MyWOT and the Problem with Crowdsourced Rating Sites

As the internet continues to grow by leaps and bounds every day it’s getting harder and harder keep track of what’s safe and what isn’t online.

Online reputation sites attempt to solve this problem by giving each website a rating of some kind to indicate how safe that website is. There are many reputation sites, but MyWOT (which stands for “My Web of Trust”) handles website ratings in a rather unique way.

MyWOT works kind of like the online encyclopedia Wikipedia. People from all over the world help build and improve Wikipedia by writing and editing articles. In much the same way MyWOT users from all over the world help build MyWOT by contributing website ratings. Seems like a great idea.

I really like Wikipedia and many other user-powered or “crowdsourced” websites so I was eager to give MyWOT a try.

Problem #1: MyWOT isn’t accountable for their ratings

2013-12-04 16_40_45-MyWOT and the Problems with Crowdsourced Rating Sites « ZookaWare Blog has a poor WOT rating simply because of unpopular opinions.

But there’s a big difference between Wikipedia and MyWOT: Wikipedia has strict rules that every sentence of every article must be supported by verifiable facts. A user cannot post their opinions and have them included in Wikipedia. Any attempts to do so are swiftly removed.

MyWOT doesn’t have any similar rules. MyWOT users are free to rate a website however they feel regardless of the truth of their rating. This results in many sites receiving poor ratings because of unpopular opinions, personal grudges and misunderstandings. For example, the websites of the Recording Industry Association of America ( and Motion Picture Association of America ( both have low scores on MyWOT, not because their website are dangerous in any way but because some MyWOT users simply don’t like these organizations.

2013-12-16 _ WOT Reputation Scorecard _ WOT (Web of Trust)

Monsanto also has a poor WOT score. I don’t like them either, but there is nothing dangerous about their website.

MyWOT could enforce a “facts only” policy like Wikipedia does but chooses not to. Legally they don’t have to. Because of laws set up to help shield internet service providers from being sued for the actions of their users MyWOT isn’t legally liable for the reviews they host.

Users who post reviews on MyWOT are, however, liable for what they post. But most MyWOT users are shielded by the relative anonymity of the internet. It would take a court order to even find out a user’s real identity let alone hold them accountable for what they say. While large corporations may have the resources to hold anonymous trolls accountable, it’s simply too expensive for individuals and small businesses to protect their reputations in this kind of system even when what is being said about them is provably false.

Problem #2: The rating system is dominated by “power users” on power trips

While anyone is free to sign up with MyWOT and begin rating websites right away, MyWOT’s rating system doesn’t treat all users equally. MyWOT likes to call their rating system “meritocratic” which really just means users who have been around longer and rated more websites have much more rating power than average users.

At first that sounds like a good idea. In theory this would keep scammers from making a bunch of fake accounts and rating themselves highly. But a closer look shows this system creates at least as many problems as it solves.

Websites that criticize MyWOT very quickly receive poor ratings.

Websites that criticize MyWOT very quickly receive poor ratings.

Because MyWOT gives preference to users with a long history of site ratings it’s much harder for individual users who have no interest in becoming power users to affect the scores of sites they feel are rated incorrectly. It does, however, give power users a much greater ability to influence the ratings of websites they personally dislike. The expression “Power Corrupts” definitely holds true here.

This “meritocratic” system also creates some twisted incentives for scammers to become MyWOT power users. What better way for scammers to give their sites some legitimacy than to use their power user status on MyWOT to give their websites a nice high rating and negatively influence the ratings of their competition at the same time.

Of course, to pull off a task like that, a scammer would need access to a lot of computers all over the world in order to build up a bunch of fake reputations over a period of time. This isn’t something most website owners are capable of, but it’s exactly the type of scam botnets are great for. By designing their system this way it’s almost like MyWOT is actually trying to encourage hackers and scammers to cheat the system.

Problem #3: MyWOT’s management are secretive and hard to contact

As if the other problems with MyWOT aren’t bad enough the organization behind it, WOT Inc., is notoriously difficult to get ahold of. While the founders of WOT are publicly known, the only way to contact the MyWOT team is through a contact form their website that isn’t easy to find. And if you have a problem with how your website is being rated they make it pretty clear they have no interest in talking to you.

It’s also pretty difficult to get any specific details about the rating system MyWOT uses. For example, MyWOT makes it clear that user ratings are weighted differently depending on the “merit” of the user. What algorithm do they use to determine whose rating is more important? They don’t say. They won’t even tell you how many ratings a website has, only its overall rating score. Presumably all this secrecy is an attempt to make it harder for scammers to game the system (which I’ve already explained doesn’t work) but it also makes it impossible for website owners and third-parties to verify that websites are being rated fairly. This lack of openness seems a bit strange especially for a “community-driven” reputation website.

