Are we still mad at MetaMask and ConsenSys for snooping on us?

Published at: Jan. 17, 2023

The cryptocurrency community has a tendency to fixate on a new issue every few weeks and then promptly forget about it. The limited attention span of this community misses the ultimate resolution of important issues. Over the Thanksgiving holiday in November 2022, ConsenSys released a disclosure about a privacy policy affecting MetaMask users that sent “Crypto Twitter” into a firestorm. My first reaction was also negative.

That’s what a sly fox would say isn’t it? pic.twitter.com/PfKMTiNHoR

— J.W. Verret, JD, CPA/CVA (@JWVerret) November 25, 2022

The MetaMask browser extension wallet uses a node called Infura. That node is owned by ConsenSys, the same company that develops MetaMask. The press release reminded users that Infura collects the internet protocol (IP) addresses and wallet addresses of users who connect their MetaMask wallet to Infura. It also reminded them that MetaMask users don’t have to use Infura, which is only a default, and that MetaMask allows connection to other public node providers such as Alchemy or Ankr.

When you send or receive crypto, your wallet interacts with the blockchain. But wallets don’t download the blockchain; that’s too cumbersome for a wallet on your phone. Instead, when your crypto wallet sends a transaction, most wallets use a public node to request that new transactions be added to the blockchain via the mempool.

Related: ‘Tracers in the Dark’ presents a fun crime story — and lesson in privacy

(You could set up your own node. In fact, for better privacy and speed, you probably should. More private nodes also mean a more decentralized network. But I’ve tried and I don’t have sufficient technical skills to do so. Maybe you will have better luck.)

Now, let’s remember that blockchains like Ethereum aren’t private. If you want privacy, you need to use a privacy coin like Monero (XMR), which leaks some information about the sender, or Zcash (ZEC)-shielded transactions, which leak no sender information. Or you need a privacy tool, but unfortunately, the government-sanctioned Tornado Cash was previously the most reliable privacy tool on Ethereum.

Regardless, if you are using a public node or any other central service to transact in crypto, you need to use a virtual private network (VPN) or Tor (easy to use with the Tor browser) to mask your internet service provider (ISP) address. Is anyone out there using Ledger Live to transact in crypto using your Ledger hardware device? Ledger Live tracks ISPs too, and apparently keeps that information for up to five years.

Privacy is a personal responsibility. No one will protect it for you. Crypto users need to learn to use privacy tools like VPNs, Tor, privacy coins, etc. The day will soon come when governments send blanket “John Doe summonses” to public node providers to get those ISPs, just like the Internal Revenue Service did to central crypto exchanges in the early days of crypto. And those intermediaries will undoubtedly comply.

Related: Tornado Cash saga highlights legal issues affecting the crypto market

There are legitimate reasons remote procedure call providers may want to retain ISP information. Some node users who are Infura clients may want ISPs tracked because it could help to hunt down hackers.

So, back to the question: Are we still mad at MetaMask? Foxes are known for being clever. However, less known is that they’re also loyal, as both males and females care for a tight-knit family unit. Was the MetaMask fox too clever, or was he loyal to core blockchain principles?

What sparked the outrage was public disclosure about changes to their privacy policy. Transparency is a good thing — or should be unless Crypto Twitter erupts violently in response to those disclosures. And they further refined their privacy policy in response to the criticism. Read the new Infura privacy policy for yourself here. It seems straightforward and attempts limited privacy protection.

Para los que se preocupan por su IP en MM recuerden que pueden cambiar el RPC de Infura en 4 pasos de la siguiente manera:

— . | (@ancestral_alien) November 25, 2022

Except you do, you have, you will always bc there is no way not to. Dont disrespect your users like that.You send every users various onchain addreses, IPs, info to mewapi (you), blockchain info, moonbeam network, on and on.The ONLY diff is that YOU blatantly lie abt it.

— Tay (@tayvano_) November 24, 2022

Infura competitors like Alchemy and MyEtherWallet took this opportunity to throw shade Infura’s way. One MetaMask developer hit back. Read Alchemy’s privacy policy, which uses legalese to reserve the right to collect and use data however Alchemy chooses. Alchemy’s privacy policy gets a negative recommendation from Chainlist for its poor privacy practices. Not cool.

