Difference between revisions of "FAQ"
|  (→Ratings aren't equally reliable) |  (→Facebook stopped using WOT) | ||
| Line 79: | Line 79: | ||
| === Facebook stopped using WOT === | === Facebook stopped using WOT === | ||
| − | In May 2011, [http://www.mywot.com/press/facebook-protects-users-from-untrustworthy-websites-with-web-of-trust-reputation-ratings Facebook and WOT announced] that Facebook will start checking the WOT reputation of links posted to their service and will show an intermediate warning page when a user tries to follow a link to a poorly rated site. Recently, certain groups have started spreading rumors that Facebook has stopped using WOT in an attempt to discredit our service. This isn't true, and there have been no changes in our partnership with Facebook since the initial announcement. | + | In May 2011, [http://www.mywot.com/press/facebook-protects-users-from-untrustworthy-websites-with-web-of-trust-reputation-ratings Facebook and WOT announced] that Facebook will start checking the WOT reputation of links posted to their service and will show an intermediate warning page when a user tries to follow a link to a poorly rated site. Recently, certain groups have started spreading rumors that Facebook has stopped using WOT in an attempt to discredit our service. This isn't true, and there have been no changes in our partnership with Facebook since the initial announcement regarding URL checking. | 
| However, it should be noted that Facebook does use a higher warning threshold than the WOT add-on, which means the warning is shown only for sites that have a very poor reputation with a sufficiently high confidence level. In other words, Facebook doesn't warn about all poorly rated sites. Also, while WOT was the first link checking service Facebook integrated to their website, they have added several others since then, including Websense and SURBL, for example. These services have not replaced WOT, and using multiple link checking services was in Facebook's original plans. | However, it should be noted that Facebook does use a higher warning threshold than the WOT add-on, which means the warning is shown only for sites that have a very poor reputation with a sufficiently high confidence level. In other words, Facebook doesn't warn about all poorly rated sites. Also, while WOT was the first link checking service Facebook integrated to their website, they have added several others since then, including Websense and SURBL, for example. These services have not replaced WOT, and using multiple link checking services was in Facebook's original plans. | ||
| + | |||
| + | In November 2012, Facebook also [http://www.mywot.com/press/web-of-trust-becomes-first-crowd-sourced-security-solution-invited-into-facebook-s-av-marketplace added the WOT add-on to their AV Marketplace]. “We have been proud partners with Web of Trust for the past year and a half, and are excited to announce a new stage of that partnership to keep our users and their data safe. Not only will Facebook users continue to benefit from WOT's reputation warnings when clicking potentially malicious links but also will be able to download their browser add-on for protection no matter where they are on the web” said Joe Sullivan, Chief Security Officer of Facebook. | ||
Revision as of 15:44, 15 November 2012
This is a collection of answers not found in the official FAQ.
Common misconceptions
Users aren't qualified to rate sites
We realize the average web user isn't a security professional and we don't expect them to go out and investigate random websites for safety. We have an active group of experienced users who review sites for technical safety and help the average user avoid security threats. We only expect users to share their experiences with the websites they already know, because they are uniquely qualified to do that. Being able to learn from other people's experiences is the whole reason for this service.
Someone has to fall victim first before others can be warned
Someone obviously has to discover threats before they can warn others, but it doesn't mean this someone has to fall victim or even be a WOT user. We collect information from a number of blacklists and other sources to warn users of emerging threats before they have to experience them personally.
Reputations are easy to manipulate
When someone first hears about the concept behind WOT, their first objection is that someone could easily spam the system with tons of ratings and rate down their competitors or otherwise manipulate reputations, but that's not true. We designed the reputation system to be as fair as possible and very resistant to manipulation.
