ConsenSys to Update MetaMask Crypto Wallet in Response to Privacy Backlash

The firm clarified its data-sharing practices and said it will rebuild MetaMask’s settings page to address user concerns.

AccessTimeIconDec 6, 2022 at 1:00 p.m. UTC
Updated Dec 6, 2022 at 9:31 p.m. UTC
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.

Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.

ConsenSys, the company behind the MetaMask crypto wallet, said Tuesday it will release a series of updates to the platform in response to user backlash regarding its data-collection practices.

In a statement, the company explained how and why it was sharing MetaMask user internet-protocol information with Infura, the ConsenSys-made "RPC (remote procedure call) service" for reading and writing data to the Ethereum blockchain.

A change in wording to the ConsenSys user agreement last month revealed that MetaMask, by default, shared users’ transaction data with Infura alongside their IP addresses. The revelation sparked outrage in a vocal corner of the crypto community, with some users worrying aloud that their transaction data wasn't as private as they assumed.

In its statement, ConsenSys clarified that it would only "collect wallet and IP address information in connection with 'write' requests, also known as transactions, when MetaMask users broadcast transactions through Infura's RPC endpoints."

"We do not store wallet account address information when a MetaMask user makes a 'read' request through Infura, for example in order to check their account balances within MetaMask," the company said.

According to MetaMask co-founder Dan Finlay, the platform began collecting and sharing IP-linked transaction data with Infura in 2018 to prevent network overload and to monitor pending transactions.

When users learned about the practice last month, many of them viewed it as a violation of Ethereum's privacy-focused, decentralized ethos.

"By being increasingly clear about exactly how data was managed by various ConsenSys products, there were some valid critiques and concerns raised – especially by people who ultimately have the highest privacy standards," Finlay told CoinDesk.

Finlay said MetaMask cannot stop logging IP addresses entirely; if a user interacts with an RPC service like Infura, their IP address will always be visible. ConsenSys, however, will stop logging user IP information directly alongside their transaction data, thereby making it more difficult for the firm to trace transaction activity back to specific users.

ConsenSys said it will also make updates to the MetaMask interface. Previously, ConsenSys advised privacy-conscious users to configure MetaMask to bypass Infura by setting up their own Ethereum node or configuring a non-Infura RPC service. However, people quickly pointed out on Twitter that doing either of those things was difficult and non-intuitive via MetaMask’s current user interface.

ConsenSys said that over the next week, it will be "rolling out a new advanced settings page" that "will give all new users an opportunity to choose their own RPC providers at onboarding and to opt out of third-party services that are otherwise used to enhance the user experience."

Addressing concerns that non-Infura RPCs received second-class treatment on the platform, ConsenSys said, "We previously showed a gray question mark next to custom-added RPCs in order to caution users against rogue or unknown RPC risks.

"We think this was overly cautious and are not intending to scare anyone away from using their chosen provider," the company added.

ConSensys warned, though, that users may need to take extra precautions should they wish to retain their privacy by bypassing Infura.

"From a privacy perspective, we caution that these alternatives may not actually provide more privacy," ConsenSys said in its statement. "Alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address."




DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.


Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


CoinDesk - Unknown

Sam is a reporter at CoinDesk focused on decentralized technology, DeFi and DAOs. He owns ETH, BTC and MATIC.