ConsenSys to Address MetaMask Privacy Concerns with Update
Image courtesy of 123rf.

ConsenSys to Address MetaMask Privacy Concerns with Update

MetaMask will make it easier to customize users' engagement with third-party services.
Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

In an attempt to restore its standing as the main gateway to Web3, ConsenSys released an update on its MetaMask wallet’s data collection. The update for greater user privacy will come in the form of alternate RPC provider settings. 

Will this be enough to assuage the user backlash?

Why is MetaMask Wallet in Hot Water?

On November 23rd, ConsenSys updated its privacy policy for its core product – MetaMask wallet. MetaMask is the most popular Web3 wallet to access dApps across blockchain networks, accounting for over 21 monthly active users. 

ConsenSys revealed that its other product – Infura – collects users’ IP addresses whenever they send a transaction. As a Remote Procedure Call (RPC) provider, Infura is a critical cog in the Web3 infrastructure because it connects the wallet to smart contracts on a blockchain.

For example, when Infura blocked access to Tornado Cash, the privacy mixer was no longer accessible to regular users despite TC’s smart contracts still running on Ethereum. It then became apparent that a purportedly decentralized blockchain network is far from immune to arbitrary blocks. 

When Consensys revealed that, through Infura, MetaMask links users’ transactions to their IP addresses, it added fuel to the Tornado Cash fire. After all, an IP address reveals users’ geolocation, potentially giving third parties a road to figure out other data, such as online activity and personal information.

Interestingly, Infura co-founder Michael Wuehler said that “my own Metamask doesn’t use Infura.” He further recommended that people use 1RPC instead of Infura’s RPC. AutomataNetwork launched as a free and private-oriented RPC node that prevents data collection, thus preventing user data from being abused for phishing and tracking by third parties.

Join our Telegram group and never miss a breaking digital asset story.

How Is ConsenSys Addressing Privacy Concerns?

This Tuesday, ConsenSys confirmed they are working to make it easy to replace Infura, MetaMask’s default, and only RPC, with an alternative. Although this was possible before, it was hardly accessible to average users. 

Over the next week, ConsenSys will redesign this RPC-replacement process by adding a new advanced settings page. This will give users an option to opt-out of Infura and more easily select an RPC provider of their own choice or even self-host their own.

Furthermore, users could opt out of other third-party services that serve to “enhance the user experience.” However, ConsenSys cautions MetaMask users that other RPC providers may even be worse regarding data handling. 

“alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address.”

Are IP Concerns Overblown?

Daniel Finlay, one of MetaMask developers, noted that MetaMask inherently logs IP addresses if users interact with Infura’s RPC. However, he clarified that ConsenSys will stop recording IP address data alongside users’ transaction data. This makes it more difficult to associate transactions with users.

Most recently, Finlay reassured MetaMask users that ConsenSys is not in the business of selling user data, nor does Infura link users’ IP addresses with their transaction requests.

ConsenSys officially acquired Infura in October 2019, but MetaMask has been sharing IP-linked transaction data with the RPC provider since 2018, according to Finlay. The stated purpose for this sharing has been to monitor pending transactions and prevent network overload.

In the immediate aftermath of ConsenSys’ controversial policy, social media has been abuzz with alternative wallets that have multiple RPC alternatives to choose from, such as Block Wallet. Although MetaMask appears to have cornered the Web3 gateway market, it is still exceedingly early to make such a call, which leaves users in an advantageous position.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Do you use VPNs to obfuscate your online presence? Is this even more important for financial transactions than web browsing? Let us know in the comments below.