×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Naming and Shaming Toxic Web Apps

Soulskill posted about 4 years ago | from the running-this-requires-access-to-your-neural-patterns dept.

Software 52

itwbennett writes "Stanford Law School has released a wiki called WhatApp?, where users can rate all manner of web apps, browsers, mobile platforms, mobile apps, and social network apps on their security, privacy, and openness. Currently, the wiki 'lists some 200+ apps, but most of them have not been reviewed yet. So they need a lot of help,' writes blogger Dan Tynan. 'To review an app you select it from the list, then fill out a 9-question form rating its privacy, security, and openness, ranging from 5 (very private, secure, and open) to 1 (a steaming pile of vulnerabilities and violations).'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

52 comments

Wait (3, Funny)

malkir (1031750) | about 4 years ago | (#31738548)

So all I have to do is download some shitty app and rate it, potentially exposing myself to the spyware/malware/security vulnerabilities were looking to avoid? Where do I sign up?

Re:Wait (1)

WrongSizeGlass (838941) | about 4 years ago | (#31739010)

So all I have to do is download some shitty app and rate it, potentially exposing myself to the spyware/malware/security vulnerabilities were looking to avoid? Where do I sign up?

I'm surprised they don't have at least a 9 question application to signup and qualify the suckers, um, volunteers. I guess they'll let anyone test the apps? So it's Yelp but without the sales pressure?

A better way (0)

PopeRatzo (965947) | about 4 years ago | (#31739798)

I've got a better idea. Let me rate the apps without downloading and installing them. I'll be the judge of whether or not they're probably safe to use and free of malware.

I'm betting that most of us here at /. could make some very accurate educated guesses as to whether something should be downloaded and installed without having to risk actually getting infected with malware. In many cases, we could probably do it based on the URL alone.

Just put us in charge. Oh, and give us the power to punish those who would spread malware. We'll get it straightened out in no time.

For this scheme to work... (1)

Lead Butthead (321013) | about 4 years ago | (#31739806)

For this scheme to work, the toxic app host/author has to know and a sense of moral. The very fact these apps exists implies their host/authors either have weaken or non-existent sense of moral, therefor this scheme will never fly.

That's nice and all, but... (1)

clang_jangle (975789) | about 4 years ago | (#31738552)

Isn't the whole point of free (as in gratis) web apps to capture and exploit user info? These companies providing them aren't charities.

Re:That's nice and all, but... (1)

iYk6 (1425255) | about 4 years ago | (#31739038)

Yes, presumably web apps will receive low scores. However, the list also includes "browsers, mobile platforms, mobile apps", so maybe you will find something in one of those categories that fits you better.

The most toxic DESKTOP App (-1, Troll)

Anonymous Coward | about 4 years ago | (#31738594)

is MICROSOFT [microsoft.com].

Yours In Ulyanovsk,
Kilgore Trout

Re:The most toxic DESKTOP App (1)

coolsnowmen (695297) | about 4 years ago | (#31738744)

I can't sell if you are being serious, or you are tying to parody the stereotype of /. ers.

Re:The most toxic DESKTOP App (0)

Anonymous Coward | about 4 years ago | (#31739050)

Mission Accomplished!

!Yours In Ulyanovsk,
!Kilgore Trout

Re:The most toxic DESKTOP App (0)

Anonymous Coward | about 4 years ago | (#31739272)

^ Whoever this guy is, I want more of him. Pointless linking, stupidly fake-formal sign-off, awesome name, overcapitalization, and no walls-of-text! This is a troll I can enjoy. Mod Kilgore Trout up!

Re:The most toxic DESKTOP App (0)

Anonymous Coward | about 4 years ago | (#31739362)

Your standards are acceptably low. You've qualified for a free Windows upgrade to 'Vista Platinum*'.




* Vista Platinum is not compatible with ponies, omg ponies or ponicorns.

Re:The most toxic DESKTOP App (0)

Anonymous Coward | about 4 years ago | (#31740716)

Does it make me odd if I read that last word as pornocore?

Re:The most toxic DESKTOP App (0, Offtopic)

quantumplacet (1195335) | about 4 years ago | (#31739972)

stupidly fake-formal sign-off, awesome name,

Kilgore Trout is the fake sci fi author in Kurt Vonnegut books.

