The move sparked concern from users over tracking and centralization fears, with some considering ditching MetaMask entirely.
MetaMask Infura RPC Will Collect IP, Wallet Addresses
The privacy policy changes released Wednesday led to concerned and outraged customers, as ConsenSys said any user interacting with Ethereum or through MetaMask would be handing over their IP and wallet address to the firm’s Infura tool — an RPC provider. The company then released a follow-up statement clarifying that the policy updates “do not result in more intrusive data collection or data processing” and that their policy “always stated that certain information is automatically collected about how users use our Sites, and that this information may include IP addresses.” In the statement, ConsenSys stated that IP address and wallet address collection should not surprise users. “This is not Infura-specific and is consistent with how web architecture works generally, though we continue to pursue technical solutions to minimize the exposure, including anonymization techniques.”
Data Collection Is Not MetaMask-Specific
With over 21 million users in tow, MetaMask is one of the most popular cryptocurrency wallets in the Web3 decentralized blockchain realm. Users are increasingly looking for non-custodial (self-regulated) wallets following an endless stream of high-profile cryptocurrency cybercrime, such as wallet hacks and thefts on platform bridges. Of course, cryptocurrency investors have also been rattled by last week’s FTX collapse. MetaMask is also not the only decentralized project that collects sensitive information. Major crypto exchange Uniswap has also started collecting user data such as browser and hardware information. One of the world’s largest cryptocurrency exchanges, Coinbase, also collects IP information.
Users Outraged
The privacy policy update sparked outrage among users, with some saying they would stop using MetaMask altogether. “Thanks for giving a reason to move my holding from MetaMask (which I used to like more) to my ledger,” one user tweeted. The discussion also spilled over to Reddit, where users said this was a very “centralized” move. “It is just bizarre how centralized the industry happens to be,” a Reddit user said. Another user alleged that bank account information is also being collected. In response to users’ questions on Twitter regarding why the data collection is necessary, MetaMask’s lead developer Dan Finlay tweeted: “It seems to have been some analytics logging thing not actually worthy of freaking people out, which is why I think it’ll be easy to correct.” He continued to reassure users that their concerns would be addressed: “I think we can get this fixed soon. We are not using IP addresses even if they are being temporarily stored, which they don’t need to be, as we’re not using them for anything.”
Users Can Opt for An Alternative RPC
ConsenSys said concerned users are not constrained using MetaMask’s default Infura RPC and can opt for a third-party alternative. However, users should remember that doing so subjects them to the information collection performed by those other RPC providers, ConsenSys said. Remote procedural calls (RPCs), like MetaMasks’ Infura, allow developers to remotely connect decentralized Web3 blockchains like Ethereum, Bitcoin, and others with one another. RPCs are also used in “dApps” or decentralized apps. For instance, for users accessing a decentralized exchange — or MetaMask in this case — all of their requests go through an RPC which connects them to nodes that hold blockchain data. Tightening regulations and anti-money laundering law enforcement pressure on the decentralized space means companies have begun disclosing user information to affiliates and other businesses. The criteria for Know Your Customer (KYC) — a process where you must disclose your identity with official documents when signing up to a cryptocurrency organization — has also toughened, meaning that genuinely anonymous cryptocurrency transactions may be thinning even for non-custodial wallets like MetaMask. “Really poor timing to change anything. Especially with so many people actively looking into self custody,” a Twitter user said. “It only makes it worse that you collected data just to have it. I’m disappointed.” Whether you use a MetaMask wallet or another product for your digital assets, it is always recommended to use offline cold storage to store your financial assets. It is also good cyber hygiene practice to supplement your cybersecurity with virtual private network (VPN) software, which anonymizes your IP address. To do that, you can pick up one of our select VPNs in 2022, with which you get crypto-wallet support and purchase anonymously with cryptocurrency.