have a reputation.
Of course, WOT isn't just for antiphishing. Even if the website you are visiting is not trying to impersonate another site, learning its reputation can help you decide whether it can be trusted. Mere phishing protection won't help you with that.
Every now and then we receive feedback from users who would like to leave textual comments for websites, again, much like the feedback in eBay. When we designed WOT, we chose to build the system around numerical testimonies instead of textual comments for a number of reasons, which I'll talk about here.
The basic premise is that not everyone leaving comments is being sincere. Everyone has an agenda. Textual comments can be misleading, contradictory, and confusing. Which ones will you trust? The person who writes the most convincing comments might be wrong or is trying to scam you. It's called social engineering, and textual comments provide an excellent opportunity for it.
Also, leaving textual comments is a lot more work than the couple of mouse clicks it currently takes to leave a testimony in WOT. Therefore, not so many users will bother to share their opinions. Less data makes the overall information less reliable.
But even if we collect lots of textual comments, would you read them all? I bet you wouldn't. There could easily be thousands of comments for the more popular sites. So which ones would you read, the newest ones? Are they the most reliable? Or perhaps you should be able to rate the comments as well, much like in Slashdot or Digg?
Not only are textual comments difficult for people to process, they are even more troublesome for computers. It is nearly impossible for a computer to determine the trustworthiness of a piece of text. On the other hand, there are well-founded mathematical theories for handling numerical information. So while textual comments certainly provide more entertainment for the reader, our decision of using only numerical testimonies in WOT was obvious all things considered.