Web of Trust (4, Interesting)

commodore64_love (1445365) | about 4 years ago | (#31738636)

This rate-the-app project sounds similar to WOT. It sounds like a good idea to me, since Web of Trust has helped me avoid a lot of spybots and other crap. http://www.mywot.com/ [mywot.com]

Re:Web of Trust (0)

Anonymous Coward | about 4 years ago | (#31740028)

...but don't you give up privacy by using an add-on that submits the sites you go to

Re:Web of Trust (1)

pgmrdlm (1642279) | about 4 years ago | (#31740720)

I would rather give up a small bit of information about the web sites I visit then have identify theft occur which costs me legal fee's proving I am not the person using that identity. Have my bank account emptied. Have my checks deposited in someone else's bank account.

I would love to see a statistic of the number of people that committed suicide due to the loss of their credit and possibly job due to identity theft.

Its all about YOUR precious privacy and NEVER about the people that are losing EVERYTHING because you don't like a specific application/program/law that would help protect the victims.

By the way, you better turn off ALL Microsoft updates. You know that Microsoft has FULL access to EVERYTHING on your computer. You know damn well they are reviewing all of it. You are nothing but a number that they are crunching for every bit of data they can get.

Go put on your tin foil hat. You know the government is also beaming rays at you to steal your soul.

Re:Web of Trust (0)

Anonymous Coward | about 4 years ago | (#31740916)

Warning: pedantry ahead

I would rather give up a small bit of information about the web sites I visit then have identify theft occur...

"I'd rather A, then B" means that your preference would be A, followed by B.
"I'd rather A than B" means that your preference would be A in place of B.

Personally, I'd prefer neither.

OT: Windows 7 in 1/2 GB (1)

RAMMS+EIN (578166) | about 4 years ago | (#31759682)

``OS 10.6 requires 1 gigabyte; no exceptions. But WIN7 runs well on just 1/2 GB. Apple's OS appears *twice* as bloated.''

I gather you are talking about RAM, not diskspace. But would you perchance have any pointers to reducing Windows 7 disk space usage? It irks me that an OS I rarely use sits there eating up > 10 GB of disk space, but I lack the knowledge of Windows to do something about it. If I could get the disk space

Re:Web of Trust (1)

BillMike (1768382) | about 4 years ago | (#31773272)

What a great picture!! I am truly impressed with your work. Well-done. [URL="http://www.oakleysunglassesmall.com"]cheap oakley sunglasses[/URL] [URL="http://www.oakleysunglassesmall.com"]oakley sunglasses sale[/URL] [URL="http://www.oakleysunglassesmall.com"]oakley sunglasses[/URL]

Hrm.. (3, Insightful)

Dread Pirate Skippy (963698) | about 4 years ago | (#31738704)

The people who are downloading these 'toxic' apps in the first place simply aren't going to visit this site before doing so. Folks who are already aware of the risks won't need a site like this to illustrate them...so who is this for?

Re:Hrm.. (2, Insightful)

selven (1556643) | about 4 years ago | (#31739044)

These are WEB apps, not downloadable ones (technically, the client gets downloaded into your browser cache, but that's usually the extent of it). It's about the ongoing security risk and harm that the apps are causing, and if you've been using Rockbox (to use their hall of shame example) for a year and you stop because of the website, they've still done you a service.

Re:Hrm.. (1)

clang_jangle (975789) | about 4 years ago | (#31739200)

These are WEB apps, not downloadable ones (technically, the client gets downloaded into your browser cache, but that's usually the extent of it)

That is incorrect.

if you've been using Rockbox (to use their hall of shame example)

Rock You Live != Rockbox!

You're like a regular font of disinformation here -- distracted much?

Re:Hrm.. (1)

selven (1556643) | about 4 years ago | (#31739422)

These are WEB apps, not downloadable ones (technically, the client gets downloaded into your browser cache, but that's usually the extent of it)

That is incorrect.

Please explain.

Re:Hrm.. (2, Funny)

WrongSizeGlass (838941) | about 4 years ago | (#31739630)

Please explain.

Sure. I'll use a car analogy:

Salesman: Well I can't _give_ you the car, but I _can_ let you have this little number for practically nothing: only $38,000.
[bullets hit the car]
Homer: [suspicious] Hey, what are all these holes?
Salesman: [quickly] These are speed holes. They make the car go faster.
Homer: Oh, yeah. Speed holes!
[bullets riddle the car and smash the windshield]
Salesman: You want my advice? I think you should buy this car.

Any questions?

Re:Hrm.. (0)

Anonymous Coward | about 4 years ago | (#31739998)

RTFA (or even TFS). If you still want an explanation, you're beyond help.

