MetaMask admits to storing users’ IP addresses

“We do not use IP addresses, even if they are stored temporarily, which is not necessary because we do not use them for anything”said Dan Finlay, co-founder of MetaMask.

The statement follows revelations regarding ConsenSys, MetaMask’s parent company, that the wallet will be collecting users’ IP addresses and wallet addresses through Infura.

Infura is a node infrastructure provider and serves as the default node for MetaMask. So when these patterns are used, MetaMask also stores your IP.

Micah Zoltu, an ethereum developer, says IPs are collected not only when you send a transaction, but also when you enter MetaMask.

“Once you unlock your account, Infura collects your IP address and all your addresses. And if you connect it to a blockchain, it also sends all these addresses to Infura.”Zoltu said.

That’s just for batch requests, says Metmask’s co-founder, to display balances. “We’re not doing anything evil here, everyone is just projecting their worst fears”insists.

Finlay confirms that if another RPC (Remote Procedure Call) point is used, such as a self node, MetaMask will not collect IPs.

However, running your own node can be a clunky process requiring more storage space than an average computer can hold, but storage is cheap, and for those who really want complete privacy, you can run a node on your Raspberry Pi.

Or you can just use a VPN. Particularly for US “cryptonics”, which are barred from some dapps and projects due to SEC restrictions, using a VPN should become commonplace for general privacy.

However, most will probably connect through their regular IP and through Infura rather than through their own node. Finlay emphasizes that even for these users, IP harvesting is an accident.

“Some software, including cloud infrastructure that we may use, may log in by default without it being obvious, so we need to rid ourselves of that risk as we find and eliminate them”he says. “Basically, if you access a public server, there’s a risk of logging even accidentally.”

While Joseph Lubin, the founder of ConsenSys, clarifies that the IP address and communication with Infura, or blockchain, and your browser are required to provide the service. He says:

“First, the blockchain address is needed because it is part of the request sent to a blockchain. The IP address is also needed to send the response back to the requester.”

However, the MyEtherWallet (MEW) wallet said it does not collect IP addresses and claimed that “we have never and will never collect any identifiable information from our users”.

MEW seems to have its own node infrastructure and has a browser extension called Enkrypt.

Enkrypt’s code is open source, so you can check that they’re not really collecting data, but the node infrastructure running MEW is clearly not open source, so you can’t be sure.

The best option is therefore to run a VPN or connect to your own node, it has long been known that nodes can collect IPs that connect to it, with MetaMask also not a new state in this case, such as Finlay say:

“We are not [apenas] start at [coletar IPs], we are actually trying to shrink all cached PII instances. This was a GDPR compliance disclaimer [que eles coletam IPs]🇧🇷

Article translated with permission from Trustnodes.

Source: Live Coins

follow:
\