Contents

With a gradual but steady stray away from Satoshi Nakamoto’s tenets of decentralization, transparency, self-custody, security, privacy, inclusion, and interoperability, the cryptocurrency industry now finds itself in the eye of an unprecedented storm.

The startling frequency of security, privacy, and transparency violations that dominate headlines in the industry has precipitated a growing trend of investors abandoning centralized exchanges, with the phrase “your coins, your keys” emerging as the new catchphrase.

Due to this erosion of confidence, an increasing number of investors are turning to self-custody as a safer method of storing their digital assets.

However, DEX (decentralized exchange) users in particular might want to re-evaluate their options in light of ConsenSys’s recent update to MetaMask’s privacy policy.

This article expands on the specifics of MetaMask’s privacy policy changes and their implications.

Details of MetaMask’s Updated Policy

ConsenSys updated its privacy policy, outlining how the company “collects, uses, shares, and stores personal information of users of its websites,” including https://consensys.net/, https://metamask.io/, https://infura.io/, https://consensys.net/quorum/, https://diligence.consensys.net/, and https://codefi.consensys.net/. The revised policy was published on November 23.

Some sections of the post go into detail about the data collected by Infura, MetaMask’s default RPC provider.

According to ConsenSys,

“When you use Infura as your default RPC provider in MetaMask, Infura will collect your IP address and your Ethereum wallet address when you send a transaction.”

Infura is a development environment for Ethereum-based applications. MetaMask and Infura are both owned by ConsenSys.

RPC (Remote Procedure Call) facilitates remote communication with servers. It also enables the execution of programs in different locations. RPCs in blockchain technology grant access to a server node on a specific network and facilitate user communication and interaction within that blockchain.

Personal information (such as username, name, date of birth, gender, and many other details) entered into a user’s profile, contact information, financial information, and details of any transactions made through the site are among the details collected by the company via the previously mentioned websites.

Some data is also collected automatically. These include pages and features visited on ConsenSys websites, log data, and information obtained from other sources.

Users’ Reactions to the ConsenSys Privacy Policy Update

The announcement sparked widespread outrage in the already tense cryptocurrency community, with several users objecting to companies collecting their data and tracking their transactions, regardless of the reasons or justifications provided.

Given the growing security and privacy concerns in the crypto space, there are legitimate concerns among many that a ConsenSys data leak would be a “wrapped gift” to malicious actors, who could use the exposed data to successfully execute phishing attacks or gain further access to sensitive or business information.

Lamenting Web3’s apparent imitation of Web2, many users immediately expressed their intentions to reconsider using the MetaMask wallet. Some suggested looking into alternatives to Infura, while others are considering other digital asset self-custody storage options.

Several users cited examples of “mega-platforms” that had, against the odds, suffered massive data breaches in the past. These platforms were apparently “trusted” and had managed to drum up public confidence in their security infrastructure. It turned out that these mega-platforms were not impervious after all, with tons of user information spilled in multiple nefarious attacks.

They surmised that the unprecedented number of security breaches and exploitations of crypto platforms recorded just this year alone should be more than enough reason to take any “Olympus-esque” claims made by any platform about their “infallible” security infrastructure with a pinch of salt.

The Implication of the Update for Ethereum and MetaMask Users

Many DEX users will undoubtedly be familiar with MetaMask, but we daresay only a few know much about the now-spotlighted Infura.

Infura is a software solution that helps developers circumvent expensive and time-consuming activities associated with building decentralized apps (dApps), such as storing the entire Ethereum blockchain, adding nodes to expand the blockchain infrastructure, and so on, essentially streamlining the end-to-end dApp development process.

Infura provides the tools and infrastructure that enable developers to easily take their blockchain application from testing to scaled deployment with simple, reliable access to Ethereum and IPFS.

Infura is a critical component of the Ethereum network. This super vital resource is also used by a number of other high-profile Web3 projects, including Gnosis, Polygon, Aragon, Filecoin, and OpenZeppelin.

Reacting to the privacy policy update, Adam Cochran, Partner at Cinneamhain Ventures, tweeted, “The Metamask stuff is worse than it even looked at first.”

Cochran’s tweet was in response to one from Micha Zoltu, who submitted a MetaMask bug report via GitHub. Zoltu claims, backed by his findings, that Infura collects more data than ConsenSys admits.

Their policy needs to be updated to say:
As soon as you unlock your account, Infura will collect your IP address and *all* of your addresses. Also, when you connect a ledger it will send all of those addresses to Infura as well.https://t.co/1MnmhKWp9i

— Micah Zoltu (@MicahZoltu) November 24, 2022

According to Zoltu’s bug report,

“Once users unlock their accounts, it records their IP addresses as well as all of their accounts and addresses. This also applies to other chains since a user connecting via MetaMask to a test network or Layer 2 sends the RPC provider for all their accounts, not just the selected account. “

In September, a Bitcoin analyst named Dylan LeClair opined that Infura was anti-privacy after preventing access to Tornado Cash.

He also cited a lawsuit filed earlier this year against ConsenSys that revealed JPMorgan had acquired a significant portion of CAG’s valuable intellectual property, particularly Infura and MetaMask.

This lawsuit was filed due to some ConsenSys shareholders’ discontent about a “secret deal” involving JPMorgan acquiring a significant stake in Infura and Metamask.

