The company has made it clear that it does collect users’ IP addresses and wallet information when a MetaMask transaction is made through Infura — but it plans to reduce that data retention to seven days.
Privacy issues at ConsenSys
depending on the company statement On Tuesday, the November policy update did not reflect a change in ConsenSys’ business practices, but instead served to clarify its current practices. The Modernization revealed that the company’s main products, metamask and Infura, which collected both users’ wallets and IP addresses, raising privacy concerns.
ConsenSys is committed to maintaining the highest standards when it comes to your privacy.
In addition, we collect basically all available data from you with the exception of the DNA sample.
If you’re not using a custom RPC for Metamask, I’d suggest doing so now. pic.twitter.com/WizpplYRFE
– ℭ𝔶𝔭𝔥𝔯.Ξ𝔱𝔥 (CyphrETH) November 24, 2022
“We are committed to protecting the privacy of the people who use our products so that they cannot — and ultimately cannot — be betrayed by another centralized entity,” ConsenSys wrote.
MetaMask and Infura are the infrastructure pillars that keep Ethereum useful today. The first is the most widely used software wallet for the smart contract platform, while the second is the API and warehouse node provider that MetaMask uses to broadcast transactions. Infura has also been used by many centralized exchanges such as Binance and Bithumb in processing deposits and withdrawals.
As noted by ConsenSys, its data collection policy comes with limits. For example, Infura does not store users’ wallet address data for “read” requests, such as checking the balance of their MetaMask accounts.
However, wallet and IP data are collected for “write” (transaction) requests “to ensure the success of transaction brokerage, execution, and other important service functions such as load balancing and DDoS protection, provided by Infura.”
However, ConsenSys said that wallet and IP address information are stored separately so that each piece of data cannot be linked to another within the company’s systems.
“We have not and will never sell any user data we collect,” he continued.
Infura was one of the node providers for Limit Access to the Tornado Cash privacy protocol following OFAC sanctions against it in August.
use other nodes
To get around the issue entirely, ConsenSys will roll out a new advanced settings page within MetaMask this week that will allow wallet users to choose their own RPC contract provider outside of Infura. While it was previously possible, this new page will be seen by new users during the setup process, preventing them from using Infura as their server if they choose.
The company also plans to improve UX around existing ways to change its RPC node, including taking steps to not monitor the user from doing so.
However, ConsenSys has had some caution about the practice of using non-standard RPC nodes, including self-hosted nodes. “Alternative RPC providers have different privacy policies and data practices, and hosting a node yourself can make it easier for people to associate your Ethereum accounts with your IP address,” the company said.
Ethereum warehouse nodes are a favour by the Ethereum Foundation for being generally difficult to operate for average users.