Ratings aren't equally reliable
Usually in reputation systems each rating is weighted equally and reputations are computed as the average of all ratings, which makes them extremely vulnerable to automated attacks. Therefore, we decided early on to value ratings by their merit and use some of the principles of Bayesian inference for combining the ratings into reputations. Without going into details, the system analyzes each user's rating behavior from several aspects in order to determine their reliability. When you start using WOT, your ratings have little weight, but if you keep rating sites consistently, your ratings will be considered more reliable over time. The meritocratic nature of the system makes it far more difficult for spammers to abuse, because bots will have a hard time simulating human behavior over a long period of time.
Note: User reliability is determined using statistical modeling and doesn't depend on the number of ratings or whether you agree with other users. Specifically, it's not related to your activity score or user level, which simply tell you how active you've been.
Unusual behavior is automatically detected
In addition to weighting ratings differently based on statistical analysis of user's rating behavior, we also monitor for unusual rating activity. The system is capable of ignoring spammers without human intervention and almost every type of unusual rating behavior can be detected. We investigate all suspicious activity and ratings from someone abusing the service will be silently ignored.
But I don't agree with a reputation!
The site's reputation tells you how much other users trust the website. If you disagree with a reputation, it's most likely not because the reputation is being manipulated or there's a conspiracy against the site, but because other people simply don't agree with you. Their experiences may be different from yours, it happens sometimes. You may want to start a new topic on the forum to discuss the site's reputation or if you suspect unusual activity, report it.
Ratings vs. comments
Ratings are often confused with comments, probably because comments are so prominently visible on the scorecard. Users can rate websites on the add-on or on each website's scorecard in four rating components. Ratings are private, which means they are not shown to other users. Reputations are computed only from ratings.
If users want to share additional details about their experiences, they can also write comments to scorecards. Comments are purely informational and have no effect on the reputation. Comments can be voted up or down depending on whether others agree with them. Comment votes only determine the default order of comments on the scorecard, they won't affect the site's reputation. If a site's reputation rating is determined to be controversial, comment voting is disabled to prevent one side from suppressing opposing views by voting them down.
Why can't I see how others have rated a site?
It's always been WOT's policy to keep user ratings private and have a secret ballot. If users want to reveal their opinion of a website to others, they have an option to post a comment. If all ratings were public, users might be reluctant to rate certain sites, because it would reveal to everyone they have actually visited them. Not to mention that users with an opposite agenda might start intimidating others to change their ratings. This all would lead to less ratings, which leads to less reliable reputations; something nobody wants.
Why don't you show the number of ratings?
Unlike it might first seem, the number of ratings won't tell you the reliability of a reputation, and showing it could in fact be misleading to users. It would be trivial for a spammer to rate a site multiple times and thereby make the reputation appear to be reliable, for example. This is why WOT shows you the confidence indicator instead (the small human figures next to each rating symbol). The confidence value tells you how reliable the rating system considers the reputation and it's based not only on the quantity of ratings, but also the estimated reliability of the users who rated the site.
Why don't comments always match the reputation?
A site's reputation is computed from ratings, not comments. Leaving a comment is completely optional and since users who disagree with the reputation or otherwise feel strongly about the site are more likely to also write a comment, it's not uncommon for comments to appear to contradict with the reputation.
Malicious rumors
It's unfortunate, but the more popular WOT gets and the more successful it is at preventing people from falling for scams, the more people start attacking us. Often scammers whose business model WOT is hurting or other disgruntled website owners spread malicious rumors about the service in an attempt to discredit it and discourage people from benefiting from the reputations.
The add-on is spyware or adware
Due to its concept, the WOT add-on needs to request reputations for each website you visit. It also needs to keep track of your ratings, which it does by creating a random, anonymous identifier for you automatically. It's obvious that this information could be used to track which sites you browse, which is probably why spreading rumors about WOT being spyware is a favorite amongst those trying to discredit the service. WOT is not spyware or adware and does its best to respect your privacy:
- Open add-ons. All WOT add-ons are open source, which means anyone can download the source code and verify what the add-on does. There are no secrets in the add-on, it only does what it says. The Firefox add-on is also thoroughly reviewed by Mozilla editors every time it's submitted to the Add-ons website. So far, the add-on has been featured or recommended by Mozilla, Google, Apple, and Opera.
