Metamask policy update by ConsenSys

Key points:

• ConsenSys is releasing a series of Metamask updates in response to user backlash against its data collection.
• The company explained that user IP information collected with Infura was for reading and writing to the Ethereum blockchain.
• ConsenSys will stop logging user IP information alongside transaction data, making it harder for the company to trace transaction activity back to specific users.
• The next week it will launch a new advanced settings page that enables all new users to choose their own RPC provider upon onboarding and opt out of other third-party services used to improve the user experience.
• Alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address. 

ConsenSys, the company behind the crypto wallet MetaMask, announced on Tuesday that it is releasing a series of platform updates in response to user backlash against its data collection practices.

In a statement, the company explained how and why it shared MetaMask user IP information with Infura, an "RPC (remote procedure call) service" made by ConsenSys for reading and writing to the Ethereum blockchain. 

A change in the wording of the ConsenSys user agreement last month suggested that MetaMask shared users’ transaction data with Infura, in addition to their IP addresses. The news sparked outrage in one corner of the crypto community, with some users expressing concern that their transaction data is not as private as they thought.

ConsenSys clarified in its statement that when a MetaMask user sends a transaction through Infura’s RPC endpoint, it only collects “the wallet and IP address information associated with the ‘write’ request (i.e. the transaction).”

"We do not store wallet account address information when MetaMask users make 'read' requests through Infura, such as checking their account balances in MetaMask," the company said.
According to MetaMask co-founder Dan Finlay, the platform began collecting IP link transaction data in 2018 and sharing it with Infura to prevent network congestion and monitor pending transactions.

When users learned of the practice last month, many saw it as a violation of Ethereum's privacy-focused, decentralized ethos. “As it becomes clearer how the various ConsenSys products manage data, some legitimate criticisms and concerns have been raised — especially those that ultimately have the highest standards of privacy,” Finlay said.

Finlay said MetaMask cannot completely stop IP address logging; when users interact with RPC services like Infura, their IP addresses are always visible. However, ConsenSys will stop logging user IP information alongside transaction data, making it harder for the company to trace transaction activity back to specific users.

ConsenSys said it will also update the MetaMask interface. Previously, ConsenSys advised privacy-conscious users to configure MetaMask to bypass Infura by setting up their own Ethereum nodes or configuring non-Infura RPC services. However, people were quick to point out on Twitter that doing so through MetaMask's current interface is difficult and unintuitive.
ConsenSys says that next week it will "launch a new advanced settings page" that enables all new users to choose their own RPC provider upon onboarding and opt out of other third-party services used to improve the user experience."

In response to concerns that non-Infura RPCs were being treated second-rate on the platform, ConsenSys said, "We previously displayed a gray question mark next to custom RPCs to warn users of the risk of malicious or unknown RPCs."