MetaMask only uses IP for routing, claims Lubin
In a lengthy Twitter thread, Lubin said that rather than MetaMask collecting user IP addresses, it sends the IP address to a Remote Procedure Call (RPC) provider responsible for managing the data exchange between the user and the blockchain.
For example, MetaMask can ask its default RPC provider Infura to send signed transactions to the blockchain for execution. Infura needs the blockchain address to send the request and uses the user’s IP address to send the execution results back to them.
Lubin emphasized that “Infura does not exploit this data,” and that the RPC provider is working to reduce its data collection. He reaffirms the company’s commitment to providing customers with services that do not exploit their data, contrasting it with so-called Web 2 companies that earn money in this way.
MetaMask IP collection sparks Twitter outrage
ConsenSys community engineer, Manbir Singh Marwah, seemed to confirm the collection of IP addresses in MetaMask in a separate tweet on Nov. 24, 2022 but denied that ConsenSys collects private keys, which would put user funds in their hands.
Adama Cochran of Cinneamhein Ventures said that the new policy constituted an unacceptable violation of consumer privacy. At the same time, former NSA employee-turned-whistleblower Edward Snowden called the inability to opt out of data collection a crime. Snowden also wanted to know whether ConsenSys had ever collected users’ wallet addresses.
Additionally, Ethereum validator mysticryuujin.eth pointed out that changing the RPC provider for MetaMask is challenging.
Lubin said that the company apologizes for any confusion the policy may have sparked.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.