- No tracking. The add-on sends as little information to WOT servers as possible. When you visit a website, the add-on sends the hostname (not the URL) of the site to WOT servers to load the reputation and your ratings. The hostname is encrypted in transit and on our servers logs to prevent eavesdropping. No further requests are made if you revisit the site during the next 30 minutes while the add-on keeps the reputations in its internal cache.When you search the web, the add-on doesn't send your search queries to WOT's servers, it only requests reputations for the sites that appear in the search results, provided that their reputations aren't already cached.
- Data retention. All requests the add-on makes are logged temporarily on WOT's servers. These logs aren't used to track users and the information isn't shared with anyone. The logs are kept temporarily only to create usage statistics and to analyze possible abuse incidents. All the information (except for your ratings, of course) in the logs are deleted after one month. You can read more from the privacy policy.
The Firefox add-on also shows Surf Canyon's search refinements on Google search results. Although WOT gets a small revenue from all refinement clicks, which helps support the maintenance and further development of the service, the search refinement links are not ads, but aim to help users find relevant information faster. The links go to Surf Canyon's website, where you'll see relevant search results with WOT ratings. No information about your searches is stored. This feature can be easily and permanently turned off by clicking the X mark next to the refinement links.
Selling trust seals means reputations can be bought
After the WOT trust seal was introduced, every now and then rumors resurface saying reputations can be bought, because WOT now sells trust seals. That couldn't be further from the truth. In fact, only websites that have already earned a good reputation from user ratings are eligible for a trust seal, and should the website's reputation change to poor in future, they will lose the trust seal. Sending us money will not affect a website's reputation, it's still determined from user ratings as always.
People who rate a lot of websites are spammers
Some of our most active users volunteer their time researching scams or security issues on the web. As a result, they may end up rating even hundreds of sites per day. Occasionally, we hear complaints that these people are spammers, bots, or even paid to rate websites for whatever nefarious purpose. Sometimes the argument goes that it's simply not possible for a person to rate that many sites, which means they must be doing something evil. Of course, none of that is true.
Probably thousands of websites are created every day for various scams, but luckily there are also people who spend their time warning others. They are able to do this, because we provide them access to tools that allow them to rate and leave comments for more than one website at a time. This way, when they uncover a hundred new websites recently set up for scamming people, they are able to rate all of them.
Note that unlike normal ratings, which are private, ratings left using the mass rating tool are more transparent, because the user is always forced to leave a comment explaining the rating. The comment also has a special icon on the top right corner that helps you distinguish it from normal comments. Despite these differences, it's also important to note that ratings left using the mass rating tool are not considered any more reliable than normal ratings and have no special meaning when the reputation is computed.
Facebook stopped using WOT
In May 2011, Facebook and WOT announced that Facebook will start checking the WOT reputation of links posted to their service and will show an intermediate warning page when a user tries to follow a link to a poorly rated site. Recently, certain groups have started spreading rumors that Facebook has stopped using WOT in an attempt to discredit our service. This isn't true, and there have been no changes in our partnership with Facebook since the initial announcement regarding URL checking.
However, it should be noted that Facebook does use a higher warning threshold than the WOT add-on, which means the warning is shown only for sites that have a very poor reputation with a sufficiently high confidence level. In other words, Facebook doesn't warn about all poorly rated sites. Also, while WOT was the first link checking service Facebook integrated to their website, they have added several others since then, including Websense and SURBL, for example. These services have not replaced WOT, and using multiple link checking services was in Facebook's original plans.
In November 2012, Facebook also added the WOT add-on to their AV Marketplace. “We have been proud partners with Web of Trust for the past year and a half, and are excited to announce a new stage of that partnership to keep our users and their data safe. Not only will Facebook users continue to benefit from WOT's reputation warnings when clicking potentially malicious links but also will be able to download their browser add-on for protection no matter where they are on the web” said Joe Sullivan, Chief Security Officer of Facebook.
