MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
On Dec. 5, CryptoSlate ran an article on privacy concerns related to the use of MetaMask wallet, specifically how a recent public disclosure revealed the logging of user IP addresses.
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
In response to the backlash, MetaMask’s parent company ConsenSys released a statement addressing the concerns raised.
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
Crypto community uneasy over data collection policy
An updated privacy policy, released on Nov. 24, revealed the tracking of users’ IP addresses upon sending transactions, which applies to users who leave the default Remote Procedure Call (RPC) setting as Infura.
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
This sparked a wave of criticism from the crypto community, with some expressing unease over the data collection policy. Strategies shared to circumvent the tracking of IP addresses included changing the RPC setting to another provider and running an Ethereum node.
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
ConsenSys pointed out that the updated privacy policy was actioned to bring greater transparency to its operations. But logging IP addresses upon sending transactions was always carried out in the ordinary course of MetaMask use.
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
“These updates aimed to solely provide greater transparency on existing practices and did not describe a change in our business practices.”
MetaMask Privacy Concerns, ConsenSys Responds To The Backlash
Nonetheless, the company said the community feedback had prompted them to “better prioritize the privacy of MetaMask and Infura users.” For that reason, ConsenSys wanted to clarify misunderstandings and provide details on what it is doing to address privacy concerns.
ConsenSys said it supports user agency
Having read the Terms of Service, the founder of Boxmining, Michael Gu, speculated that MetaMask may log IP addresses when opening the wallet, not just when sending transactions.
ConsenSys’s statement clarified “read” requests, such as opening the wallet to check balances, do not log IP addresses. But “write” requests, when actioning transactions and via Infura endpoint service, do collect an IP address to ensure “successful transaction propagation, execution, and other important service functionality such as load balancing and DDoS protection.”
The company also wanted to make clear that:
IP addresses and wallet address data relating to a transaction are stored separately, so they cannot be associated together.User data, including IP addresses, is deleted in line with the company’s data retention policy. Plans are in place to lessen the deletion turnaround to seven days.It does not sell collected data to third parties.
Commenting on changing the RPC provider to a non-Infura alternative, ConsenSys warned that users who do that are still subject to the data policies of the new endpoint provider. While running a node is no guarantee of masking an IP address.
“From a privacy perspective, we caution that these alternatives may not actually provide more privacy; alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address.”
Nonetheless, from next week onwards, users will have access to a new advanced settings page, enabling the selection of alternative RPC providers and the functionality to reject third-party services. In addition, further development work will go into securing the RPC process, including risk warnings on suspect providers.
Posted In: Ethereum, Privacy
Read Our Latest Market Report
Get an Edge on the Crypto Market 👇
Become a member of CryptoSlate Edge and access our exclusive Discord community, more exclusive content and analysis.
On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits
Source
