Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
On Dec. 5, CryptoSlate ran an article on privacy concerns related to the use of MetaMask wallet, specifically how a recent public disclosure revealed the logging of user IP addresses.
In response to the backlash, MetaMaskâs parent company ConsenSys released a statement addressing the concerns raised.
Crypto community uneasy over data collection policy
An updated privacy policy, released on Nov. 24, revealed the tracking of usersâ IP addresses upon sending transactions, which applies to users who leave the default Remote Procedure Call (RPC) setting as Infura.
This sparked a wave of criticism from the crypto community, with some expressing unease over the data collection policy. Strategies shared to circumvent the tracking of IP addresses included changing the RPC setting to another provider and running an Ethereum node.
ConsenSys pointed out that the updated privacy policy was actioned to bring greater transparency to its operations. But logging IP addresses upon sending transactions was always carried out in the ordinary course of MetaMask use.
âThese updates aimed to solely provide greater transparency on existing practices and did not describe a change in our business practices.â
Nonetheless, the company said the community feedback had prompted them to âbetter prioritize the privacy of MetaMask and Infura users.â For that reason, ConsenSys wanted to clarify misunderstandings and provide details on what it is doing to address privacy concerns.
ConsenSys said it supports user agency
Having read the Terms of Service, the founder of Boxmining, Michael Gu, speculated that MetaMask may log IP addresses when opening the wallet, not just when sending transactions.
ConsenSysâs statement clarified âreadâ requests, such as opening the wallet to check balances, do not log IP addresses. But âwriteâ requests, when actioning transactions and via Infura endpoint service, do collect an IP address to ensure âsuccessful transaction propagation, execution, and other important service functionality such as load balancing and DDoS protection.â
The company also wanted to make clear that:
- IP addresses and wallet address data relating to a transaction are stored separately, so they cannot be associated together.
- User data, including IP addresses, is deleted in line with the companyâs data retention policy. Plans are in place to lessen the deletion turnaround to seven days.
- It does not sell collected data to third parties.
Commenting on changing the RPC provider to a non-Infura alternative, ConsenSys warned that users who do that are still subject to the data policies of the new endpoint provider. While running a node is no guarantee of masking an IP address.
âFrom a privacy perspective, we caution that these alternatives may not actually provide more privacy; alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address.â
Nonetheless, from next week onwards, users will have access to a new advanced settings page, enabling the selection of alternative RPC providers and the functionality to reject third-party services. In addition, further development work will go into securing the RPC process, including risk warnings on suspect providers.
The post MetaMask privacy concerns, ConsenSys responds to the backlash appeared first on CryptoSlate.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.