Protect Your Crypto: MetaMask’s New Privacy Policy Could Put Your Transactions at Risk

Imagine this.
You just bought your first crypto and found a wallet to keep your digital currency safe. Then, all of a sudden, your wallet service provider decides to change its privacy policy, allowing some third parties to collect your IP and ETH addresses after every crypto transaction.
That’s exactly what happened recently at MetaMask, one of the most popular hot wallet service providers worldwide.

Reading Time: 3 minutes

MetaMask privacy policy update

Illustration: Milica Mijajlovic

Although MetaMask is reevaluating its choices, many crypto holders have been affected by the sudden policy change.

But what are the consequences of this decision, and what’s next?

What Is the New MetaMask Policy All About?

With roughly 30 million active users, MetaMask is one of the most popular Ethereum hot wallets on the market. It’s free to use, has a user-friendly interface, and, more importantly, it’s a non-custodial wallet.

These features made MetaMask one of the biggest players in the hot wallet industry, and the respect for privacy and security contributed even more to MetaMask’s image. However, this general hype about MetaMask is destined to fade as ConsenSys, the company that developed the MetaMask Wallet, decided to implement some drastic and unexpected modifications to its privacy policy.

MetaMask Wallet

Source: Freepik

Unexpectedly, the company altered its privacy policy on November 23, causing a range of adverse reactions in the community. The new policy update filled the MetaMask customers with indignation, as it violates user privacy, allows third-party to collect valuable data, and even potentially puts customers’ funds at risk.

The latest policy update lets the customer know that Infura, a Web3 Remote Procedure Call (RPC) service provider, will gather valuable user data, including IP and ETH addresses, during each translation.

However, this only applies to customers using the default RPC model, which allows remote interactions between blockchain technologies and Web 3.0 apps such as MetaMask. This changeover won’t affect those who have their nodes up and running on MetaMask.

And yes, Infura is a subsidiary of ConsenSys, so technically, it’s not a distant third participant meddling with user data. But, even with Infura under ConsenSys’ wing, this policy update doesn’t seem right.

Nevertheless, MetaMask published on its Twitter profile that operations with its subsidiary, Infura, remain unaltered.

What’s the Issue with MetaMask’s New Policy?

You may wonder why this sudden update is a big issue, especially when we know that most, if not all, apps in the Web2 world collect and distribute some form of user data.

While that may be true, MetaMask is a Web3 app. And since Web 3.0 is, amongst other things, privacy-centric, it’s outrageous for a Web3 company to regress into data collection. In other words, it would defeat the purpose of using a Web 3.0 application to engage in practices were trying to leave behind.

Besides that, many MetaMask users are concerned about this update because they don’t want their data to fall into the wrong hands. Recording IPs and bounding them to transactions is not the best security practice, especially for the crypto wallets millions of people use today.

However, Michael Wuehler, the co-founder of Infura, said that the outrage regarding Infura’s collection of IP address data is “vastly blown out of proportion.”

Twitter screenshot

Source: Twitter

In addition to that, Wuehler tweeted that his company has been vilified for years. Which, to some extent, is true.

But, many Twitter users shared their perspectives on the topic, too, explaining the attitude towards Infura.

Twitter screenshot

Source: Twitter

What’s the Solution?

Now that we’ve covered the problem let’s focus on the potential solutions. If you are a MetaMask wallet owner and you don’t like the recent privacy policy update, you can consider one of the following things:

  • Continue using your Infura RPC and come to terms with the update
  • Invest in a reliable VPN service provider to hide your IP
  • Switch RPCs
  • Find another wallet service provider

The first solution is highly passive and doesn’t require any effort. If you don’t mind the new practices and want to continue to use the MetaMask wallet without any alterations, you’re free to do so.

If, however, you don’t like the policy update but want to continue to use the Infura RPC, VPN is all you need to bypass the security issues that come with allowing a third-party to collect your IP address. Still, keep in mind that good quality VPN usually isn’t free, so be prepared to set aside extra bucks for VPN services– that is, unless you’re already a VPN customer.

Then, one of the most reasonable and secure solutions is to switch RPCs. In essence, you’ll only be changing a set of protocols allowing clients to interact with blockchain networks. This is an excellent solution, especially if you love MetaMask services but don’t want to remain a customer unless you’re sure the provider won’t collect your data.

Last but not least, MetaMask is not the only free wallet on the market, and if everything stays the same in the near future, the last viable solution is to switch wallet service providers.

Not the best solution, I know, but security is not something to be meddled with, especially if you don’t want to compromise your crypto holdings.  

Jelena is a content writer dedicated to learning about all things crypto. Her hobbies are playing chess, drawing, baking, and going on long walks. During winter, she usually spends her leisure time reading books.