ConsenSys CEO and Ethereum co-founder Joseph Lubin claims that the self-custodial MetaMask ConsenSys develops does not collect IP addresses.
This comes after privacy enthusiasts slammed ConsenSys’ new privacy policy for prioritizing corporate goals over decentralized objectives.
MetaMask only uses IP for routing, claims Lubin
In a lengthy Twitter thread, Lubin said that rather than METAMASK collecting user IP addresses, it sends the IP address to a Remote Procedure Call (RPC) provider responsible for managing the data exchange between the user and the blockchain.
For example, MetaMask can ask its default RPC provider Infura to send signed transactions to the blockchain for execution. Infura needs the blockchain address to send the request and uses the user’s IP address to send the execution results back to them.
Lubin emphasized that “Infura does not exploit this data,” and that the RPC provider is working to reduce its data collection. He reaffirms the company’s commitment to providing customers with services that do not exploit their data, contrasting it with so-called Web 2 companies that earn money in this way.
Lubin notes that work is underway to create decentralized RPC providers. Still, more tech-savvy MetaMask can point their application to an alternative RPC or their own blockchain
MetaMask IP collection sparks Twitter outrage
Lubin’s tweetstorm comes two days after the release of an updated ConsenSys privacy policy. In the policy, the company said it might use collected personal information to comply with anti-money laundering and Know-Your-Customer requirements and in business transactions such as mergers and acquisitions.
ConsenSys community engineer, Manbir Singh Marwah, seemed to confirm the collection of IP addresses in MetaMask in a separate tweet on Nov. 24, 2022 but denied that ConsenSys collects private keys, which would put user funds in their hands.
1. MetaMask wallet is developed by ConsenSys, not "consensus". Once downloaded, the wallet belongs to the user.
2. Collecting IP addresses doesn't mean we get access to someone's private keys. They're all in control of the user. Which means the ownership belongs to the user.
— Manbir (@manbirmarwah) November 24, 2022
After the privacy policy was released, the Twitter community accused ConsenSys of violating the privacy principles of Web3.
Adama Cochran of Cinneamhein Ventures said that the new policy constituted an unacceptable violation of consumer privacy. At the same time, former NSA employee-turned-whistleblower Edward Snowden called the inability to opt out of data collection a crime. Snowden also wanted to know whether ConsenSys had ever collected users’ wallet addresses.
Alright this Metamask privacy lapse is yet another dumb move from Consensys.
Shill me your best easy self-hosted nodes either hardware or SaaS service.
Whichever I pick, I’ll give away a few freebies of, to at least 3 people who retweet this to promote privacy!
— Adam Cochran (adamscochran.eth) (@adamscochran) November 24, 2022
Thanks for clarifying the subsidiaries, but the ownership flowchart isn't the core issue. What everyone wants to know is:
Does Infura, Consensys, or anybody else getting data flows from Metamask now, or have they ever, *retained* users' wallet addresses?
— Edward Snowden (@Snowden) November 25, 2022
Additionally, Ethereum validator mysticryuujin.eth pointed out that changing the RPC provider for MetaMask is challenging.
Lubin said that the company apologizes for any confusion the policy may have sparked.
