Coins: 12,952
Exchanges: 957
Market Cap: $2.412T 3.0%
24h Vol: $211.03B
Gas: 61 GWEI
Go Ad-free
Analysis
TABLE OF CONTENTS

MetaMask’s Latest Privacy Update: What Can You Do to Preserve Your Privacy?

4.8 | by Khor Win Win

Just a couple of weeks ago, ConsenSys announced several changes to its privacy policy, which affected one of its most popular products - Metamask, the most widely used cryptocurrency wallet for traversing the multiverse of EVM-based networks. Most notably, the announcement included an update mentioning that Infura, Metamask’s default RPC provider for Ethereum (also owned by ConsenSys), collects information about users’ IP and wallet addresses whenever the application is used to perform transactions. Additionally, there were claims that these wallet addresses under the same IP address will also be recorded right from the moment that the MetaMask wallet is unlocked.

Understandably, Crypto Twitter went into a frenzy when the news broke. Many were outraged and quick to voice out their concerns about their loss of privacy, especially when anonymity is one of the very core features that the crypto space offers. The phrase ‘not your keys, not your coins’ is more relevant than ever following the demise of multiple centralized crypto services, as well as the U.S. increasing its regulatory activity. Users have become more aware of the importance of taking charge of their own funds across the wild west of decentralized networks without the need to expose their identity.

Given MetaMask and Infura are the dominant wallet and RPC for EVM chains, every move they make is examined under a microscope as it will affect a significant portion of the crypto community. But what exactly was the reasoning behind their latest update, what’s going to happen moving forward, and do users have any other options to maintain their privacy? Let’s dig in!

 

So, What’s Going On?

On November 23rd, ConsenSys updated several clauses in its privacy policy to better illustrate the type of information collected from users and how they were being handled. Although it was always stated that the collection of sensitive data may include contact information and transaction information, a new addition to the policy was the type of data that Infura could retrieve from MetaMask users. The latest changes to the policy sent alarm bells ringing across the community that their privacy was at risk.

In response to the backlash, the ConsenSys team has since released an initial statement on the recent changes, clarifying that their policy had always stated that certain information, such as IP addresses, were automatically collected each time a user interacts with their products. According to the team, the sole purpose of adding the particular clause on Infura was to provide higher transparency to users, ensuring that they are informed of how information is collected and used when they interact with the blockchain through MetaMask and Infura.

To be more specific, IP data is automatically logged simply based on how the app’s architecture is structured, and this is not a behaviour that is specific to Infura alone but the majority of web apps. Besides that, the data is used to ensure that transactions are properly broadcasted and executed onto the Ethereum network, in addition to other important functions for Infura to operate smoothly, such as load balancing and DDoS protection.

Additionally, the updated policy will not result in a more intrusive experience for users and was not influenced by regulatory demands. In other words, nothing has changed other than the language of the policy. For the smooth functioning of the app, some level of data has always been collected during the course of users’ interactions with MetaMask and Infura.

Besides that, they have made it clear that Infura will only gather your data when it is used as the default RPC provider in MetaMask. If you switch to another RPC provider or host their own endpoint, then neither your IP address nor your Ethereum address will be retrieved by MetaMask or Infura. However, your information may still be collected by third-party RPC providers, where the usage of such data by the provider is dependent on their own terms and conditions, which may be even more hidden and invasive.

Dan Finlay, one of the co-founders of MetaMask, has also taken to Twitter to address some of the concerns surrounding these changes. Reinforcing ConsenSys’ official stance on the issue, Finlay reasserts that MetaMask has not and will not pivot towards implementing increased surveillance in its products but simply promoting greater transparency while remaining compliant with law enforcement. Finlay also mentioned that they are looking to store as little personal data as possible while the team actively works on providing more private and secure solutions.