The shareholders demanded a “special audit” of the 2020 deal that saw “fundamental intellectual property and subsidiaries illegally transferred from CAG into a new entity, ConsenSys Software Incorporated (CSI).”

How Does This Privacy Policy Update Impact Decentralization?

Uniswap, a decentralized crypto trading protocol, announced changes to its privacy policy two days before Consensys. These changes include collecting on-chain data and restricting off-chain data such as customer devices and web browser versions.

Although Uniswap stated that it would not collect or store information about its users, analysts looking for signs of financial crime may be able to obtain wallet addresses from it.

Prior to the FTX crash, people preferred centralized finance (CeFi) platforms over decentralized finance (DeFi). Even though cryptocurrencies were designed to be completely decentralized, most users prefer to store their funds on CeFi networks.

However, this mindset began to shift following the dreadful implosion of centralized protocols, most notably FTX. In its prime, FTX was among the crème de la crème of centralized exchanges in the cryptocurrency industry. In the wake of the catastrophic event, more and more people are turning to decentralized protocols.

The CeFi troubles triggered a significant surge in trading activity on DEXs. The number of Uniswap app users peaked in October 2022 as a result of the dramatic shift to DEXs. However, recent changes in privacy policies have shown that many DeFi projects are not truly decentralized. Several DeFi projects still exhibit specific CeFi attributes.

Although most DeFi projects operate autonomously, they are often physically controlled and monitored by individuals or groups, much like centralized corporations.

DeFi projects usually have teams that function much like a board or development team. They make important decisions that shape the future of the project. These decentralized organizations also adhere to the same anti-money laundering and compliance policies as centralized financial organizations.

Several industry stakeholders and crypto community members have construed these abrupt privacy policy updates as a threat to decentralization. The popular opinion is that collecting ANY type of data, for whatever reason(s), directly undermines the ethos of cryptocurrencies, including privacy and anonymity.

While we have the utmost respect in what @Uniswap has built, we strongly reject the incorporation of data collection to track user behaviour and onchain activity. This sets a dangerous precedent for DEXes. https://t.co/h4kCiQKtl7

— Firo $FIRO (@firoorg) November 21, 2022

How Can Users Protect Their Data Following the MetaMask Privacy Policy Update?

Use a VPN

The most obvious solution involves using a VPN. The main disadvantage of this approach is that most VPNs keep logs of users’ activities and associate them with their accounts.

Thus, it provides less anonymity than not using any at all. Some alternatives may still fail, even if a no-log policy is implemented. Even if a no-log policy is implemented, some alternatives may still fail.

NordVPN, the largest VPN provider, has made no secret of its willingness to comply with legal data requests from authorities.

Users can avoid being tracked and gain full access to restricted content by using a VPN based on a decentralized network (such as Sentinel dVPN).

Change your RPC

As explained earlier, RPC is a group of protocols that facilitate communication between a blockchain and a client (like Infura or Metamask). It should be noted that another RPC endpoint can be used on Metamask.

Although there are some risks associated with using RPCs, here’s how it can be done in simple steps using Alchemy:

Sign up for an account on Alchemy.
Click “Create App.”
Type in any name or description. Choose “Ethereum” for the chain and “Mainnet” for the network.
Click “Create App.”
Click the “View” key.
Copy the RPC URL, i.e., the “HTTPS” link.
Click “Add Network” and “Add a network manually” in MetaMask.
Type in “Ethereum Mainnet Alchemy” as the network name and paste the RPC URL that was copied earlier.
Type “1” as the chain ID.
Type https://etherscan.io in the Block URL field.
Click “Save” to finish. Now, Alchemy is being used, not Infura.

Find an alternative to MetaMask

Many competitors are attempting to promote their products in response to the new Metamask update. However, finding the perfect one may be difficult because there are so many options.

The XDEFI wallet is one of the feasible alternatives. It is an excellent choice because it is compatible with over 10,000 swap options and at least twenty different chains.

Remember that the XDEFI wallet is fully compatible with the same decentralized applications as Metamask.

In addition, they intend to support other blockchains, which may make them more accessible to investors looking to diversify their portfolios. They also plan to offer wallet support for Cosmos, NEAR, and Trezor in the future.

In Conclusion

Moves like the recent privacy policy update from a wallet of such reputation and magnitude could further dampen investor morale at a time when confidence in centralized exchange custody is at a record low. The idea of recording data proposed by ConsenSys is not entirely without merit, as it may make it easier to identify malicious users.
Judging from users’ responses, it’s clear that this news was not well received. The main concern is that the anonymity and privacy offered by the crypto-ecosystem will be lost. The fact that ConsenSys is an American company has also been cited as a reason for some customers’ reservations. The reason for this is that such information could assist authorities in determining where fines are warranted.
Furthermore, many people see this as laying the groundwork for regulations that are fundamentally opposed to the essence of the cryptocurrency industry.
Users can retain their privacy by using a VPN, changing their RPC, or finding an alternative to MetaMask, and there’s nothing wrong with doing any of these. Users are, in fact, encouraged not to disregard anything that exploits their personal information.

Disclaimer: This article is intended solely for informational purposes and should not be considered trading or investment advice. Nothing herein should be construed as financial, legal, or tax advice. Trading or investing in cryptocurrencies carries a considerable risk of financial loss. Always conduct due diligence.

If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.