The New York-based blockchain software company behind MetaMask, Consensys, faces criticism for collecting users’ wallet and IP addresses via its blockchain infrastructure service Infura.
ConsenSys released its updated privacy policy noting when users utilize Infura as their default Remote Procedure Call (RPC) provider in MetaMask, Infura will collect the IP address and Ethereum wallet address when the user sends a transaction.
Metamask founder Dan Finlay tweeted in response to the outrage “I think we can get this fixed soon. We are not using IP addresses even if they are being temporarily stored, which they don’t need to be, as we’re not using them for anything.”
If the user is using their own Ethereum node or a third-party RPC provider with MetaMask, then neither Infura nor MetaMask will collect their IP address or Ethereum wallet address, according to the privacy policy.
ConsenSys cautioned that users should be aware their data will be subject to whatever information collection is performed by the third-party RPC provider they are using.
The community is not at all happy with this revelation by ConsenSys which puts their privacy at stake. The recent FTX crash has already done so much irreparable damage to the industry and with multiple firms blatantly reporting that they are collecting user data, it weakens the trust system even more.
Many web3 firms are coming out clean since the FTX collapse, to provide transparency to the community in such times. Similar to ConsenSys, Uniswap released its privacy policy saying it collects public on-chain data and limited off-chain data from user wallets like device type, browser version, etc to improve user experience.