Re:Hrm.. (1)

Rary (566291) | about 4 years ago | (#31741658)

These are WEB apps, not downloadable ones (technically, the client gets downloaded into your browser cache, but that's usually the extent of it)

That is incorrect.

Please explain.

The summary says "web apps". The actual website, however, says "online and mobile apps". What they're actually rating are mostly downloadable applications, although some really are web apps.

RockYou is in the hall of shame, not RockBox (1)

Chris Pimlott (16212) | about 4 years ago | (#31739844)

You've made a mistake; RockYou Live [whatapp.org] is in their "penalty box", not RockBox [rockbox.org]. The two are totally unrelated; RockBox isn't even a webapp, it's an (excellent) open source firmware for portable music players. They don't ask for your personal information at all.

Re:Hrm.. (0)

Anonymous Coward | about 4 years ago | (#31743184)

Academics, obviously.

bitCh (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#31738734)

You down. It was AnotRher folder. 20 so there are people move forward, as one 0f the These early

Re:bitCh (0)

Anonymous Coward | about 4 years ago | (#31740710)

You down. It was AnotRher folder. 20 so there are people move forward, as one 0f the These early

precisely!

WhatApp (3, Funny)

$RANDOMLUSER (804576) | about 4 years ago | (#31739384)

So near and yet so far.

They could have used WhatsAppDoc.

Who is qualified to do this? (2, Insightful)

yoblin (692322) | about 4 years ago | (#31739490)

How is anyone qualified to actually rate a WebApp on its security most of the time??? Certainly not the average user, and I doubt even a security researcher unless they are given access by the developer. Until it's too late, you won't know that the developer set all the server passwords to 'LOL' or is selling your information to criminals....

Here's one of the worst: Entrust Truepass(TM) (0)

Anonymous Coward | about 4 years ago | (#31739686)

Entrust Truepass [entrust.com] is a real POS.

It's a java applet that some paranoid websites like to use. They claim "zero footprint" which is an outright lie. It only works with a handful of java JREs, and a few web browsers.

The only reason anyone buys it is that it's the only java applet with FIPS 140-1 certification, so if you need to tick that box on your checklist, and you like java, you're stuck with it.

Unfortunately I know Entrust Truepass well since my company's bank, Scotiabank (a major bank in Canada) requires Entrust Truepass for online business banking. Not only that, they require IE 5.5 or IE6 [scotiabank.com] because this crappy java applet doesn't work well with firefox, chrome or safari.

And Entrust Truepass doesn't work with web proxies.

That is not what "Web App" means (0)

Anonymous Coward | about 4 years ago | (#31739816)

A web app is something that runs on a server. Some of the stuff in the summary is web apps, most is not.

Four words: Farmville and Mafia Wars (0, Offtopic)

Zantac69 (1331461) | about 4 years ago | (#31740708)

Those, IMHO, are the two most annoying wastes of time evar. EVAR! Should be rated toxic as such.

[ProductName] is lethal (1)

w0mprat (1317953) | about 4 years ago | (#31743664)

Someone write up a warning about the [ProductName], I heard it's a Killer App!

How to play: substitute ProductName for iPad, Android, JooJoo etc

I just contributed... (1)

Hurricane78 (562437) | about 4 years ago | (#31746434)

I rated the “WhatApp?” wiki as really crappy and unable to overcome a singular bias towards the opinion of the most powerful entities. ;)

Thanks! (1)

RyanCalo (1784348) | about 4 years ago | (#31751830)

Thanks for all of the /. feedback. Love it. So, just to clarify: ratings and reviews are based on a lot of things---technical knowledge, close reads of supporting documentation, etc. We don't let "anyone" review apps. We have 20+ approved experts at this time, some with computer science backgrounds, others with legal knowledge, still others with a background in privacy compliance. That said, we don't want to raise the bar excessively high. If you read a review, you can judge for yourself based on the expert's bio whether you trust them. In addition to expert ratings and reviews, you have news feeds, a wiki, comments, and the opportunity for the developer to claim the app and add notes. WhatApp.org is trying to improve on the status quote---namely, jack. We have StopBadware.org for really malicious software, plus CNET and others write up apps from time to time from the perspective of security. Sitejabber.com also does a nice job with community review of websites. But I'm not aware of any central repository of information on consumer values like privacy, security, and openness of online and mobile apps. Improving on nothing is our (modest) goal. It's a work in progress, and we really appreciate the many, many people who have signed up to contribute. PS: One thing we could really use help on is adding apps. Any user can add an app to review. Please consider it.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...