The cryptocurrency community tends to focus on a new problem every few weeks and then promptly forget about it. The limited scope of interest of this society misses the final solution of important issues. Over the Thanksgiving holiday in November 2022, ConsenSys issued a statement regarding its privacy policy affecting MetaMask users that sent “Crypto Twitter” into a firestorm. My first reaction was also negative.
That’s what the sly fox would say, isn’t it? pic.twitter.com/PfKMTiNHoR
— JW Verret, JD, CPA/CVA (@JWVerret) November 25, 2022
The MetaMask browser extension wallet uses a node called Infura. This node is owned by ConsenSys, the same company that develops MetaMask. The press release reminded users that Infura collects the Internet Protocol (IP) and wallet addresses of users who connect their MetaMask wallet to Infura. Also remind them that MetaMask users don’t have to use Infura, which is only default, and that MetaMask allows connection to other public node providers like Alchemy or Ankr.
Whenever you send or receive crypto, your wallet interacts with the blockchain. But wallets do not download the blockchain; This is very stressful for the wallet on your phone. Instead, when your crypto wallet sends a transaction, most wallets use a public node to request that new transactions be added to the blockchain via a mempool.
Related: Tracers in the Dark offers a fun crime story – and a lesson in privacy
(You can set up your own node. Actually, for better privacy and speed, you probably should. More private nodes also mean a more decentralized network. But I’ve tried and don’t have the technical skills enough to do that. Maybe you’ll have better luck.)
Now, let’s remember that blockchains like Ethereum are not private. If you want privacy, you need to use a privacy coin such as Monero (XMR), which leaks some information about the sender, or Zcash Protected Transactions (ZEC), which does not leak sender information. Or you need a privacy tool, but unfortunately, the feds sanctioned Tornado Cash, which was the most trusted privacy tool on Ethereum.
Regardless, if you use a public node or any other centralized service for transactions in crypto, you need to use a Virtual Private Network (VPN) or Tor (easy to use with Tor Browser) to hide your Internet Service Provider (ISP) tab. Is anyone using Ledger Live to make crypto transactions with your Ledger device? Ledger Live tracks ISPs as well, and appears to keep this information for up to five years.
Privacy is a personal responsibility. No one will protect her for you. Crypto users need to learn to use privacy tools like VPNs, Tor, privacy coins, etc. The day will soon come when governments will send blanket “John Doe recalls” to public node providers to acquire these ISPs, just as the Internal Revenue Service did for centralized cryptocurrency exchanges in the early days of cryptocurrency. And these brokers will no doubt comply.
Related: The Tornado Cash saga sheds light on the legal issues affecting the crypto market
There are legitimate reasons RPC providers might want to retain ISP information. Some node users who are Infura customers may want to track their ISPs as it may help track down hackers.
So, back to the question: Are we still mad at MetaMask? Foxes are known for being smart. However, what is less known is that they are also loyal, with both males and females caring for a close-knit family unit. Was MetaMask’s fox so smart, or was he faithful to the core principles of the blockchain?
What sparked outrage was the public disclosure of changes to their privacy policy. Transparency is a good thing – or should be unless Crypto Twitter explodes violently in response to those disclosures. They have also revised their privacy policy in response to criticism. Read the new Infura Privacy Policy for yourself here. Seems pretty straightforward and tries to protect limited privacy.
Para los que se preocupan por su IP en MM recuerden que pueden cambiar el RPC de Infura en 4 pasos de la siguiente manera:
-. | (ancestral_alien) November 25, 2022
Unless you do, you have, you always will bc there is no way you wouldn’t. Don’t disrespect your users like that.
You send each user various onchain addresses, IP addresses, information to mewapi (you), blockchain information, moonbeam network, over and over again.
The only difference is that you are blatantly lying about it.
– Tay (@tayvano_) November 24, 2022
Infura competitors like Alchemy and MyEtherWallet took this opportunity to shine a light on the Infura method. A MetaMask developer replied. Read Alchemy’s Privacy Policy, which uses legal elements to reserve the right to collect and use data however you choose Alchemy. Alchemy’s privacy policy gets a negative recommendation from Chainlist due to poor privacy practices. Not cool.
In cryptography, as with life, privacy is both a personal right and a responsibility. The energy that is spent on instantaneous explosions is better spent learning about privacy technology to protect yourself.
JW Verrett Associate Professor in the Antonin Scalia School of Law, George Mason University. He is a forensic accountant who practices cryptography and also practices securities law at Lawrence Law LLC. He is a member of the Financial Accounting Standards Board Advisory Board and a former member of the SEC Investors Advisory Committee. He also leads the Crypto Freedom Lab – a think tank that campaigns for policy change to preserve the freedom and privacy of crypto developers and users.
This article is for general information purposes and is not intended and should not be considered legal or investment advice. The views, ideas and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23954510/acastro_STK459_12.jpg)
