There are a myriad of web browser add-ons available, and the vast majority of people have at least one of them installed. But while many keep you safe, they may not respect your privacy - it seems a popular extension found on over 140 million machines has been selling user data without properly anonymizing it.

Web of Trust is a “Safe Web Search & Browsing” service that’s been around since 2007. It uses a crowdsourcing system whereby users can view and rate websites based their trustworthiness and child safety.

But an investigation by German broadcaster NDR (Norddeutscher Rundfunk) found WOT wasn’t living up to its privacy promise. While the company’s policy states it could collect data such as IP, geolocation, device type, OS, browser of choice, date, time, and the URLs you visit, WOT promises to anonymize everything.

However, NDR examined some of the data that WOT sold for targetted advertising and found that it contained emails and phone numbers. With this information, the journalists were able to identify more than 50 individuals and easily link them to their browsing histories and other private details, which included travel plans, illnesses, sexual preference, drug consumption, and ongoing police investigations.

Mozilla has already removed WOT from its add-ons page for violating guidelines. WOT has since removed its extension from other platforms so it could “study the feedback we have been receiving and to make appropriate changes.”

Responding to the revelations, WOT apologized and said it is changing the way it anonymizes data. It will also now offer a way for users to opt-out of having their data collected. The company is launching an updated version of the extension, and is changing its privacy policy so users know what info is gathered and how it is used.