MyWOT’s financial situation is also a bit confusing. MyWOT has more than a handful of high profile investors like Risto Siilasmaa, the founder of F-Secure, and Michael Widenius, founder of MySQL. MyWOT also has business deals in place to provide website rating data to several popular websites like Facebook and For a period of time MyWOT also sold “Trust Seals” that website owners could purchase and post on their websites to show off their MyWOT ratings. (MyWOT stopped selling Trust Seals due to suspicion that these purchases led to favoritism for certain website owners.)  Yet MyWOT still solicits donations from its users to stay in operation. Why does a website with millionaire investors and business deals with the most popular websites in the world need to beg for donations to stay afloat?

Because of problems like these MyWOT has earned a less than stellar reputation on other online rating sites. It’s not unusual to find dozens of complaints about unfair and inaccurate ratings. This is the case on every rating site except for MyWOT itself. Of course, it’s hard to blame the MyWOT community for being a bit biased but this kind of bias is exactly the behavior that has generated so many complaints.

Better Alternatives

There are other flaws in MyWOT but these 3 stand out as the most glaring examples. If you want to protect yourself online but don’t want to deal with the problems that MyWOT brings with it there are a few alternatives you can choose from. The browser addons listed below are produced by reputable security companies. These organizations can actually be held accountable for the ratings they provide so they are more likely to be accurate and can make your web surfing safer.

Browser Addons:

“AVG Secure Search alerts you before you visit dangerous webpages to make sure your identity, personal information, and computer are protected.”

“…a free cross-browser add-on that intercepts, processes, and filters all Web traffic, blocking any malicious content and taking browser security to new levels.”

Reputable Review Sites:

On its face TrustPilot looks just like any other internet review website. But it’s more than that. Unlike other review sites TrustPilot makes the effort to verify reviews it receives are coming from actual customers of the websites they are reviewing. This makes it much harder for anonymous internet trolls to create a bunch of fake accounts and post fake reviews.

A Simple Step to Make Your Computer Safer: Uninstall Java

Java has had quite an eventful year. With new vulnerabilities being found and exploited on an almost weekly basis, Java is looking less and less like the powerful, secure platform Oracle wants it to be and more like an aging block of swiss cheese. Many security experts have questioned whether it’s really a good idea for most computer users to have Java installed at all. I’m very much in agreement with this group.

In the security community, we have a concept known as “attack surface”. Your attack surface is any area of your system that could potentially be exploited by an attacker to compromise your system security. Obviously, the smaller your attack surface, the less opportunity there is for an attacker to exploit your computer. The great thing about Java is that it runs on a wide variety of computing platforms, making it possible for Java applications to run anywhere Java can be installed. The terrible thing about Java is that it runs on a wide variety of computing platforms, making it possible for Java vulnerabilities to run almost everywhere. This makes Java an ideal target for malware authors. And because Java installs its browser plugin by default, the only action a user needs to take to risk having their system infected is to visit a malicious or infected website. This is true even with fully up to date web browsers. That’s bad. Really bad.

Unless you absolutely need to have Java installed, it’s time to ditch it. To uninstall Java, open your Control Panel and select “Add or Remove Programs” (if you’re using Windows XP) or “Programs and Features”. Select Java and press “Uninstall”.


If you do need to have Java installed you should at least attempt to disable the Java browser plugin, which is where most Java vulnerabilities are exploited. The official Java website provides a walkthrough of how to disable Java in all major browsers here.

Automatically Update All Your Software for Free

It’s a little known fact outside of security circles that most computer infections aren’t the result of super skilled hackers hunting down individual computer users, laughing maniacally as they break into computers to steal identities or destroy data. The vast majority of malware infections are the result of running outdated and insecure software. Attackers know that most people don’t keep their software as up to date as they should, and they use this to their advantage.

Unfortunately, just telling people they need to keep their software up to date doesn’t put much of a dent in the problem. The reason is simple: Keeping track of the current version of every software program installed on your computer and checking for updates every day is a huge hassle, not to mention a gigantic time drain. If only there was a way to automate the process so that you don’t even need to think about it…


Secunia has solved the problem with their Personal Software Inspector (PSI). After Secunia PSI is installed, it will scan your computer to determine what programs you currently have installed and compare them against its database of current software versions. If any of your software is found to be out of date, it will automatically attempt to update the software for you, freeing you to do more important things like looking at funny pictures of cats or watching the latest South Korean pop videos on YouTube. If Microsoft Update  is installed on your computer Secunia PSI becomes even more powerful, with the ability to update Microsoft’s software products using their own automatic update features. When closed or minimized, Secunia PSI will continue to run in the system tray, keeping watch for any updates available for software on your system.

Secunia PSI can be downloaded from Secunia’s website: