ConsenSys to Update MetaMask Crypto Wallet in Response to Privacy Backlash

The firm clarified its data-sharing practices and said it will rebuild MetaMask’s settings page to address user concerns.

AccessTimeIconDec 6, 2022 at 1:00 p.m. UTC
Updated May 9, 2023 at 4:04 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

ConsenSys, the company behind the MetaMask crypto wallet, said Tuesday it will release a series of updates to the platform in response to user backlash regarding its data-collection practices.

In a statement, the company explained how and why it was sharing MetaMask user internet-protocol information with Infura, the ConsenSys-made "RPC (remote procedure call) service" for reading and writing data to the Ethereum blockchain.

A change in wording to the ConsenSys user agreement last month revealed that MetaMask, by default, shared users’ transaction data with Infura alongside their IP addresses. The revelation sparked outrage in a vocal corner of the crypto community, with some users worrying aloud that their transaction data wasn't as private as they assumed.

In its statement, ConsenSys clarified that it would only "collect wallet and IP address information in connection with 'write' requests, also known as transactions, when MetaMask users broadcast transactions through Infura's RPC endpoints."

"We do not store wallet account address information when a MetaMask user makes a 'read' request through Infura, for example in order to check their account balances within MetaMask," the company said.

According to MetaMask co-founder Dan Finlay, the platform began collecting and sharing IP-linked transaction data with Infura in 2018 to prevent network overload and to monitor pending transactions.

When users learned about the practice last month, many of them viewed it as a violation of Ethereum's privacy-focused, decentralized ethos.

"By being increasingly clear about exactly how data was managed by various ConsenSys products, there were some valid critiques and concerns raised – especially by people who ultimately have the highest privacy standards," Finlay told CoinDesk.

Finlay said MetaMask cannot stop logging IP addresses entirely; if a user interacts with an RPC service like Infura, their IP address will always be visible. ConsenSys, however, will stop logging user IP information directly alongside their transaction data, thereby making it more difficult for the firm to trace transaction activity back to specific users.

ConsenSys said it will also make updates to the MetaMask interface. Previously, ConsenSys advised privacy-conscious users to configure MetaMask to bypass Infura by setting up their own Ethereum node or configuring a non-Infura RPC service. However, people quickly pointed out on Twitter that doing either of those things was difficult and non-intuitive via MetaMask’s current user interface.

ConsenSys said that over the next week, it will be "rolling out a new advanced settings page" that "will give all new users an opportunity to choose their own RPC providers at onboarding and to opt out of third-party services that are otherwise used to enhance the user experience."

Addressing concerns that non-Infura RPCs received second-class treatment on the platform, ConsenSys said, "We previously showed a gray question mark next to custom-added RPCs in order to caution users against rogue or unknown RPC risks.

"We think this was overly cautious and are not intending to scare anyone away from using their chosen provider," the company added.

ConSensys warned, though, that users may need to take extra precautions should they wish to retain their privacy by bypassing Infura.

"From a privacy perspective, we caution that these alternatives may not actually provide more privacy," ConsenSys said in its statement. "Alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address."




Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.