What is Web of Trust?
Both WOT and Phil Zimmermann‘s web of trust claim to keep users safe. Indeed, the notions aren’t the same. In contrast to Zimmermann’s network of trust, WOT focuses on protecting users’ browsing behaviour. Detractors, however well-intentioned, feel Zimmermann’s web of trust (WOT) is weak and WOT is untrustworthy. In the next sections, we’ll explain why.
What is Web of Trust?
Conceptually, a web of trust is cryptographic. To verify the validity of a public key and its owner, it is used in Pretty Good Privacy (PGP), GNU Privacy Guard (GnuPG), and other OpenPGP-compatible systems.
Public key infrastructure (PKI) has a centralised counterpart, the web of trust, which is decentralized (PKI). Using a computer network analogy, you may describe it. A computer network may function on its own without relying on other networks. In the same way, many networks of trust might exist simultaneously.
Also Read: 5 Reasons to Learn Ethical Hacking
When did the idea of a “Web of Trust” first come to light?
Phil Zimmermann first presented the idea of a trusted web in PGP 2.0’s user manual in 1992. Zimmermann acted in this manner because:
In the long run, you may wish to identify certain persons as ‘trusted introducers.’ Everyone else will select their network of well-known contacts. Everyone will eventually amass and share with their key a collection of certifying signatures from other people, with the hope that anybody receiving it will trust at least one or two of the signatures. As a result, a distributed, fault-tolerant web of trust will be created for all public keys.
A “network of trust” isn’t explicitly mentioned in the quotation above, but it does explain the technology’s goal. A “web of trust” is the same thing as a “web of confidence.”
From PKI, how does Zimmermann’s Web of Trust differ
The primary distinction between a web of trust and public key infrastructure is how public keys are used. One certificate may be used to verify the identity of a PKI user at any server using encrypted communications. As an alternative to this, users who want to connect to many networks must utilise separate certificates. Because there are seven webs of trust, a corporation must have a unique key for each one.
In comparison to PKI users, why are there so few people using the web of trust?
As a result of difficulties such as:
- Loss of private keys: Because users who lose their private keys cannot decode communications delivered to them that were encrypted using the public keys provided in their OpenPGP certificate, they are effectively rendered inoperable. PGP certificates that were issued prior to the introduction of expiration dates do not now have expiration dates. It is impossible to cancel a private key that has been lost, and if it reaches the hands of an attacker, they will be able to decipher sensitive messages.
- Public Key authenticity check: A web of trust does not have a centralised controller for verifying the authenticity of public keys. Instead, it relies on the confidence of other users. This means that people who have just received fresh digital certificates may not be trusted by others until they meet the people who need to give them their trust. This may not be possible or time-consuming for two organisations that operate thousands of miles apart, for example.
WOT Service’s WOT Is Zimmermann’s Web of Trust the Same?
No, that’s the short answer. In the next sections, you may learn more about WOT.
Users may safeguard their surfing history and activities with WOT Service’s Web of Trust, sometimes referred to as MyWOT or just WOT.
While accessing the internet, MyWOT or WOT protect consumers from frauds, viruses and phishing. To conduct website security checks, it analyses community ratings and reviews, as well as machine learning (ML) algorithms. It also sends out notifications when it detects malware on a site.
WOT Is Supposed To Be Unreliable, So Why Is That?
However, based on history and current events, not all browser addons can be relied upon. According to a recent investigation by German public broadcaster NDR, WOT is one of several sites violating users’ privacy. WOT users, in particular, are susceptible to considerable background data collecting. And it’s not just a one-to-one relationship. Additionally, it is evaluated by third parties and sold.
As you’ve seen in this article, even while technology is designed to benefit its users, some end up harming them.