Leading Crypto Wallet MetaMask Reveals it Collects User Data, Faces Backlash From Community
A section of the post goes into describing information collected by Infura, which is the default Remote Procedure Call (RPC) provider in MetaMask. The company stated that,
"When you use Infura as your default RPC provider in MetaMask, Infura will collect your IP address and your Ethereum wallet address when you send a transaction."
Infura is a tooling suite used to create applications that connect to the Ethereum network. Both Infura and MetaMask are owned by ConsenSys.
RPCs allow communications with servers remotely, and they provide the execution of programs in a separate location. In blockchain terms, RPCs allow access to a server node on the specified network and enable users to communicate and interact with that blockchain.
There is a way, however, for neither of these two products to collect information, though this option too may come with privacy-related risks.
ConsenSys wrote that,
"If you’re using your own Ethereum node or a third-party RPC provider with MetaMask, then neither Infura nor MetaMask will collect your IP address or Ethereum wallet address (but you should be aware your information will be subject to whatever information collection performed by the RPC provider you are using and their terms regarding such collection)."
As for the information the company collects through the above-stated sites, these include user-provided information, such as identity information (name, username, gender, date of birth, etc.), profile information (including username and password), contact, financial and transaction information, among others.
There is also data that is collected automatically, such as log data and browsed pages and features on ConsenSys websites, as well as information obtained from other third-party sources.
The company also said that it has appointed a Data Protection Officer, whose task is to ensure that it complies with "responsibilities under applicable data protection legislation."'This can be fixed'
Once journalist Colin Wu shared the news of the updated policy on Twitter and reactions started rolling in, MetaMask co-founder Dan Finlay jumped in, claiming that the users' IP addresses are not actually being used for anything.
He wrote that,
I think we can get this fixed soon. We are not using IP addresses even if they are being temporarily stored, which they don't need to be, as we're not using them for anything.
Finlay went on to explain that, in his opinion, since it is not being used, it is "not actually worth of freaking people out," so correcting it should be a simple matter. As for how soon that could be, he said that it would have to be after the holiday, as the USA celebrates Thanksgiving today.The community's reaction was swift
Finlay wasn't exaggerating when he said people were freaking out.
MetaMask is a popular wallet, and the community didn't react well to the news, with many arguing for the push towards Web3 and decentralized finance (DeFi), with robust user privacy protections in place, as is the "ethos of crypto" - instead of turning to Web2 and centralized services.
Others defended ConsenSys, stating that the company is trying to be transparent and offer options.
There were also those looking into other potential options.
Ethereum educator and advocate Anthony Sassano suggested switching RPC providers, stating that doing that on MetaMask is "trivially easy and there are plenty of good alternatives out there these days. [...] Of course, the best alternative is to use your own full node as an RPC," he argued.
Some, meanwhile, wondered why this change would matter when 'everybody's doing it'.
Decentralization advocate Chris Blec argued that these types of policies should not be ignored. "This is how you will be canceled from the financial system in the not-so-distant future. This is how they’ll do it," he wrote.