 

Further Updates from ConsenSys

Following feedback from the community, Consensys has since released an update on their data retention policies, highlighting several key issues on how data is stored by Infura and MetaMask, as well as several planned upgrades for improving privacy. Below are some of the key points:

1. When users unlock their wallets to check their account balances on MetaMask, both IP addresses and wallet addresses are never recorded. For users who perform transactions, wallet data and IP addresses are stored separately, such that they cannot be associated with one another.

2. Wallet and IP information is only retained for a short period of time before they are deleted. ConsenSys has stated that they will improve on cutting retention time to 7 days, which will be reflected in a future policy update.

3. ConsenSys will be updating MetaMask to promote greater control among users. A new advanced settings page will allow new users to choose their own RPC providers upon setup and to opt out of additional third-party services. Additionally, a user’s personal settings will not be overridden or reverted back to the default, and custom RPC selection will be revamped to become more user-friendly and to prevent a false sense of non-security.

 

What Can You Do to Preserve Your Privacy?

If you’re still not too happy about these recent changes, there are a few alternatives and additional measures that you can take to continue maintaining your privacy across decentralized networks. And even if you don't feel too strongly about ConsenSys’ actions, some of these tips will still go a long way in boosting your security and protecting you and your transactions from being doxxed. In no particular order, here are some suggestions to help you preserve your privacy across the multichain cryptoverse.

1. Using a VPN

Probably one of the easier ways of protecting your internet traffic and masking your IP address is to install a proper VPN or virtual private network on your device. Be it browsing through CoinGecko or performing various transactions on different apps, VPNs ensure that your data is encrypted and your location is hidden, preventing external attackers from identifying and attacking the source.

While all VPNs generally do their job of protecting your IP from being exposed, this doesn’t actually stop some of them from collecting your address, should they have a reason to. While no-log VPNs are the current highest standard readily available in the market, users should understand that VPNs are businesses in itself. If a legitimate enforcement request is made by the authorities, it is likely that the company will have no choice but to comply.

expressvpn dashboard coingeckoSource: ExpressVPN

There is a vast assortment of VPN providers in the market these days, from completely centralized platforms such as ExpressVPN and Atlas VPN to decentralized versions such as Sentinel and Hopr. Each one offers a different range of additional tools and features, which may vary for free and paying users, so be sure to check each one out before deciding which VPN service is the right for you.

 

2. Changing MetaMask’s RPC Endpoint

If using VPNs isn’t something you’re too keen on, or you want even more privacy assurances, that doesn’t mean that you can’t continue using MetaMask. You may consider switching the default RPC endpoint for the Ethereum mainnet (Infura) to another provider instead.

In 2022, users can now access a variety of free and paid RPC services that come in different price tiers to suit their needs. For a selection of public (but perhaps not so private) RPCs, you can check out a list compiled by DeFiLlama here. Otherwise, paid RPC providers such as Alchemy and QuikNode allow users to get their own private RPC endpoints in order to access the blockchain, and it’s fairly easy to set up in MetaMask. At the moment, MetaMask currently restricts users from changing the endpoint on the default Ethereum mainnet, so you will have to add a new network that also connects to Ethereum but using a different RPC endpoint. This is now scheduled to change in a future update from MetaMask to make it easier. 

Step-by-Step Guide to Adding New Networks

  1. In the MetaMask extension, click on the drop-down tab to open up a list of your current networks and click on ‘Add Network’

    metamask network selection coingecko

 

  1. A new tab for the MetaMask extension will then be opened, allowing you to also add pre-existing networks (with a set RPC endpoint) automatically. For this example, we will be adding the network manually.

    metamask setting add network

 

  1. On the next page, you will be prompted to fill in several key details before the network can be successfully added, such as the network’s name, RPC URL, and chain ID. It is recommended that you choose a name that will make it easier to identify that it is the Ethereum network. Copy and paste your RPC URL and enter “1” as the chain ID. Optionally, you may also add a URL to a specific block explorer. Once you’re done, click “Save” and you’re ready to use your new RPC endpoint.

metamask add custom network

Although moving away from Infura may offer some peace of mind, using a third-party RPC doesn’t really guarantee that your IP address isn’t exposed as well. Each RPC provider will have different terms and conditions in regard to what information they can collect from their users, so it’s important to really dive into the fine print and be aware of what you’re signing up for. 

