The cryptocurrency community has a tendency to notice a new problem every few weeks and then quickly forget about it. The limited attention span of this community misses out on final resolution of important problems. During the Thanksgiving holiday in November 2022, ConsenSys published a disclosure about a privacy policy affecting MetaMask users that sent “Crypto Twitter” into a firestorm. My first reaction was also negative.
That’s what a sly fox would say, isn’t it? pic.twitter.com/PfKMTiNHoR
— JW Verret, JD, CPA/CVA (@JWVerret) November 25, 2022
The MetaMask browser extension wallet uses a node called Infura. That node is owned by ConsenSys, the same company that develops MetaMask. The press release reminded users that Infura collects the Internet Protocol (IP) addresses and wallet addresses of users who connect their MetaMask wallet to Infura. He also reminded them that MetaMask users don’t have to use Infura, which is just a default, and that MetaMask allows connection to other public node providers like Alchemy or Ankr.
When you send or receive crypto, your wallet interacts with the blockchain. But wallets don’t download the blockchain; that’s too cumbersome for a wallet on your phone. Instead, when your crypto wallet submits a transaction, most wallets use a public node to request new transactions to be added to the blockchain via the mempool.
Related: ‘Tracers in the Dark’ features a hilarious crime story and a privacy lesson
(You could set up your own node. In fact, for better privacy and speed, you probably should. More private nodes also means a more decentralized network. But I’ve tried and don’t have enough technical skills to do it. Maybe you’ll have better luck. .)
Now let’s remember that blockchains like Ethereum are not private. If you want privacy, you should use a privacy coin such as Monero (XMR), which leaks information about the sender, or Zcash-protected transactions (ZEC), which do not leak sender information. Or you need a privacy tool, but unfortunately, the feds sanctioned Tornado Cash, which was the most trusted privacy tool on Ethereum.
Regardless, if you are using a public node or any other core service to transact in crypto, you should use a Virtual Private Network (VPN) or Tor (easy to use with Tor Browser) to mask your Internet Service Provider (ISP) address. Is anyone using Ledger Live to transact crypto using their Ledger hardware device? Ledger Live also tracks ISPs and apparently retains that information for up to five years.
Privacy is a personal responsibility. No one will protect it for you. Cryptocurrency users need to learn how to use privacy tools like VPN, Tor, privacy coins, etc. The day will soon come when governments send “John Doe subpoenas” to public node providers to get those ISPs, just as the Internal Revenue Service did. core crypto exchanges in the early days of crypto. And those intermediaries will certainly comply.
Related: Tornado Cash saga highlights legal issues plaguing the crypto market
There are legitimate reasons why remote procedure call providers may want to retain ISP information. Some node users who are Infura customers may want to track ISPs because it might help hunt down hackers.
So back to the question: Are we still mad at MetaMask? Foxes are known to be smart. Less well known, however, is that they are also loyal, as both males and females care for a tight-knit family unit. Was the MetaMask fox too smart or was he loyal to the basics of blockchain?
What sparked the outrage was the public disclosure of the changes to its privacy policy. Transparency is a good thing, or should be, unless Crypto Twitter erupts violently in response to those revelations. And they further refined their privacy policy in response to the criticism. Read for yourself the new privacy policy of Infura here. It looks simple and attempts limited privacy protection.
For those who care about their IP in MM, remember that you can change Infura’s RPC in 4 steps as follows:
— . | (@ancestral_alien) November 25, 2022
Except you do, you have, you always will because there’s no way not to. Don’t disrespect your users like that.
It sends each user various on-chain addresses, IPs, information to mewapi (you), blockchain information, moonbeam network, and so on.
The ONLY difference is that YOU lie blatantly about it.
— Tay (@tayvano_) November 24, 2022
Infura’s competitors like Alchemy and MyEtherWallet took this opportunity to throw shade in Infura’s way. A MetaMask developer responded. Please read Alchemy’s privacy policy, which uses legalese to reserve the right to collect and use data in any way Alchemy chooses. Alchemy’s privacy policy receives a negative Chainlist recommendation for its bad privacy practices. not great
In crypto, as in life, privacy is a personal right and responsibility. The energy expended on momentary outbursts is better spent learning about privacy technology to protect yourself.
J.W. Verret is an Associate Professor at George Mason University Antonin Scalia School of Law. He is a practicing crypto forensic accountant and also practices securities law at Lawrence Law LLC. He is a member of the Advisory Council of the Financial Accounting Standards Board and a former member of the SEC Investor Advisory Committee. He also runs the Crypto Freedom Lab, a think tank fighting for policy change to preserve the freedom and privacy of crypto developers and users.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.