MetaMask privacy concerns, ConsenSys responds to the backlash

On Dec. 5, CryptoSlate ran an nonfiction connected privateness concerns related to the usage of MetaMask wallet, specifically however a caller nationalist disclosure revealed the logging of idiosyncratic IP addresses.

In effect to the backlash, MetaMask’s genitor institution ConsenSys released a statement addressing the concerns raised.

Crypto assemblage uneasy implicit information postulation policy

An updated privateness policy, released connected Nov. 24, revealed the tracking of users’ IP addresses upon sending transactions, which applies to users who permission the default Remote Procedure Call (RPC) mounting arsenic Infura.

This sparked a question of disapproval from the crypto community, with immoderate expressing unease implicit the information postulation policy. Strategies shared to circumvent the tracking of IP addresses included changing the RPC mounting to different supplier and moving an Ethereum node.

ConsenSys pointed retired that the updated privateness argumentation was actioned to bring greater transparency to its operations. But logging IP addresses upon sending transactions was ever carried retired successful the mean people of MetaMask use.

“These updates aimed to solely supply greater transparency connected existing practices and did not picture a alteration successful our concern practices.”

Nonetheless, the institution said the assemblage feedback had prompted them to “better prioritize the privateness of MetaMask and Infura users.” For that reason, ConsenSys wanted to clarify misunderstandings and supply details connected what it is doing to code privateness concerns.

ConsenSys said it supports idiosyncratic agency

Having work the Terms of Service, the laminitis of Boxmining, Michael Gu, speculated that MetaMask whitethorn log IP addresses erstwhile opening the wallet, not conscionable erstwhile sending transactions.

ConsenSys’s connection clarified “read” requests, specified arsenic opening the wallet to cheque balances, bash not log IP addresses. But “write” requests, erstwhile actioning transactions and via Infura endpoint service, bash cod an IP code to guarantee “successful transaction propagation, execution, and different important work functionality specified arsenic load balancing and DDoS protection.”

The institution besides wanted to marque wide that:

• IP addresses and wallet code information relating to a transaction are stored separately, truthful they cannot beryllium associated together.
• User data, including IP addresses, is deleted successful enactment with the company’s information retention policy. Plans are successful spot to lessen the deletion turnaround to 7 days.
• It does not merchantability collected information to 3rd parties.

Commenting connected changing the RPC supplier to a non-Infura alternative, ConsenSys warned that users who bash that are inactive taxable to the information policies of the caller endpoint provider. While moving a node is nary warrant of masking an IP address.

“From a privateness perspective, we caution that these alternatives whitethorn not really supply much privacy; alternate RPC providers person antithetic privateness policies and information practices, and self-hosting a node whitethorn marque it adjacent easier for radical to subordinate your Ethereum accounts with your IP address.”

Nonetheless, from adjacent week onwards, users volition person entree to a caller precocious settings page, enabling the enactment of alternate RPC providers and the functionality to cull third-party services. In addition, further improvement enactment volition spell into securing the RPC process, including hazard warnings connected fishy providers.

The station MetaMask privateness concerns, ConsenSys responds to the backlash appeared archetypal connected CryptoSlate.