In crypto, as with life, privacy is a personal right and responsibility. Energy spent on momentary outbursts is better spent learning about privacy technology to protect yourself.

J.W. Verret is an associate professor at the Antonin Scalia Law School at George Mason University. He is a practicing crypto forensic accountant and also practices securities law at Lawrence Law LLC. He is a member of the Financial Accounting Standards Board’s Advisory Council and a former SEC Investor Advisory Committee member. He also leads the Crypto Freedom Lab — a think tank fighting for policy change to preserve freedom and privacy for crypto developers and users.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Tags
Cryptocurrencies
Defi
Privacy
Data
Monero
Consensys
Nodes
Zcash
Spying
Metamask
Related Posts
Infura is to blame for MetaMask’s violation of the crypto spirit
Censorship resistance is the foundation of crypto, so for many cryptocurrency purists, the Nov. 23 announcement by ConsenSys, the New York-based company behind the leading Ethereum browser wallet, informing its 20 million MetaMask users that their IP and wallet addresses would be collected was simply a gross violation of the crypto spirit. In the weeks that followed, ConsenSys first reacted by saying the data collected would only be retained for seven days and then that it had updated the MetaMask features to allow users to opt out of Infura. However, the question remains: Have they done enough to establish crypto …
Decentralization / Feb. 13, 2023
Evolve or die: How smart contracts are shifting the crypto sector’s balance of power
One of the familiar themes seen in previous crypto market cycles is the shifting market caps, popularity and ranking of the top 10 projects that see significant gains during bull phases, only to fade into obscurity during the bear markets. For many of these projects, they follow a recognizable boom-to-bust cycle and never return to their previous glory. During the 2017–2018 bull market and initial coin offering (ICO) boom, which was driven by Ethereum network-based projects, all manner of small smart contract-oriented projects rallied thousands of percentage to unexpected highs. During this time, projects like Bitcoin Cash (BCH), Litecoin (LTC), …
Adoption / Sept. 17, 2021
Gemini crypto exchange adds shielded withdrawals for privacy coin Zcash
Gemini, a cryptocurrency exchange founded by the Winklevoss twins, aims to improve user privacy with a major privacy token, Zcash (ZEC). Starting Sept. 29, Gemini will support shielded withdrawals of ZEC, which allows users to hide their transaction data. Gemini representatives said that the new feature is the “first time shielded ZEC withdrawals are available on a regulated exchange.” The new option comes in line with Gemini’s mission to strengthen financial privacy and “empower the individual through crypto,” Gemini executives said. Launched in 2016, Zcash is a major privacy-focused cryptocurrency, enabling two user privacy levels through two types of addresses …
Regulation / Sept. 29, 2020
Why ‘Setup’ Matters for Cryptocurrency Privacy
Privacy is a core characteristic of cryptocurrencies. Despite mainstream conception, however, it is not the primary goal of cryptocurrencies like Bitcoin (BTC) or Ether (ETH), and is more of an ancillary benefit of using cryptography. The situation is altogether different for cryptocurrencies that seek to maximize anonymity when transacting on the network. Networks like Monero (XMR) and ZCash (ZEC) have soared in popularity, making up part of the handful of leading cryptocurrencies by market cap based on strong guarantees of privacy. Both blockchains offer users virtually complete privacy assurances — Monero with the CryptoNote technology suite, and ZCash deploying the …
Blockchain / March 17, 2020
‘Tracers in the Dark’ presents a fun crime story — and lesson in privacy
On its surface, Andy Greenburg’s new book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, is a standard crime story. Fans of true crime podcasts will enjoy the crypto version and get a seat in the Federal Bureau of Investigation van as United States federal agents track down criminals through their crypto transactions. The first story recounted is that of a crooked Drug Enforcement Agency agent who stole funds from the online drug market Silk Road. It also addresses the hunt for Dread Pirate Roberts, aka Ross Ulbricht — Silk Road’s founder. Ross’ operational security …
Blockchain / Jan. 2, 2023