 

3. Running your own ETH Node

When engaging with centralized entities, there’s always a risk that your personal information may be collected, with or without your knowledge, for malicious purposes. Thus, for a truly decentralized experience, more experienced users may be tempted to spin up their own Ethereum node. Running your own node allows you to transmit your own transactions privately and directly to Ethereum without the risk of censorship by third parties. Your personal node will allow you to host your own RPC endpoints and plug them into MetaMask or any other wallet.

However, running a node requires some level of technical know-how, as well as the appropriate hardware, which could be quite an investment. Despite that, there are several preconfigured plug-and-play options available for beginners, from vendors such as DappNode and Avado, with built-in software right out of the box.

dappnode client selection setupSource: DappNode

Even if you choose to build your own machine, setting up the necessary software to run and manage your node is equally simple, with just a few clicks. Projects such as NiceNode and Stereum offer a user-friendly experience for newbies to easily install their choice of clients to run as well as a control center to monitor and make adjustments to their nodes.

However, users should be aware that connecting a node to the Ethereum network does expose the IP address of your device, although it can’t be associated with you or any particular entity. Regardless, this opens up plenty of opportunities for hackers to find weak spots in your device and infiltrate your system. As such, understanding and taking the neccessary steps to strengthen the security of your node, such as configuring the right firewalls, is a must if you’re headed down this route. 

 

4. Using other Cryptocurrency Wallets

If you don’t really want to continue using MetaMask, switching to other wallet providers is a viable option as well. While MetaMask has been the go-to wallet for the majority of Web3 natives for interacting with EVM blockchains, various new alternatives have sprung up in recent years to challenge the throne. For a non-exhaustive list of wallet providers, you can check out Sov’s Compendium here.

Some of these wallets have proven to be solid options, such as XDEFI and Coin98, and are even besting MetaMask in certain aspects, such as the ability to support non-EVM networks. For users who may want more private or decentralized options, wallets such as Frame and Tally Ho are starting to gain traction and are definitely worth looking into.

frame crypto wallet uiSource: Frame.sh

However, it’s important to note that other wallets may also be collecting your IP addresses, which defeats the purpose of moving away from MetaMask in the first place. Additionally, each wallet comes with its own UI and offers a very different user experience, which may be unfamiliar to newer crypto participants, making it a bit trickier for them to make the switch. While some wallet providers have tried to tackle this by recreating the familiarity of MetaMask, the overall performance of the wallet itself tends to be subpar for the most part. Unlike MetaMask, which has become the default option for connecting and executing transactions on most dApps, not every wallet may be properly supported. 

 

Conclusion

In a world where ‘everything is for sale’, including sensitive information, it makes complete sense for users to take pains to ensure that their private data remains private. As more companies are becoming increasingly comfortable in promoting “users as the product”, it’s hard to blame users for becoming skeptical and paranoid each time they hear that their data is being collected. Once they’ve been blue-pilled, many understandably go to great lengths to protect their privacy.

Self-sovereignty is the only viable alternative for privacy, and projects in the crypto space are building the tools to give control back to the users. For better or worse, the existence of decentralized networks and the plethora of tools currently available has allowed almost everyone to take ownership of their own security and privacy, lest it is taken advantage of for nefarious purposes. As this incident shows, there are still significant hurdles to surmount, and we all need to remain vigilant and exercise care in mitigating risks across the apps that we use and love. 

Tell us how much you like this article!
Vote count: 10
Khor Win Win
Khor Win Win

Win Win is an avid gamer, interested in navigating the vast world of NFTs and the cryptoverse. Follow the author on Twitter @0x5uff3r

More Articles

coingecko
Continue in app
Track prices in real-time
Open App
Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Login to track your favorite coin easily 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
IT'S FREE! Track your favorite coin easily with CoinGecko 🚀
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores